By Stacy Liberatore For Dailymail.com
19:41 19 Sep 2023, updated 20:52 19 Sep 2023
- A former Marine and watchdog revealed the F-35 is riddled with vulnerabilities
- These vulnerabilities could let hackers brick fleets and take over weapons
- The Marine said the missing F-35 likely malfunctioned – but a further investigation will need to be conducted before confirming
- READ MORE: How did it take the Pentagon 28 HOURS to find missing F-35
A former US defense official who has warned about F-35 safety issues for years said a software glitch or cyberattack could have caused the missing jet to malfunction over South Carolina this weekend.
Former Marine Dan Grazier, who works at a Defense watchdog, authored a report in 2019 warning that the Department of Defenses’ most expensive weapon system is plagued with cybersecurity vulnerabilities.
He told DailyMail.com today: ‘There are thousands of penetration points, weaknesses in the entire enterprise that a hacker could access the software.’
Grazier also claimed that the Pentagon has been aware of the software flaws since the Director, Operational Test and Evaluation (DOT&E) office conducted testing in 2017 but has yet to rectify the problems.
The same DOT&E investigation showed a 26 percent fully missional capable rate across the entire F-35 fleet, which may have impacted Sunday’s incident.
The $145 million jet went missing for hours over South Carolina when the pilot ejected during a training exercise and was found 28 hours later.
DailyMail.com has approached the Department of Defense and the 2nd Marine Aircraft Wing for comment.
A spokesperson for the F-35 Joint Program told DailyMail.com: ‘For operational security concerns, we will not discuss cyber capabilities or protection measures.’
The Pentagon has refused to detail what caused what it called a ‘mishap.’
But Grazier said: ‘It is possible this aircraft was hacked, but we will only know with the investigation.
‘If I had to bet on this, it was a malfunction with that particular aircraft, and it could be a larger issue with the fleet – this one just crashed now. ‘
Grazier shared that the software is a ‘back door to hackers,’ as it is a massive information network connected to the broader internet that can be accessed with the correct attacks.
These flaws could let bad actors brick entire fleets, stop software upgrades, take over weapons and steal critical performance data, which occurred in a 2007 breach of the plane.
The plane was flying in tandem with another jet, which returned to base after the mishap rather than following the pilot-less aircraft.
‘The fact that the other F-35 flew in formation safely and only one had a mishap, if there was a bad actor who could hack, I doubt they would have done in this case,’ he said.
‘I would not show my cards on random a Sunday. I would only break that out when it could really make a difference.’
Grazier also explained that a general emergency is still on the table of scenarios.
The technology in the jet is highly classified, but it operates on Lockheed-Martin’s Autonomic Logistics Information System (ALIS), the ‘backbone’ for pilots.
ALIS integrates various capabilities, including operations, maintenance, prognostics, supply chain, customer support services, training and technical data.
The system was created by Lockheed Martin, specifically for the F-35.
The American aerospace company’s ‘revolutionary’ software came under attack in 2012 by a special team of US Navy hackers who accessed the advanced logistics system.
In 2016, the Government Accountability Office (GAO), a nonpartisan government agency, highlighted ongoing security concerns among ALIS personnel, especially when transferring data between classified and unclassified servers and how CPEs and the ALOU are single points of failure.
Douglas Barrie, senior fellow for military aerospace at the International Institute for Strategic Studies, said in a statement: ‘The big concern about ALIS is that it is so interconnected and pulls data together from all F-35 users globally that there are lots of potential entry points for a would-be hacker to get in there.’
And then, in 2017, ALIS prompted F-35 pilots flying out of Yuma Air Station with ‘anomalies,’ forcing the team to ground the plane.
GAO also uncovered in 2020 that crucial data meant to be automatically collected by ALIS was often inaccurate or misleading.
Grazier and others have warned that ALIS can be infiltrated by malware that spoofs the system to stealthily feed false information, taking perfectly serviceable aircraft out of service.
He also said that officials just patch flaws in the software as they find them.
‘It is like a digital quilt with patches all over the place, which creates a lot of potential attack factors,’ Grazier said.
The Marine Corps F-35 fighter jet went missing after its pilot ejected over South Carolina Sunday, leaving the craft flying in a ‘zombie state.’
The pilot ejected and parachuted safely into a residential area in North Charleston around 2pm ET Sunday.
He was taken to a local hospital, where he was in stable condition, said Maj. Melanie Salinas. The pilot’s name has not been released.
After a 28-hour search, debris from the missing F-35 jet was found about two hours northeast of Joint Base Charleston.
‘Normally, when a pilot ejects, the aircraft lands or crashes close to where they landed, but this aircraft continued to fly,’ said Grazier.
‘Since the transponder was not functioning, they had a hard time finding it.
‘I suspect they had a hard time because [the F-35] probably only crashed after it ran out of fuel. There wasn’t a big fireball – it crashed into trees.’
Grazier served tours of duty in Iraq and Afghanistan during the War on Terror, where he was a tank officer.
‘I was protected, but if there were a hole in the tank, I would ask questions,’ he said.
‘We created a digital version of that with the F-35.’
Grazier told DailyMail.com about an event on Capitol Hill he attended in 2017 hosted by Lockheed Martin to show off the F-35.
‘As soon as you walked in, there was a welcome table, and the first thing you encountered was a print-out map detailing suppliers and money invested in each political state F-35,’ he said.
‘This was to remind all staffers about the economic impact if the program were to be canceled and [Lockheed Martin] makes these lavish claims on its website.
Reported flaws in the F-35 span back to 2007, when computer hackers breached the program and stole data on the craft’s design and electronics system.
‘Per federal law, the F-35 program should have been canceled, but Senator Robert Gates signed a national security waiver to keep it going that doubled the budget and extended the schedule,’ Grazier said.
He explained that the F-35 program has continued to exist because it is ‘politically engineered.’
‘They get a program approved and spread money around the country before anyone knows about the program, like who it works and any problems,’ Grazier said.
‘By the time we start, cyber vulnerabilities, flaws, weapons do not work. If the leading argument for the program is the economic impact, then there is an indication the item has no military value.’
Lockheed Martin’s website has an interactive US map that shows how many suppliers, direct and indirect jobs and economic impact associated with the F-35 program.
For example, Texas has 110 supplier locations, creating 75,120 jobs with an economic impact of $12.435 billion.
‘With all of this money that has been invested, politicians and suppliers are reluctant to vote against the F-35 program, Grazier said.
‘Next time an official is up for re-election the vote to cancel the program, their opponent can make the stand that they support it because of the jobs and money it brings to the state.
‘On top of that, there are the direct political contributions – Lockheed spreads a lot of money around. They give campaign contributions.
‘I don’t like to see unemployed people, but that is an ancillary benefit – taxpayers fund these programs to build effective weapons systems.’
——————————————————–