F-35 Routinely Passes NSA Hack Tests

The F-35 fighter and its ground systems have to pass at least two full-scale cyber penetration resiliency tests a year in order for new hardware and software modifications to be fielded, said Program Director Lt. Gen. Christopher Bogdan. Speaking with Air Force Magazine at a plane-side press availability at JB Andrews on Sept. 18, Bogdan said the F-35 “is very well protected” against cyber attack. “A couple of times a year, the NSA [National Security Agency] and 24th Air Force [USAF’s cyber command] do penetration testing on the entire weapon system; all the air and ground systems, the whole kit and caboodle. And we wouldn’t be operating today if we couldn’t pass those tests,” he noted. Bogdan said he’s unaware of the F-35 itself ever having been breached by a hack, even though the F-35’s Autonomic Logistics Information System (ALIS) and the Air Force network to which it’s connected are attacked “constantly … thousands of times a week.” The next version of ALIS—the one that will serve the Air Force at initial operational capability next August—will “have to go through extensive vulnerability tests before we can even field it.” The “red team” testers bring “all the newest tools” to combat the latest hacking methods, and any vulnerabilities are patched. “From my perspective [the F-35 is] a very secure airplane and weapon system,” Bogdan said, even though “the threat is moving quite rapidly.”