Back to news

August 19, 2019 | International, Aerospace

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet

By Joseph Marks

LAS VEGAS — In a Cosmopolitan hotel suite 16 stories above the Def Con cybersecurity conference this weekend, a team of highly vetted hackers tried to sabotage a vital flight system for a U.S. military fighter jet. And they succeeded.

It was the first time outside researchers were allowed physical access to the critical F-15 system to search for weaknesses. And after two long days, the seven hackers found a mother lode of vulnerabilities that — if exploited in real life — could have completely shut down the Trusted Aircraft Information Download Station, which collects reams of data from video cameras and sensors while the jet is in flight.

They even found bugs that the Air Force had tried but failed to fix after the same group of hackers performed similar tests in November without actually touching the device.

“They were able to get back in through the back doors they already knew were open,” Will Roper, the Air Force's top acquisition official, told me in an exclusive briefing of the results.

The hackers lobbed a variety of attacks — including injecting the system with malware and even going at it with pliers and screwdrivers. When I saw it, the metal box that's usually secure on the aircraft had wires hanging out the front.

The hackers briefed Roper on the findings on Saturday afternoon. He was surrounded by discarded pizza boxes, iced coffee drinks — and the hotel's drinking glasses filled with screws, nuts and bolts removed from five fully dismantled TADS devices, which run about $20,000 a pop.

He'd expected the results to be about this bad, Roper told me on a private tour of the hacking event. He pinned the weaknesses on decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency.

He's trying to turn that around, and is hopeful about the results of the U.S. government's newfound openness to ethical hackers. He'd come straight from Def Con's first-ever Aviation Village, which the Air Force helped establish, and was wearing a gray T-shirt with the words “No, Mr. Bond, I expect you to hack,” emblazoned on the front — a riff on a classic line from the 1964 James Bond film “Goldfinger.”

This is a drastic change from previous years, when the military would not allow hackers to try to search for vulnerabilities in extremely sensitive equipment, let alone take a literal whack at it. But the Air Force is convinced that unless it allows America's best hackers to search out all the digital vulnerabilities in its planes and weapons systems, then the best hackers from adversaries such as Russia, Iran and North Korea will find and exploit those vulnerabilities first, Roper told me.

“There are millions of lines of code that are in all of our aircraft and if there's one of them that's flawed, then a country that can't build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” he said.

Roper wants to put his military hardware where his mouth is.

During next year's Def Con conference, he wants to bring vetted hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane, including for ways that bugs in one system can allow hackers to exploit other systems until they've gained effective control of the entire plane.

He also wants to open up the ground control system for an operational military satellite for hacker testing, he said.

“We want to bring this community to bear on real weapons systems and real airplanes,” Roper told me. “And if they have vulnerabilities, it would be best to find them before we go into conflict.”

Those hacking challenges will also be useful for the private sector because military planes and satellites share many of their computer systems with the commercial versions of those products, Roper said, and the Air Force can share its findings.

The seven hackers probing the TADS devices were all brought to Vegas by the cybersecurity company Synack, which sells the Pentagon third-party vulnerability testing services, under a contract with the Defense Digital Service, a team of mostly private-sector technology stars who try to solve some of the Pentagon's thorniest technology problems during short-term tours.

The Defense Digital Service started by organizing large-scale hacking competitions in 2016, with names such as “Hack the Pentagon” and, eventually, “Hack the Air Force.” These were open to almost anybody — but included only public-facing hacking targets such as military service websites and apps.

Shortly after, they also began opening more sensitive systems to a smaller number of vetted hackers who sign nondisclosure agreements.

DDS has run about a dozen of those more sensitive hacking competitions so far, but this is the first time it has offered up the same system for hacking twice, said Brett Goldstein, DDS's director, who earned a reputation in technology as Open Table's IT director and chief data officer for the city of Chicago.

“That's important because security is a continuous process,” he told me. “You can't do an exercise and say, ‘Oh, we found everything' and check the box. You need to constantly go back and reevaluate.”

They also allowed the hackers to be more aggressive this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.

They could also advise the Air Force about flaws in how the TADS hardware was built that make it more susceptible to digital attacks.

Moving forward, Roper told me, he wants to start using that knowledge to mandate that Air Force vendors build better software and hardware security controls into their planes and weapons systems upfront so the Air Force doesn't have to do so much cybersecurity work on the back end.

He's up against an arcane and byzantine military contracting process, however, that's going to make those sorts of fundamental reforms extremely difficult, he acknowledged.

In some cases, the company that built an Air Force system owns the software embedded in that system and won't let the Air Force open it up for outside testing, he says. In other cases, the Air Force is stuck with legacy IT systems that are so out of date that it's difficult for even the best technologists to make them more secure.

“It's difficult to do this going backward, but we're doing our best,” Roper told me. “I can't underscore enough, we just got into the batter's box for what's going to be a long baseball game.”

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/08/14/the-cybersecurity-202-hackers-just-found-serious-vulnerabilities-in-a-u-s-military-fighter-jet/5d53111988e0fa79e5481f68/

On the same subject

  • Contract Awards by US Department of Defense - January 29, 2020

    January 30, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    Contract Awards by US Department of Defense - January 29, 2020

    NAVY Geocent LLC, Metairie, Louisiana (N66001-20-D-3417); M.C. Dean Inc., Tysons, Virginia (N66001-20-D-3418); McKean Defense Group LLC, Philadelphia, Pennsylvania (N66001-20-D-3419); Parsons Government Services Inc., Pasadena, California (N66001-20-D-3420); Science Applications International Corp., Reston, Virginia (N66001-20-D-3421); Serco Inc., Herndon, Virginia (N66001-20-D-3422); Systems Technology Forum Ltd., Fredericksburg, Virginia (N66001-20-D-3423); Valkyrie Enterprises Inc., Virginia Beach, Virginia (N66001-20-D-3424); and VT Milcom Inc., Virginia Beach, Virginia (N66001-20-D-3425), are each awarded a $56,339,692 indefinite-delivery/indefinite-quantity, multiple-award contract with cost-plus-fixed-fee, firm-fixed-price and cost (no fee) pricing. Support includes project management, administration, drafting, technical integration, testing, maintenance, engineering, logistics, facilities and security for software and hardware of new and existing command, control, communications, computers, intelligence, surveillance and reconnaissance systems and networks. All awardees will have the opportunity to compete for task orders during the ordering period. This two-year contract includes two three-year option periods, which, if exercised, would bring the overall potential value of this contract to an estimated $249,033,405. Work will be performed primarily in the Indo-Asia-Pacific Region and Navy Region Southwest including Hawaii, Guam, Japan, California, Nevada, Washington state, Oklahoma, South Korea, Singapore, Philippines and Australia; and outside this region in Bahrain, Djibouti and Italy. Work will be performed outside the continental U.S. (50%); and inside the continental U.S. (50%) on a full-time basis. The period of performance of the base award is from Jan. 29, 2020, through Jan. 28, 2022. If all options were exercised, the period of performance would extend through Jan. 28, 2028. No funds will be obligated at the time of award. Funds will be obligated as task orders are issued using operations and maintenance (Navy); and other funding, which may include working capital funds (DoD); Department of Homeland Security funds; and research, development, test and evaluation (Navy) funds. This contract was competitively procured via a request for proposal (N66001-19-R-0001) which was published on the Federal Business Opportunities website and the Naval Information Warfare Command e-Commerce Central website. Eighteen offers were received and nine were selected for award. The Naval Information Warfare Center, Pacific, San Diego, California, is the contracting activity. Northrup Grumman Systems Corp., Linthicum Heights, Maryland, is awarded a $15,752,580 cost-plus-fixed-fee modification to exercise options to previously-awarded contract N00024-15-C-5319 for level of effort engineering services and associated travel to provide continuous support of two AN/SLQ-32(V)Y Surface Electronic Warfare Improvement Program (SEWIP) Block 3 System low rate initial production units. This option exercise is for the continued level of effort engineering services in support of SEWIP Block 3 low-rate initial-production units. SEWIP is an evolutionary acquisition and incremental development program to upgrade the existing AN/SLQ-32(V) electronic warfare system. SEWIP Block 3 will provide select Navy surface ships a scalable electronic warfare enterprise suite with improved electronic attack capabilities. Work will be performed in Linthicum, Maryland, and is expected to be completed by December 2020. Fiscal 2018 other procurement (Navy) funding in the amount of $60,000 will be obligated at time of award and will expire at the end of the current fiscal year. The Naval Sea Systems Command, Washington Navy Yard, Washington, District of Columbia, is the contracting activity. Rockwell Collins Inc., Cedar Rapids, Iowa, is awarded an $11,301,660 fixed-price, indefinite-delivery/indefinite-quantity contract. This contract procures Joint Precision Approach and Landing Systems Airborne Radio Communication ARC-210 Generation 5 radio units for the Navy. Work will be performed in Cedar Rapids, Iowa, and is expected to be completed in March 2021. Fiscal 2020 shipbuilding and conversion (Navy) funds for $403,110; and other procurement (Navy) funds for $3,627,990 will be obligated at time of award, none of which will expire at the end of the current fiscal year. This contract was not competitively procured pursuant to Federal Acquisition Regulation 6.302-1. The Naval Air Warfare Center, Aircraft Division, Lakehurst, New Jersey, is the contracting activity (N68335-20-D-0006). BAE Systems Technology Solutions & Services, Rockville, Maryland, is awarded a $10,536,004 modification (P00002) to a previously-awarded cost-plus-fixed-fee contract (N00421-20-C-0003). This modification exercises an option to provide engineering and technical services for integrated communications and information systems radio communications for Navy ships, in support of the Naval Air Warfare Center, Webster Outlying Field, to support the integrated communications and information systems radio communications. Work will be performed in St. Inigoes, Maryland (60%); California, Maryland (30%); Bath, Maine (5%); and Pascagoula, Mississippi (5%), and is expected to be completed in July 2025. Fiscal 2020 shipbuilding and conversion (Navy) funds for $4,000,000 will be obligated at time of award, none of which will expire at the end of the current fiscal year. The Naval Air Warfare Center Aircraft Division, Patuxent River, Maryland, is the contracting activity. ARMY Continental Heavy Civil Corp., Miami, Florida, was awarded a $23,778,240 firm-fixed-price contract for the NASA Wallops Beach Renourishment Project in Accomack County, Virginia. Bids were solicited via the internet with five received. Work will be performed in Wallops Island, Virginia, with an estimated completion date of March 12, 2021. Fiscal 2019 civil construction, Corps of Engineers funds in the amount of $23,778,240 were obligated at the time of the award. U.S. Army Corps of Engineers, Norfolk, Virginia, is the contracting activity (W91236-20-C-0002). AECOM Management Services Inc., Germantown, Maryland, was awarded a $17,000,000 modification (000260) to contract W52P1J-12-G-0028 for Army Prepositioned Stock (APS-2) logistics support services in support of maintenance, supply and transportation at Mannheim and Dulmen, Germany. Work will be performed in Mannheim and Dulmen, Germany, with an estimated completion date of Nov. 20, 2020. Fiscal 2020 operations and maintenance, Army funds in the amount of $17,000,000 were obligated at the time of the award. U.S. Army Contracting Command, Rock Island Arsenal, Illinois, is the contracting activity. Vision Point Systems Inc.,* Fairfax, Virginia, was awarded a $13,500,000 firm-fixed-price contract to provide corrosion engineering and logistics technical, analytical, programmatic, research and development, technical assistance, testing, training, and technical writing support for the U.S. Army Combat Capabilities Development Command (CCDC) Ground Vehicle Systems Center (GVCS) and Tank-automotive and Armaments Command (TACOM) Life Cycle Management Center (LCMC). Bids were solicited via the internet with four received. Work locations and funding will be determined with each order, with an estimated completion date of Jan. 28, 2025. U.S. Army Contracting Command, Detroit Arsenal, Michigan, is the contracting activity (W56HZV-20-D-0012). Dawn/Higley JV LLC,* Warren, Ohio, was awarded an $11,458,223 firm-fixed-price contract to repair and renovate interior and exterior of an aircraft maintenance hangar. Bids were solicited via the internet with five received. Work will be performed in Mansfield, Ohio, with an estimated completion date of Aug. 31, 2021. Fiscal 2020 Air Guard sustainment, repair, maintenance in the amount of $11,458,223 were obligated at the time of the award. U.S. Property and Fiscal Office for Ohio 179th Mission Support Contracting, Mansfield, Ohio, is the contracting activity (W50S8R-20-C-0002). AIR FORCE Technica Corp., Sterling, Virginia, has been awarded a $13,591,345 cost-plus-fixed-fee modification to exercise the first option period, Feb. 15, 2020, through Feb. 14, 2021. The contract provides weapon system engineering and maintenance services to include incremental software version development and installation, security patch installations, preventative maintenance, trouble shooting and responsive Tier 1, 2 and 3 support for the Cyberspace Vulnerability Assessment/Hunter (CVA/H) weapon system. Work will be performed in Sterling, Virginia, and is expected to be complete by Aug. 14, 2025. This award is the result of a competitive acquisition. Offerors were solicited under the Network-Centric Solutions (NETCENTS) Network Operations and Infrastructure Small Business contract holders and seven offers were received. Fiscal 2020 research, development, test and evaluation; operations and maintenance; and procurement funds in the amount of $13,591,345 are being obligated at the time of modification to exercise the first option period. The Air Force Life Cycle Management Center, Cryptologic and Cyber Systems Division, Joint-Base San Antonio-Lackland, San Antonio, Texas, is the contracting activity (FA8732-14-D-0015, task order FA8307-19-F-0098). Starwin Industries LLC, Dayton, Ohio, has been awarded a $9,554,000 firm-fixed price indefinite-delivery/indefinite-quantity contract for F-16 Bugeye radomes. This contract provides for the supply of both left and right Bugeye radomes for the F-16 aircraft. Work will be performed in Dayton, Ohio, and is expected to be complete by Jan. 28, 2026. This award is the result of a competitive acquisition, two solicitations mailed and two offers received. Fiscal 2019 research and development funds (not multiyear) in the amount of $35,872 are being obligated at the time of award. The Air Force Life Cycle Management Center, F-16 Division, Hill Air Force Base, Utah, is the contracting activity (FA8232-20-D-0006). DEFENSE LOGISTICS AGENCY Lions Services Inc.,** Charlotte, North Carolina, has been awarded a maximum $10,468,000 firm-fixed-price, indefinite-delivery/indefinite-quantity contract for advanced combat helmet chinstraps. This is a one-year base contract with two one-year options periods. Location of performance is North Carolina, with a Jan. 28, 2021, performance completion date. Using military service is Army. Type of appropriation is fiscal 2020 through 2021 defense working capital funds. The contracting activity is the Defense Logistics Agency Troop Support, Philadelphia, Pennsylvania (SPE1C1-20-D-B082). * Small business ** Mandatory source https://www.defense.gov/Newsroom/Contracts/Contract/Article/2069174/source/GovDelivery/

  • Thales denies wrongdoing as Anglo-French bribery probe hits shares

    November 25, 2024 | International, Aerospace

    Thales denies wrongdoing as Anglo-French bribery probe hits shares

  • National Reconnaissance Office launches new intelligence satellite

    November 17, 2020 | International, Aerospace

    National Reconnaissance Office launches new intelligence satellite

    Nathan Strout WASHINGTON — The National Reconnaissance launched a new intelligence satellite into orbit from Cape Canaveral Air Force Station, Florida, on Nov. 13, marking the American agency's fourth successful launch of the year. “We're excited to be back at CCAFS with another successful launch alongside our partners at ULA [United Launch Alliance], the 45th Space Wing, and the U.S. Space Force Space and Missile Systems Center. The successful launch of NROL-101 is another example of the NRO's commitment to constantly evolving our crucial national security systems to support our defense and intelligence partners,” said Col. Chad Davis, director of NRO's Office of Space Launch. NROL-101 was launched aboard a United Launch Alliance Atlas V rocket with help from the Space Force's Space and Missile Systems Center's Launch Enterprise. The Atlas family of rockets have been used for 668 successful launches since it was first introduced in 1957. For this mission, ULA incorporated new Northrop Grumman Graphite Epoxy Motors 63 solid-fuel rocket boosters, which helped the first stage lift more weight by burning solid propellant. Each of the 66-foot rocket boosters contributed a maximum 371,550 pounds of thrust to help lift the rocket and its payload off the ground. Those boosters will be an important component for ULA's future generation of Vulcan Centaur launch vehicles. This was the fourth successful NRO launch of the year. Previously, the agency had conducted two launches from New Zealand and one from NASA's Wallops Flight Facility in Virginia. NRO does not usually reveal details of its satellites or their specific functions. In a statement, the agency simply noted that the classified national security payload was built by NRO in support of its overhead reconnaissance mission. NRO's next scheduled launch is NROL-108, which is slated to launch from Cape Canaveral Air Force Station in December 2020. https://www.c4isrnet.com/battlefield-tech/space/2020/11/16/national-reconnaissance-office-launches-new-intelligence-satellite/

All news