Air Force Hardening Its ‘Flying Networks’ Against Cyber Threatsby
Contractors making updates on weapons systems, warplanes
‘Biggest vulnerability’ is people who don’t understand threat
As the U.S. Air Force deploys pilots for combat, including the campaign targeting Islamic State, it’s accelerating efforts to harden the computer networks that control everything from warplanes’ navigation to weapons systems from cyber threats.
A plane is a “flying network” with multiple systems that could be targeted by hackers, according to Todd Probert, vice president of mission support and modernization at Raytheon Co., whose Air Force contracts include helping beef up cyber defenses on F-16 warplanes and Global Hawk surveillance aircraft.
“If some piece of cyber malware gets in there, it can take that plane out for the duration,” Probert said in a phone interview. “The threat is changing literally daily. The best you can do is make something harder or more resilient.”
Boosting cyber defenses, which have to adjust to changing tools employed by adversaries, is a process unfolding across the service’s weapons and systems, Peter Kim, the Air Force’s senior information security officer, said in an interview Tuesday in Washington.
“That’s going to take a long time to get to, but we’ve started that journey and it’s going to get there” in the next few years, Kim, 49, said. “They need to be secured and defended in the same manner, if not more than, like we do our core network.”
Kim, a former Air Force colonel, also must embed cybersecurity requirements into new contracts of next-generation aircraft being built by Lockheed Martin Corp., Boeing Co. and Northrop Grumman Corp.
“The contractors are working hard to ensure that we have cybersecurity baked in for F-35, KC-46, the long-range strike bomber,” he said. “They’re all our three top priorities. They’re going to have a level of resilience that’s going to be good.”
In addition, the Air Force relies on many unclassified logistics systems to transport cargo around the world, with details on plane locations and where they’re flying, Kim said. “How do we as a military, partnering with commercial industry, ensure that the logistics enterprise and mobility air force can do their mission unhindered through a cyber event?”
Keep it Simple
The Air Force is also collaborating with tech companies to put unclassified information into cloud services on its system, Kim said. Yet he cautions about depending on some emerging technologies, as seen with risks related to self-driving vehicles.
“Less automation is best in terms of functionality,” he said. “When you think of a mission-planning system you don’t want the full software suite on the box that can do everything under the sun. You want it to do certain things and that’s all it does.”
Beyond nation-states and criminals, the top cyber threat to the Air Force now is “people who don’t know that there’s a threat out there,” Kim said. “The thing that keeps me up at night is the people part of it,” he said.
The “biggest vulnerability” is not sharing enough about the scope and what’s at stake, he said. That means expanding airmen’s understanding of cybersecurity from merely running antivirus software on computers to how breaches occur.
“We still have people plugging iPhones into computers; we still have people using thumb drives, hard drives; downloading things they shouldn’t be downloading onto their laptops; and plugging things into things they shouldn’t be plugging into. We have people going to websites they’re not supposed to go to,” Kim said. “So I need to reach those people and say, ‘it’s a different world now.”’