Air Force: An F-16 could be vulnerable to cyber attack

Air Force leaders outlined 7 lines of attack to better protect weapons, platforms and networks from cyber threats.

Air Force fighter jet mission data, sensors, missiles, intelligence information, precision guidance technology, data links and weapons targeting systems are all increasingly integrated with computer systems in today’s fast-moving high-tech warfare environment -- a scenario which simultaneously upgrades lethality, decision-making and combat ability while also increasing risk and cyber-vulnerability, senior service leaders explained.

For instance, how could Joint Direct Attack Munitions pinpoint targets in a combat environment where GPS signals have been destroyed, hacked or knocked out? What if navigation and geographical orientation were destroyed as well? How could an F-35 use its “sensor fusion” to instantly integrate targeting, mapping and threat information for the pilot if its computer system were hacked or compromised? How could drone feeds provide life-saving real-time targeting video feeds if the data links were hacked, re-directed, taken over or compromised?

These are precisely the kind of scenarios Air Force future planners and weapons developers are trying to anticipate.

Seven Lines of Attack 

Speaking at the annual Air Force Association Air Warfare Symposium, National Harbor, Md., Gen. Ellen Marie Pawlikowski Commander, Air Force Materiel Command, delineated the inspiration and direction for the 7 lines of attack.

A key impetus for the effort, as outlined in the first line of attack, is working to secure mission planning and recognized cyber vulnerabilities, Pawlikowski explained.

For instance, she explained the prior to embarking upon a global attack mission, an Air Force F-16 would need to acquire and organize its intelligence information and mission data planning – activities which are almost entirely computer-dependent.

“We did some mission planning before we got that in the air. Part of that mission planning was uploaded into a computer,” Pawlikowski said.  “An OFP (operational flight plan) is developed using software tools, processors and computers. When you lay out a mission thread it takes to conduct a global mission attack, you find that there are cyber threat surfaces all over the place. How do you make sure your F-16 is secure? We need to address each and every one of those threat surfaces."

The second line of attack is described in terms of technology acquisition and weapons development procedures. The idea, Pawlikowski said, was to engineer future weapons systems with a built-in cyber resilience both protecting them from cyber-attacks and allowing them to integrate updated software and computer technology as it emerges.

“We want to understand cyber security as early as we can and develop tools that are needed by program managers. We want to engineer weapons systems that include cyber testing in developmental and operational tests,” she said.

Brining the right mixture of cyber security experts and security engineers into the force is the thrust behind the third line of attack, and working to ensure weapons themselves are cyber resilient provides the premise for the fourth line of attack.

“We can’t take ten years to change out the PNT (precision, navigation and timing) equipment in an airplane if there is a cyber threat that negates our ability to use GPS,” Pawlikowski explained.

Part of this equation involves the use of an often-described weapons development term called “open architecture” which can be explained as an attempt to engineer software and hardware able to easily accommodate and integrate new technologies as they emerge. Upon this basis, weapons systems in development can then be built to be more agile, or adaptive to a wider range of threats and combat operating conditions.

In many cases, this could mean updating a weapons system with new software tailored to address specific threats. 

“Open mission systems enable me in avionics to do more of a plug-and-play capability, making our weapons systems adaptable to evolving cyber threats,” she explained.

The fifth line of effort involves establishing a common security environment for “classification” guides to ensure a common level of security, and the sixth line of attack involves working with experts and engineers with the Air Force Research Laboratory to develop built-in cyber hardening tools.

For instance, Pawlikowski explained that by the 2020s, every Air Force base would have cyber hardening “baked” into its systems and cyber officers on standby against potential cyber-attack.

Preparing to anticipate the areas of expected cyber threats, and therefore developing the requisite intelligence to prepare, is the key thrust of the seventh line of effort.

“We planned and built our defenses against an expectation of what our adversary was able to do. We need to understand where the threat is going so we can try to defend against it,” Pawlikowski said.