back to article China compromised F-35 subcontractor and forced expensive software system rewrite, academic tells MPs

The F-35 fighter jet programme’s costs were inflated after China compromised a software vendor in Lockheed Martin’s supply chain, forcing a ground-up rewrite of a potentially affected system, a policy wonk has claimed to UK Parliament. While giving evidence to a Defence Committee hearing on cyber threats to the British …


  1. Spacedinvader


    In a fucking fighter jet. Didn't see that coming.

    1. John Smith 19 Gold badge

      Wasn't that how STUXNET was infected into the Iranian centrifuge programme?

      Turns out the US and Israel don't have a monopoly on such tactics.

      Better swords should suggest you need better shields.

    2. fidodogbreath Silver badge

      Re: IoT

      Didn't see that coming.

      Of course not. It has stealth.

    3. Snake Silver badge

      Re: IoT in a fighter jet

      I am actually not surprised, as "IoT" - that is, smart autonomous subsystems that intercommunicate - are the modern status quo of all avionics. Re: see Boeing 737Max and other scenarios, for example where they suspected a compromise of the inflight entertainment may affect the flight systems. This design has been ongoing for a long time, mostly due to allowing subcontractors to develop subsystems where interoperability is a given by sticking with the communications protocols.

  2. Mark192 Silver badge

    How fortuitous..

    How fortuitous that the only successful attempt to infiltrate the F-35 program was detected - what are the chances!?

    (this post may contain sarcasm)

    1. jason_derp Bronze badge

      Re: How fortuitous..

      "(this post may contain sarcasm)"

      I would just like to point out, on the record, that this post may have contained sarcasm, as admitted by the poster. The people in charge of postings have taken this into account and mitigated whatever factors might have led to compromization by sarcastic posting. We cannot reproduce the sarcasm or describe it specifically, either in public or in private to those with appropriate clearence, but rest assure it has been mitigated and postings will be back on track now. It was so expensive though. So much money.

      1. 9Rune5 Silver badge

        Re: How fortuitous..

        The part containing wire transfer information for further funding of uncompromising forum post operations, was missing from your post, suggesting that the post compromisation is still ongoing.

        (SHA-1 signature for this post: 0e974280d43pwn3d805727944dfdcb099d739e25)

      2. fidodogbreath Silver badge

        Re: How fortuitous..

        You forgot to note that the sarcasm only affected a small number of users.

  3. Chris G Silver badge

    Now I read

    The first Gen 6 successors to the F35 may be in the air by the 2030s, so maybe the the UK can get the F35 on an 'end of line' sale price to see us out to the originally projected 2070.

    1. vtcodger Silver badge

      Re: Now I read

      "The first Gen 6 successors to the F35 may be in the air by the 2030s"

      Perhaps. I'm thinking that unmanned aircraft are getting more capable by the year. Their maneuverability should not be limited by the stresses on a human pilot. They don't need Oxygen systems. Or ejection seats. Or lots of other things that are there to accommodate the human payload. I imagine that they can be as effective as manned aircraft and considerably cheaper than manned aircraft with similar capability. Enough so that suicide tactics are cost effective. Sacrificing a $35M unmanned aircraft to take out a $70M fighter is probably a victory of sorts.

      I'm guessing that the F35 may be about the last generation of manned fighter aircraft. Not that the F-35, F-22, Su-57 and J-20 won't still be around -- maintained and flown for many decades. Just that their manned "replacements" may never get beyond the prototype and single digit serial number stage.

      1. Alan Brown Silver badge

        Re: Now I read

        "Sacrificing a $35M unmanned aircraft to take out a $70M fighter is probably a victory of sorts."

        You can buy an awful lot of $700-1200 drones for $35million. This is a scenario raised by at least one military planner

        can you shoot down 1000-10,000 semi-autonomous drones swarming the approach path to a carrier? or attempting to take out your radar systems with simple thermite loads?

        1. Anonymous Coward
          Anonymous Coward

          Re: Now I read

          Can you defeat these on the way to a carrier? Yes. Drone swarms are non-trivial (they'd like to bump into each other) and carrying any sort of payload would be spotted and dealt with. Whats the drone range? Where would it be launched from? You could use GPS spoofing if autonomous or EW if semi-autonomous. Plus they'd likely be line of sight. Compared to an anti-ship missile, WSO could have a second biscuit with their tea, stroll down, boot up Phalanx, install the latest Windows 10 upgrades and still be happy.

          A terrorist attack on civilians on the other hand....

          1. TDog

            Re: Now I read

            With about 1500 rounds per magazine and an average engagement usage of 100 rounds per target this becomes problematical. Even if drones can be hit with an average expenditure of 10 rounds this is still only 150 drones per magazine. At less than 5 minutes per reload 1000 incoming drones would take over 20 minutes to reload sufficient rounds alone. You'd better hope those are slow drones.

          2. Alan Brown Silver badge

            Re: Now I read

            "approach path" == not in phalanx range - and in any case it's considered unsporting to shoot in the same direction as one of your own your aircraft approaching for a landing

            they don't need to be fast moving if they're widely spaced and can use solar power to stay aloft indefinitely



            as for colliding, you're 10 years behind the times:




            Tactical drone swarms are already a "thing" and US military research on these projects mostly went "dark" in the mid 2000s

   is attempting to track this, including the virtually unlimied duration aloft swarms.

            Airspace denial is relatively easy by sheer weight of numbers - quantity has a quality all of its own - and as at least one US guided missle carrier captain has pointed out, if you have to defend against a $25k drone attack by loosing $2million worth of munitions, if he was an attacker those are odds he'd take on for the simple purpose of bankrupting the defender

        2. boltar Silver badge

          Re: Now I read

          If it was that simple it would have been done with the type of drones the military has had since the 60s - ie guided missiles, which also have the advantge of being at least 10x faster and so 10x (or more) harder to shoot down. While swarms of drones heading for a ship is a nice sci fi imagine, a load of propeller powered essentially model helicopters doing the low side of 3 figures mph is not going to be much of a match for something like a Phalanx even if there are 10K of them since if you can fire that many bullets a second you don't need to aim accurately, but like a shotgun just put it in the general area and the odds are you'll hit something.

          1. Alan Brown Silver badge

            Re: Now I read


            (excerpted for those who can't be bothered to follow the link. There's even more there worth reading - and this is only the first chapter of the book itself)

            "The official response was an elaborately diplomatic refusal. The British Admiral commanding the Task Force made an unofficial but widely-reported response:

            “I’m damned if we’re going to run away from some tinpot dictator with a lot of toy aircraft.”

            The first wave of Hong Jian drones attacked just after dawn. There were over two hundred of them, and they converged from all points of the compass. They flew straight at the vulnerable parts of the ships, the radar domes, radio masts and antenna arrays. The straight lines and flat planes of the ships were simple geometric patterns that made it easy for the drones’ cameras to locate their programmed point of attack.

            Although too small to be hit by anti-aircraft missiles, many of the drones fell victim to the radar-guided 30mm Oerlikon cannon and multibarrel Phalanx guns on the British destroyers, as well as the numerous rapid-fire miniguns mounted on deck rails and manned by sailors.

            Video analysis showed that about a dozen of the attackers got through. There was virtually no damage, except for an F-35 which has been preparing for take-off on the flight deck of the HMS Queen Elizabeth. A drone had skimmed over the carrier’s deck and struck one side of the plane. The subsequent fire had been quickly brought under control and there were no casualties, but the £100m aircraft would require days of repairs before it could fly again."


            "Two hours later radar detected a second force of drones assembling to the West of similar size to the first. The drones were spaced about a hundred meters apart, forming a spherical cloud almost a kilometre across.

            When an aircraft was sent up to monitor them, the entire cloud started converging on it. The pilot flew around the swarm and watched it gradually change direction to chase him. The drones could never catch the fast jet, and the pilot shot down a couple of drones with cannon fire, but he had to be wary of flying too close to the swarm."


            "A smaller cloud of several dozen drones then appeared in a loose formation between the carrier group and the airborne F-35. They had been skimming the sea at low level and had not been appeared on radar until they were a mile or two away. They were set on ambushing the pilot as he tried to return to the HMS Queen Elizabeth. When the pilot was redirected to approach from the opposite direction, half of the drones moved to block his approach.

            The F-35’s fuel was approaching a critical level. Rather than run any risk of losing a plane for no advantage, the pilot was ordered to divert away from the carrier group and land in a neighbouring African country. The plane sped away from the swarm at four hundred miles an hour while the necessary diplomatic arrangements were made.

            Running away might look bad, but losing an aircraft would be worse, and the Admiral could always say that the plane was diverted for technical reasons. The plane might be saved, but with the increasing number of Hong Jian, now forming several swarms in all directions, it was not safe to fly from the carrier.

            Bad news was to follow: several hours after the F-35 landed, twenty drones caught up with it while it was parked on the tarmac. A film crew had just arrived to shoot a wildlife documentary, and were filming the plane and trying to interview the pilot when they spotted small drones circling overhead. The drones made several passes, apparently making sure of their target before diving en masse at the F-35. After the tenth hit the plane disappeared in a massive fireball."

            The scenario might have been science fiction in 2015, but these (and many more items discussed in the book) are the subject of a lot of military discussion and sleepless nights

            As I said, you can buy a lot of drones for the price of 1 F35 - and ships only have so much defensive ammunition

        3. Anonymous Coward
          Anonymous Coward

          Re: Now I read

          Could you explain a little more, please: I'm a little slow. How would "1000-10,000 semi-autonomous drones swarming the approach path to a carrier" affect a hypersonic missile approaching at, say, Mach 8?

          Especially if it approaches straight down.

          1. Anonymous Coward
            Anonymous Coward

            Re: Now I read

            Oh, now I see! (I said I'm a bit slow). The drones are supposed to be attacking the carrier!

            I don't think that version really needs any comment. (Although I can't help wondering where they came from).

      2. Maelstorm Bronze badge

        Re: Now I read

        Depends on what the payload is. If the UAV is packed to the max with explosives, then what you have on your hands is a manually guided missile capable of taking out a ship, SAM launch site, or any other high value military target. Considering that UAVs don't have human pilots on board, they can push high-G turns up to the limit of the airframe. Imagine one of these flying bombs flying into the open hanger of an aircraft carrier and detonating inside.

        1. TDog

          Re: Now I read

          You wouldn't take out a ship. You would get a soft kill destroying and disabling sensors and transmitters. That would be a mission kill.

        2. EvilDrSmith Silver badge

          Re: Now I read

          You mean something like the Israeli IAI loiter drone? (Harup? something like that).

          UAV with a few hours endurance, and if it sees a target it can autonomously or on command suicide into it (it's fitted with a warhead), if not, it comes home to live to die another day.

        3. Martin an gof Silver badge

          Re: Now I read

          I once read a short Sci Fi story where the guidance electronics for missiles were too expensive, or perhaps too difficult to manufacture for one of the belligerents in a decades-long war, so instead they fitted manual controls and trained up men to take the place of the electronics.

          Does anyone know where I might have read this?


          1. ian 22

            Re: Now I read

            Yes, I read the same story. Isaac Asimov? At some point meatware is cheaper than software.

          2. idv

            Re: Now I read

            Asimov, 1958, "The Feeling of Power".

            (Reprinted in Robot Dreams, which you're more likely to have read...)


        4. Alan Brown Silver badge

          Re: Now I read

          "If the UAV is packed to the max with explosives,"

          They don't need much explosive. A precision hit on optically recognised radar antennas or a thermite charge on a munitions dump is sufficient. All you really need to do is render the defenders blind in most cases. In the case of a ship, targetting the vulnerable rotating assembly of rotating radar heads with a thermite charge will put them out of action for days

          Big explosions are for poorly targetted devices - one of the smallest explosions I know of involved less than a gram of C4 - in a booby-trapped phone(one of hundreds deployed) pressed against the ear of a Taliban commander in 2003. Once it was confirmed he was the correct target and using the phone... *pop"

          For what it's worth: The "drone dropping a grenade on a munitions dump" scenario already happened in Georgia in 2017 and the drone attacks on facilities in Saudi Arabia were using $700 commercial devices.

          As one bad guy put it in the 1980s - "You have to defend against every attack. We only have to succeed ONCE"

      3. amanfromMars 1 Silver badge

        Re: Now I read ..... Not Another Worldly Wordy Gospel Truth ‽ .

        I imagine All Air Forces and Defence Departments are Preparing for Alien Craft with Other Worldly Resources and Sources at their Pioneering Grand AI Master Pilots' Beck and Call, vtcodger.

        The Question is whether there be a Defence Mechanism to Hinder their Progress with Highly Prized Earthly Assets?

        Does UKGBNI Secure and Protect National Cyber Force Territories/Jurisdictions/Special Operations Executive Terrain? Is the Guarantee FailSafe, Almighty Fair Fareware? .... with Advanced IntelAIgent Pre-Programming?

        Such is a Current Leader in ITs Fields of Wondrous Operation/Virtual Presentations of the Creative Processes and SMARTR AIgents Galvanising ACTivIT for/in Live Operational Virtual Environments, and as may have been alluded to/outed by Ciaran Martin ......

        “To help the discussion, I want to introduce, or arguably, reintroduce, two concepts.

        The first is cyber not just as a domain, but as an environment. It is so ubiquitous in our everyday life there is a strong case for this type of analogy.”

        How very perceptive of the Chief. Whenever Check and Checkmate, the Next Logical Steps are AWEsome Pow Wows in All the Very Best of Secure Locations, are they not? :-) ..... which is proving itself to be Worthily Considered a Prize Contender for the Only Next Almighty Logical Step Award......... with Other Directions/Proposals/Operations being Almightily Exhausting Sub-Prime Ethereal Competition

        :-) Is there a Global Difficulty in Admitting that Reality Exists, and Earth is ITs Test Bed for Live Operational Virtual Environments on Special Operations with New Fangled Entanglements in NEUKlearer HyperRadioProACTive Programs/Projects/Pogroms/Presentations in ACTive Virtual Enactments? A Most Attractive Reward for IMPertinent Drivers of Worthy Success Trawling and Trading and Trailing and Trialing Future Sterling Assets?

        Who do you know who knows ? Do they know what to do next for the best? Now is their chance to lead with some New Fangled Entanglement with Special Operations for National Cyber Force Protection. I Kid U Not.

        :-) Something for the likes of a Crowd of Dominic Cummings to deny all knowledge of and ponder on before exercising and committing to any other Attractive ACTive Available Option/Future Derivative Venture?

  4. Ribfeast

    Surely the network that is used to develop these things is air gapped? I guess not...

    1. Ashentaine

      Military projects tend to have multiple subcontractors, who also have their own subcontractors, and even those sub-subcontractors can have their own subcontractors that may not even be aware that the parts and pieces they're working on is for the military. It's nearly impossible to keep every aspect of the project in a vacuum when everything is spread out that widely.

      1. uncle sjohie

        Oh they usually do. "Dual-use" is a very important concept in those area's. Governments go as far as to classify certain types of electric motors als dual-use. It might be used bij Pegatron in machines to build an iPhone, or by Boeing to maneuver a gun turret.

      2. The Oncoming Scorn Silver badge

        International Rescue, They Only Had To Worry About Kyrano's Half Brother.

        Scott Tracy: "Well, this is the tricky part of our operation. Trying to keep everything secret."

        Jeff Tracy: "Look, Scott. We ordered each component from different aircraft corporations. None of them know what they're making. It's only when they all arrive here, that the jigsaw fits together."

        Scott Tracy: "I guess I worry too much..."

        1. Sgt_Oddball Silver badge

          Re: International Rescue, They Only Had To Worry About Kyrano's Half Brother.

          This does work in practice and has been attempted before (only one translator was hospitalised after hearing two of the words) though obviously this requires new translation from German to Chinese..

          Not even machine translation works on it (Google translate just gives a fatal error)

          1. Fr. Ted Crilly

            Re: International Rescue, They Only Had To Worry About Kyrano's Half Brother.

            oh yeah read this mate...


        2. Yet Another Anonymous coward Silver badge

          Re: International Rescue, They Only Had To Worry About Kyrano's Half Brother.

          >We ordered each component from different aircraft corporations

          Ben Rich's book on Lockheed Skunk works is full of examples of this.

          And the problems they had getting suppliers to deliver $M of parts to a PO box of an unknown company, or the times that a supplier called the FBI because some unknown company with a PO box was trying to buy cutting age aerospace components

          1. Robert Sneddon

            Repurposing medical devices

            During WWII one of the most secret weapons developed by the Allies was the proximity fuze for anti-aircraft use and, later, land bombardment. The fuzes had delicate components inside (small valves and batteries etc.) and antenna connections to the external cap. In some theatres of operation protection for these fuzes for storage and deployment was needed, basically snug-fitting tapering plastic cones. They couldn't just put out a contract for fuze protectors due to the need for secrecy so they used a "back door" connection, so to speak, with the John Hopkins hospital to order five hundred thousand rectal spreaders.

            1. Martin an gof Silver badge

              Re: Repurposing medical devices

              Repurposing unrelated equipment is a great tradition. In terms of medical equipment, the standard way of waterproofing a microphone has often been a condom.

              Didn't Trevor Baylis create the prototype of his wind-up radio from a musical box and the motor from a toy car? (I think that's what Wikipedia says).

              My boss in my first "proper" job had spent some time in his youth working at a hospital in India and one of his favourite stories was his creation of a heart rate monitor (or maybe a cardiograph?) by repurposing an electric typewriter. No idea how that worked, but if anyone could do it, it would have been he.


          2. Alan Brown Silver badge

            Re: International Rescue, They Only Had To Worry About Kyrano's Half Brother.

            "Or the times that a supplier called the FBI because some unknown company with a PO box "

            In UFO, the cover story is a movie studio. Somehow I doubt that would work in real life

      3. Anonymous Coward
        Anonymous Coward

        Ah, yes...

        "So, Nat'ralists observe, a Flea

        Hath smaller Fleas that on him prey,

        And these have smaller yet to bite 'em,

        And so proceed ad infinitum..."

        - Dr Jonathan Swift

    2. Chris Tierney

      Air gap

      Do politicians assume that the F35 is effectively air-gapped on takeoff?

      1. Yet Another Anonymous coward Silver badge

        Re: Air gap

        The Chinese clones will have 5G, the British ones will use ADSL - BT openreach got the contract

  5. Anonymous Coward
    Anonymous Coward

    The module needed to be scrapped and re-written anyway, this just lets them blame someone else

    The old blame the hackers and bill as damages game. Standard practice, if a bit of a joke as If your house gets robbed because you didn't have a front door, billing the burglar for installing a front door would seem ludicrous. Somehow claiming fixing a lack of it security as damages is different though?

    It's still a drop in the bucket, as most of the initial flight systems code and the ground logistics and troubleshooting software had to be scrapped and are being re-implemented. Worse, as it still can't even cover the base acceptance testing cases, the re-write may be in trouble as well.

    Slapping "Agile" on something doesn't make it agile. In this case the label is just being used to justify delay to essential systems. Funny that the article calls out MVP as "high risk" as part of that is to CONTROL risk, and prioritize delivering essential things quickly and before secondary ones. Instead the F-35 rolled out with defects in the in-flight oxygen delivery system, as yet unresolved ghosting an target duplication, and initially couldn't actually interface with most of the ordinance it was designed to fire. This is a abject failure in project management, not developer methodology.

    If we scrapped this project when it failed to meet initial acceptance testing, we'd have it's successor it trials now. Instead, we still have a plane we are doing R&D on to make minimally viable in the air. They provide no expectation that it will even meet the standards set out a decade ago, a decade down the road from now.

    Unless the brain worms in our lame duck leadership tell them to cancel it out of spite, this thing will continue to sap the military budget for decades to come, all for a unreliable air frame that delivers lackluster performance, and has stealth designed to counter 15 year old radars.

    1. boltar Silver badge

      Re: The module needed to be scrapped and re-written anyway, this just lets them blame someone else

      "and has stealth designed to counter 15 year old radars."

      To be fair, this is always going to be a problem. It takes 1 or more decades to design and build a new fighter (even projects that go well), somewhat less for a new radar system.

      1. Yet Another Anonymous coward Silver badge

        Re: The module needed to be scrapped and re-written anyway, this just lets them blame someone else

        Obviously you need to invest in bigger and more expensive radar projects - then these will get later and later, giving you more time to improve the aircraft's stealthiness

  6. NoneSuch Silver badge


    The F-35 was a pig in a poke long before this happened. It was over-budget at the prototype stage and has set records for hemorrhaging money since.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really?

      A 100% successful military procurement project then. It has fulfilled the primary objective of funneling cash to companies with the best senators/congress people money can buy.

      A functional cost effective aircraft is an optional objective.

      1. Alan Brown Silver badge

        Re: Really?

        The F35 took on board the primary lesson of the F111B - which was how to avoid getting your project cancelled

      2. Anonymous Coward
        Anonymous Coward

        Re: Really?

        For attacking more or less defenceless nations, the F-35 is good enough.

        And it would never be used against a world-class enemy unless we were on the way to a thermonuclear exchange.

        Which, IMHO, would be a Bad Thing.

        1. Alan Brown Silver badge

          Re: Really?

          "For attacking more or less defenceless nations, the F-35 is good enough."

          For that kind pf purpose a Super Tocano is more than enough and you can buy 18 of them for the price of ONE F-35

    2. Anonymous Coward
      Anonymous Coward

      Re: Really?

      "The F-35 was a pig in a poke long before this happened".

      Certainly some kind of pig.

      1. Anonymous Coward
        Anonymous Coward

        The concept scales up all the way to the top

  7. Brewster's Angle Grinder Silver badge

    Any landing you can walk away from...

    ALL planes can come to rest on the ground. Out of the box. It doesn't need any fancy software. Getting airborne is the hard part. So clearly the MVP for avionics is the ability to take off and fly. The quality of the landing can be improved in later releases....


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020