Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

AfterBites: Joint Strike Fighter Plan Compromise

The story:

Spies Penetrate Pentagon's Joint Fighter-Jet Project (April 21, 2009)
Cyber spies have stolen tens of terabytes of design data on the US's most expensive costliest weapons system -- the $300 billion Joint Strike Fighter project. Similar breaches have been found in the Air Force's Air Traffic Control System. The attacks began as far back as 2007 and continued into 2008. The spies encrypted the data that they stole, making it difficult for investigators to know exactly what data was taken. The fact that fighter data was lost to cyber spies was first disclosed by U.S. counterintelligence chief Joel Brenner. Brenner also expressed concern about spies taking control of air traffic control systems, saying there could come a time when "a fighter pilot can not trust his radar."

I've touched before on the topic of data leakage and national security; now it seems that the national security establishment is banging the same drum, albeit louder than I ever could. Such an embarrassing "slip" would normally be deeply buried - the fact that it's being outed by the  "U.S. Counterintelligence Chief" ought to tell you something: this is part and parcel of the government's new "yellow terror" cybersecurity red scare. I don't know about you, but I'm on the fence about this - part of me wants to be happy that cybersecurity is being taken seriously, whereas the other part of me remembers the disastrous Department of Homeland Security and War On Terror. I detect a distressing pattern of our government saying "be afraid, be very afraid. and, oh, yeah, pull out your wallet."

Data leakage is one of those holes that you simply cannot spend your way out of. The problem is, simply, that you need to know where your data is, who has access to it, when, and why. And you need to look for variances - cases where data is where it does not belong. There are plenty of technological solutions that help with the basic problem, but ultimately any way of dealing with data leakage is a matter of attention to detail and plain old hard work. "Attention to detail" covers being able to answer where "tens of terabytes" of data are going.

I don't want to seem like one of those people who automatically distrusts everything they hear from the government, but when Brenner says "cyberspies" did it, is he saying that these "tens of terabytes" were stolen over the Internet?  Or is he saying that it was "cyberspies" that did it because they stole computer data? I don't want to seem too disrespectful, but "DUUUUH!" comes to mind - "tens of terabytes" of information would be tens of freight trains full of paper - how else did you expect it to be stolen? The lesson here, if there is one, is that data is more portable. Welcome to the 21st century.

The last part of the article seems to be a segue into nonsensicality. Is Brenner implying that, because the JSF plans were stolen, cyberspies could also do something as unsubtle as messing with air traffic control? Or with the JSF's avionics, in particular? Someone needs to get our "U.S. Counterintelligence Chief" some education about how this stuff actually works. Pronto.

I'm perfectly willing to believe that the JSF plans were compromised. If you think about the huge number of contractors and different sets of eyeballs that have access to them, it seems incredible to imagine that one of them might not want some extra cash on the side. We've always understood that secrecy is like conspiracy: its reliability is inversely proportional to the number of people that are in on the secret. As military systems become more and more complex, and are developed as distributed sub-components, what else do you expect to happen?

What bugs me is the $300 billion of taxpayer-funded R&D that our government and its contractors appear to have instantly devalued. Sure, it'd cost some other power a ton of money to replicate the work (assuming anyone actually wants a JSF, anyhow) but we've just substantially lowered their costs to play the high-tech military aircraft game. I'll bet you a dollar to a donut that our government's response to this will be to step up demands for more money to help dig ourselves out of the security hole we've gotten in. Guess what that'll accomplish? Give more money to the same people who caused a disaster, and you'll simply get bigger, more expensive disasters.

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.