Pentagon Says It Is Moving to Protect Its Cyber Flanks

Officials in charge of buying guns and butter for the Department of Defense have decided — only seven years after Chinese hackers infiltrated the F-35 program — that it’s about time to make cybersecurity a core requirement for all weapons systems.

The move comes as part of a larger push to reform an infamously sluggish, bureaucratic, and often error-prone acquisition system that has become the marketplace for a dwindling number of huge defense contractors.

“Cybersecurity should be a requirement, period, in all our programs,” the department’s chief weapons buyer, Frank Kendall, said on April 9 when rolling out his “Better Buying Power 3.0” plan.

The issue of protecting both government and sensitive defense industry networks from hacking is “a pervasive problem for the department,” Kendall said, and is “a source of risk from inception all the way to retirement — this includes the industrial base.” He emphasized that “everything associated with the project is a potential point of attack.”

Coming out of the Gulf War in 1991, the United States was on top of its game, with a high-tech military that no country in the world could even think of matching. But in the ensuing quarter century, countries like China and Russia have hit the books, studying and emulating U.S. capabilities and tactics and in some ways managing to level the playing field.

Deputy Secretary of Defense Bob Work spoke earlier in the week about how both Russia and China have incorporated information warfare and electronic warfare into their military strategy, specifically as a way of blunting some of the United States and NATO’s technological advantages.

In 2007 to 2008, Chinese hackers famously infiltrated Lockheed Martin’s network, swiping terabytes of critical design data about the F-35 program; China apparently used the information to design its own J-31 stealth fighter jet.

And that’s hardly a one-off event. The U.S. defense industry has for years been swarmed by cyberattacks and network intrusions by a range of sophisticated state and non-state actors looking to steal plans for their most advanced weapons systems. The reporting on the breaches isn’t mandatory, so no solid statistics exist pointing to just how destructive the breaches have been, though defense industry execs readily admit that the problem is real and growing.

In a 35-page memo released on Thursday to explain the program to the Pentagon’s bureaucracy, Kendall wrote that “the technological superiority of the United States is now being challenged by potential adversaries in ways not seen since the Cold War.”

Kendall also said that he wants to push not only the hardening of cyber-defenses, but also to make sure that ships, airplanes, drones, and weapons systems are designed to be regularly upgraded to take advantage of the leaps in processing power being kicked out by the commercial tech industry.

In the F-35 program, “we are our on our third iteration of technology refresh” before the plane has even taken its first operational flight, he said, because innovations in processing are happening so quickly.

But the cyber issue is one that worries analysts the most, due to its all-encompassing nature.

Timothy Ryan, a cyber expert who used to work as a supervisory agent for the FBI, told Foreign Policy that the Pentagon needs to start treating its cyber-arsenal like all other legacy weapons systems.

“It’s not all that different than any kind of arms development. The missiles that you had 20 years ago won’t be effective in their mission they have to do today,” he said.

And thanks to the growing proliferation of electronic jamming capabilities and the huge leaps that China in particular has made in its missile defense capabilities, “the tools that you use that were adequate years ago require more research and development to be relevant today.”

Photo credit: Dept. of Defense