IoT
In a fucking fighter jet. Didn't see that coming.
The F-35 fighter jet programme’s costs were inflated after China compromised a software vendor in Lockheed Martin’s supply chain, forcing a ground-up rewrite of a potentially affected system, a policy wonk has claimed to UK Parliament. While giving evidence to a Defence Committee hearing on cyber threats to the British …
I am actually not surprised, as "IoT" - that is, smart autonomous subsystems that intercommunicate - are the modern status quo of all avionics. Re: see Boeing 737Max and other scenarios, for example where they suspected a compromise of the inflight entertainment may affect the flight systems. This design has been ongoing for a long time, mostly due to allowing subcontractors to develop subsystems where interoperability is a given by sticking with the communications protocols.
"(this post may contain sarcasm)"
I would just like to point out, on the record, that this post may have contained sarcasm, as admitted by the poster. The people in charge of postings have taken this into account and mitigated whatever factors might have led to compromization by sarcastic posting. We cannot reproduce the sarcasm or describe it specifically, either in public or in private to those with appropriate clearence, but rest assure it has been mitigated and postings will be back on track now. It was so expensive though. So much money.
"The first Gen 6 successors to the F35 may be in the air by the 2030s"
Perhaps. I'm thinking that unmanned aircraft are getting more capable by the year. Their maneuverability should not be limited by the stresses on a human pilot. They don't need Oxygen systems. Or ejection seats. Or lots of other things that are there to accommodate the human payload. I imagine that they can be as effective as manned aircraft and considerably cheaper than manned aircraft with similar capability. Enough so that suicide tactics are cost effective. Sacrificing a $35M unmanned aircraft to take out a $70M fighter is probably a victory of sorts.
I'm guessing that the F35 may be about the last generation of manned fighter aircraft. Not that the F-35, F-22, Su-57 and J-20 won't still be around -- maintained and flown for many decades. Just that their manned "replacements" may never get beyond the prototype and single digit serial number stage.
"Sacrificing a $35M unmanned aircraft to take out a $70M fighter is probably a victory of sorts."
You can buy an awful lot of $700-1200 drones for $35million. This is a scenario raised by at least one military planner
can you shoot down 1000-10,000 semi-autonomous drones swarming the approach path to a carrier? or attempting to take out your radar systems with simple thermite loads?
Can you defeat these on the way to a carrier? Yes. Drone swarms are non-trivial (they'd like to bump into each other) and carrying any sort of payload would be spotted and dealt with. Whats the drone range? Where would it be launched from? You could use GPS spoofing if autonomous or EW if semi-autonomous. Plus they'd likely be line of sight. Compared to an anti-ship missile, WSO could have a second biscuit with their tea, stroll down, boot up Phalanx, install the latest Windows 10 upgrades and still be happy.
A terrorist attack on civilians on the other hand....
With about 1500 rounds per magazine and an average engagement usage of 100 rounds per target this becomes problematical. Even if drones can be hit with an average expenditure of 10 rounds this is still only 150 drones per magazine. At less than 5 minutes per reload 1000 incoming drones would take over 20 minutes to reload sufficient rounds alone. You'd better hope those are slow drones.
"approach path" == not in phalanx range - and in any case it's considered unsporting to shoot in the same direction as one of your own your aircraft approaching for a landing
they don't need to be fast moving if they're widely spaced and can use solar power to stay aloft indefinitely
https://ukdefencejournal.org.uk/the-rise-of-the-drone-swarm/
https://www.popularmechanics.com/military/research/a24494/chinese-drones-swarms/
as for colliding, you're 10 years behind the times:
https://www.popularmechanics.co.za/tech/intels-world-record-for-most-airborne-drones/
https://www.suasnews.com/2016/05/43890/
https://www.popularmechanics.com/military/weapons/a18577/isis-packing-drones-with-explosives/
Tactical drone swarms are already a "thing" and US military research on these projects mostly went "dark" in the mid 2000s
http://www.swarm-troopers.com/ is attempting to track this, including the virtually unlimied duration aloft swarms.
Airspace denial is relatively easy by sheer weight of numbers - quantity has a quality all of its own - and as at least one US guided missle carrier captain has pointed out, if you have to defend against a $25k drone attack by loosing $2million worth of munitions, if he was an attacker those are odds he'd take on for the simple purpose of bankrupting the defender
If it was that simple it would have been done with the type of drones the military has had since the 60s - ie guided missiles, which also have the advantge of being at least 10x faster and so 10x (or more) harder to shoot down. While swarms of drones heading for a ship is a nice sci fi imagine, a load of propeller powered essentially model helicopters doing the low side of 3 figures mph is not going to be much of a match for something like a Phalanx even if there are 10K of them since if you can fire that many bullets a second you don't need to aim accurately, but like a shotgun just put it in the general area and the odds are you'll hit something.
http://www.swarm-troopers.com/scenarios/
(excerpted for those who can't be bothered to follow the link. There's even more there worth reading - and this is only the first chapter of the book itself)
"The official response was an elaborately diplomatic refusal. The British Admiral commanding the Task Force made an unofficial but widely-reported response:
“I’m damned if we’re going to run away from some tinpot dictator with a lot of toy aircraft.”
The first wave of Hong Jian drones attacked just after dawn. There were over two hundred of them, and they converged from all points of the compass. They flew straight at the vulnerable parts of the ships, the radar domes, radio masts and antenna arrays. The straight lines and flat planes of the ships were simple geometric patterns that made it easy for the drones’ cameras to locate their programmed point of attack.
Although too small to be hit by anti-aircraft missiles, many of the drones fell victim to the radar-guided 30mm Oerlikon cannon and multibarrel Phalanx guns on the British destroyers, as well as the numerous rapid-fire miniguns mounted on deck rails and manned by sailors.
Video analysis showed that about a dozen of the attackers got through. There was virtually no damage, except for an F-35 which has been preparing for take-off on the flight deck of the HMS Queen Elizabeth. A drone had skimmed over the carrier’s deck and struck one side of the plane. The subsequent fire had been quickly brought under control and there were no casualties, but the £100m aircraft would require days of repairs before it could fly again."
.....
"Two hours later radar detected a second force of drones assembling to the West of similar size to the first. The drones were spaced about a hundred meters apart, forming a spherical cloud almost a kilometre across.
When an aircraft was sent up to monitor them, the entire cloud started converging on it. The pilot flew around the swarm and watched it gradually change direction to chase him. The drones could never catch the fast jet, and the pilot shot down a couple of drones with cannon fire, but he had to be wary of flying too close to the swarm."
....
"A smaller cloud of several dozen drones then appeared in a loose formation between the carrier group and the airborne F-35. They had been skimming the sea at low level and had not been appeared on radar until they were a mile or two away. They were set on ambushing the pilot as he tried to return to the HMS Queen Elizabeth. When the pilot was redirected to approach from the opposite direction, half of the drones moved to block his approach.
The F-35’s fuel was approaching a critical level. Rather than run any risk of losing a plane for no advantage, the pilot was ordered to divert away from the carrier group and land in a neighbouring African country. The plane sped away from the swarm at four hundred miles an hour while the necessary diplomatic arrangements were made.
Running away might look bad, but losing an aircraft would be worse, and the Admiral could always say that the plane was diverted for technical reasons. The plane might be saved, but with the increasing number of Hong Jian, now forming several swarms in all directions, it was not safe to fly from the carrier.
Bad news was to follow: several hours after the F-35 landed, twenty drones caught up with it while it was parked on the tarmac. A film crew had just arrived to shoot a wildlife documentary, and were filming the plane and trying to interview the pilot when they spotted small drones circling overhead. The drones made several passes, apparently making sure of their target before diving en masse at the F-35. After the tenth hit the plane disappeared in a massive fireball."
The scenario might have been science fiction in 2015, but these (and many more items discussed in the book) are the subject of a lot of military discussion and sleepless nights
As I said, you can buy a lot of drones for the price of 1 F35 - and ships only have so much defensive ammunition
Depends on what the payload is. If the UAV is packed to the max with explosives, then what you have on your hands is a manually guided missile capable of taking out a ship, SAM launch site, or any other high value military target. Considering that UAVs don't have human pilots on board, they can push high-G turns up to the limit of the airframe. Imagine one of these flying bombs flying into the open hanger of an aircraft carrier and detonating inside.
I once read a short Sci Fi story where the guidance electronics for missiles were too expensive, or perhaps too difficult to manufacture for one of the belligerents in a decades-long war, so instead they fitted manual controls and trained up men to take the place of the electronics.
Does anyone know where I might have read this?
M.
"If the UAV is packed to the max with explosives,"
They don't need much explosive. A precision hit on optically recognised radar antennas or a thermite charge on a munitions dump is sufficient. All you really need to do is render the defenders blind in most cases. In the case of a ship, targetting the vulnerable rotating assembly of rotating radar heads with a thermite charge will put them out of action for days
Big explosions are for poorly targetted devices - one of the smallest explosions I know of involved less than a gram of C4 - in a booby-trapped phone(one of hundreds deployed) pressed against the ear of a Taliban commander in 2003. Once it was confirmed he was the correct target and using the phone... *pop"
For what it's worth: The "drone dropping a grenade on a munitions dump" scenario already happened in Georgia in 2017 and the drone attacks on facilities in Saudi Arabia were using $700 commercial devices.
As one bad guy put it in the 1980s - "You have to defend against every attack. We only have to succeed ONCE"
I imagine All Air Forces and Defence Departments are Preparing for Alien Craft with Other Worldly Resources and Sources at their Pioneering Grand AI Master Pilots' Beck and Call, vtcodger.
The Question is whether there be a Defence Mechanism to Hinder their Progress with Highly Prized Earthly Assets?
Does UKGBNI Secure and Protect National Cyber Force Territories/Jurisdictions/Special Operations Executive Terrain? Is the Guarantee FailSafe, Almighty Fair Fareware? .... with Advanced IntelAIgent Pre-Programming?
Such is a Current Leader in ITs Fields of Wondrous Operation/Virtual Presentations of the Creative Processes and SMARTR AIgents Galvanising ACTivIT for/in Live Operational Virtual Environments, and as may have been alluded to/outed by Ciaran Martin ......
“To help the discussion, I want to introduce, or arguably, reintroduce, two concepts.The first is cyber not just as a domain, but as an environment. It is so ubiquitous in our everyday life there is a strong case for this type of analogy.”
How very perceptive of the Chief. Whenever Check and Checkmate, the Next Logical Steps are AWEsome Pow Wows in All the Very Best of Secure Locations, are they not? :-) ..... which is proving itself to be Worthily Considered a Prize Contender for the Only Next Almighty Logical Step Award......... with Other Directions/Proposals/Operations being Almightily Exhausting Sub-Prime Ethereal Competition
:-) Is there a Global Difficulty in Admitting that Reality Exists, and Earth is ITs Test Bed for Live Operational Virtual Environments on Special Operations with New Fangled Entanglements in NEUKlearer HyperRadioProACTive Programs/Projects/Pogroms/Presentations in ACTive Virtual Enactments? A Most Attractive Reward for IMPertinent Drivers of Worthy Success Trawling and Trading and Trailing and Trialing Future Sterling Assets?
Who do you know who knows ? Do they know what to do next for the best? Now is their chance to lead with some New Fangled Entanglement with Special Operations for National Cyber Force Protection. I Kid U Not.
:-) Something for the likes of a Crowd of Dominic Cummings to deny all knowledge of and ponder on before exercising and committing to any other Attractive ACTive Available Option/Future Derivative Venture?
Military projects tend to have multiple subcontractors, who also have their own subcontractors, and even those sub-subcontractors can have their own subcontractors that may not even be aware that the parts and pieces they're working on is for the military. It's nearly impossible to keep every aspect of the project in a vacuum when everything is spread out that widely.
Scott Tracy: "Well, this is the tricky part of our operation. Trying to keep everything secret."
Jeff Tracy: "Look, Scott. We ordered each component from different aircraft corporations. None of them know what they're making. It's only when they all arrive here, that the jigsaw fits together."
Scott Tracy: "I guess I worry too much..."
This does work in practice and has been attempted before (only one translator was hospitalised after hearing two of the words) though obviously this requires new translation from German to Chinese..
Not even machine translation works on it (Google translate just gives a fatal error)
>We ordered each component from different aircraft corporations
Ben Rich's book on Lockheed Skunk works is full of examples of this.
And the problems they had getting suppliers to deliver $M of parts to a PO box of an unknown company, or the times that a supplier called the FBI because some unknown company with a PO box was trying to buy cutting age aerospace components
During WWII one of the most secret weapons developed by the Allies was the proximity fuze for anti-aircraft use and, later, land bombardment. The fuzes had delicate components inside (small valves and batteries etc.) and antenna connections to the external cap. In some theatres of operation protection for these fuzes for storage and deployment was needed, basically snug-fitting tapering plastic cones. They couldn't just put out a contract for fuze protectors due to the need for secrecy so they used a "back door" connection, so to speak, with the John Hopkins hospital to order five hundred thousand rectal spreaders.
Repurposing unrelated equipment is a great tradition. In terms of medical equipment, the standard way of waterproofing a microphone has often been a condom.
Didn't Trevor Baylis create the prototype of his wind-up radio from a musical box and the motor from a toy car? (I think that's what Wikipedia says).
My boss in my first "proper" job had spent some time in his youth working at a hospital in India and one of his favourite stories was his creation of a heart rate monitor (or maybe a cardiograph?) by repurposing an electric typewriter. No idea how that worked, but if anyone could do it, it would have been he.
M.
The old blame the hackers and bill as damages game. Standard practice, if a bit of a joke as If your house gets robbed because you didn't have a front door, billing the burglar for installing a front door would seem ludicrous. Somehow claiming fixing a lack of it security as damages is different though?
It's still a drop in the bucket, as most of the initial flight systems code and the ground logistics and troubleshooting software had to be scrapped and are being re-implemented. Worse, as it still can't even cover the base acceptance testing cases, the re-write may be in trouble as well.
Slapping "Agile" on something doesn't make it agile. In this case the label is just being used to justify delay to essential systems. Funny that the article calls out MVP as "high risk" as part of that is to CONTROL risk, and prioritize delivering essential things quickly and before secondary ones. Instead the F-35 rolled out with defects in the in-flight oxygen delivery system, as yet unresolved ghosting an target duplication, and initially couldn't actually interface with most of the ordinance it was designed to fire. This is a abject failure in project management, not developer methodology.
If we scrapped this project when it failed to meet initial acceptance testing, we'd have it's successor it trials now. Instead, we still have a plane we are doing R&D on to make minimally viable in the air. They provide no expectation that it will even meet the standards set out a decade ago, a decade down the road from now.
Unless the brain worms in our lame duck leadership tell them to cancel it out of spite, this thing will continue to sap the military budget for decades to come, all for a unreliable air frame that delivers lackluster performance, and has stealth designed to counter 15 year old radars.
"and has stealth designed to counter 15 year old radars."
To be fair, this is always going to be a problem. It takes 1 or more decades to design and build a new fighter (even projects that go well), somewhat less for a new radar system.
ALL planes can come to rest on the ground. Out of the box. It doesn't need any fancy software. Getting airborne is the hard part. So clearly the MVP for avionics is the ability to take off and fly. The quality of the landing can be improved in later releases....
Do I believe the Chinese might compromise a software contractor? Why yes, of course I do. The Chinese are pretty good at a lot of stuff and I don't see any reason to believe they'd somehow not be good at spying.
Do I believe that the US might find out about it? Sure, that's possible I suppose.
Do I believe that the US government in the normal course of events would admit that the software was compromised? Of course not. Admit vulnerability and error? Does any bureaucracy do that unless the problem is clear to everyone in the universe? Ever?
Do I believe that security is slack at some low level US defense contractors? No, actually I don't. I worked in the US military weapons world for three decades. That was a while ago, but I never, ever saw an operation that didn't take security pretty seriously or whose security wasn't monitored by the government. That doesn't mean that the security was perfect. That would be impossible. But that part of the story doesn't ring true.
The software sucked and needed to be rewritten? I'd say that's pretty normal for complex systems.
"Do I believe the Chinese might compromise a"
lol, that's how we used to describe the US. Back in the day those bloody colonials would steal our hard won (*cough*) secrets and patent them locally as though that was reasonable.
Depending on your poker face (Britain/UK) or sheer might (US) you can still call dibs or something on the international stage. China and Russia (int al) are quietly redefining what dibs actually means.
The gloves are off in IT space and it needs to be fixed up. It is a shit fest of the worst order out there. I could quite happily point nmap or much worse (I'm CREST accredited) at your home connection with no holds barred for no reason and with little comeback (I might make it look like your child's school did it)
"that's how we used to describe the US."
It wasn't that long ago (50 years) that Britain was paiting japanese technology as threats to national security and forcing its trading partners to buy STC telephone exchanges instead of the far superior NEC ones they wanted to buy.
The fact that the STCs never worked properly, took 5 years longer to deploy than the NECs and ended up costing more than 3 times as much is irrelevant, unless you work on the basis that sucking money out of your vassals makes them less independently minded (ie: economic warfare)
Do I believe that security is slack at some low level US defense contractors? No, actually I don't. I worked in the US military weapons world for three decades. That was a while ago, but I never, ever saw an operation that didn't take security pretty seriously or whose security wasn't monitored by the government. That doesn't mean that the security was perfect. That would be impossible. But that part of the story doesn't ring true. ...... vtcodger
I cannot believe that, vtcodger, for targeting the PEBKAC is always liable to render outstanding results. Indeed, the simplicity and danger of it was very recently commented upon here on El Reg with a short video explaining/espousing the methodology effectively used .....
amanfromMars 1 Thu 12 Nov 19:42 [2011121942] ...... being positive on https://forums.theregister.com/forum/all/2020/11/11/ciaran_martin_speech_cyber_policy/#c_4144182Re: Horses for Courses
Lots of fun and games and slush funding for able intelligent players still out there, JCitizen. Indeed, some would tell you there has never ever before been as much available ..... and from sources which were not considered engaging before .......... https://govmatters.tv/trusted-capital-and-funding-technologies/
And just like everything else ....... pay peanuts, get monkeys rules apply.
Sub-prime humans are the weakest link attracting all manner of spooky premium attention with folding fiat aplenty to invest and disburse. And it is not as if 20/30 pieces of silver has not tempted a lost soul since money as a fake indicator of worth and wealth was invented and is anything new and not known about ...... :-) and gravely to be regarded.
You don't even need to directly target the PEBKAC. Just track the promising academics as they go through university, then see where they go to live - you don't overly need to worry about who they're working for if they're all clustering in the same areas. Just see what their published papers were about
The F-35 is way late.
There are more than 500 F-35s of all variants in service with several air forces at the moment -- the USAF has about 250 of the F-35A variant alone in training, testing and operational squadrons. There are plans to build about 3,500 more F-35s over the next twenty years or so. I don't see how that makes it "late".
There are more than 500 F-35s of all variants in service with several air forces at the moment -- the USAF has about 250 of the F-35A variant alone in training, testing and operational squadrons. There are plans to build about 3,500 more F-35s over the next twenty years or so.
Nice, but that describes the current and future situation.
I don't see how that makes it "late".
When did it enter service and when was it supposed to enter service? That difference of ten years does make it late. Add in the cost overruns and it is clear the plug should have been pulled a long time ago.
"Add in the cost overruns and it is clear the plug should have been pulled a long time ago."
Emphasising this: The Expensive F22 was supposed to establish air superiority and allow the Cheap and Plentiful F/A35 to go in for support work, where stealth was incidental and mainly intended to provide an element of surprise going against mopping up ground defences missed by the F22s
The Expensive F22 got cancelled for being TOO expensive and the resulting mission creep resulted in the Cheap F35 costing more per unit than the Expensive F22 as well as being sold to allies as an air-to-air fighter it was never intended for and needed far more expensive modifications to fulfill. The airborne communications platform role came later and could be better fulfilled by a number of cheaper airframes
http://www.mayofamily.com/RLM/txt_Clarke_Superiority.html
Modern C++ (2011 onwards) is a powerful and safe (if used correctly) language so Ada doesn't quite have the advantage it used to in critical systems. Also sand boxing code safety isn't everything otherwise it would be written in Java. Sometimes tools, execution speed, library support, binary size and the ability to find experienced devs comes into play.
Modern C++ (2011 onwards) is a powerful and safe (if used correctly) language so Ada doesn't quite have the advantage it used to in critical systems.
Until you run out of heap, walk off the end of an array, call a non-static method belonging to an object that hasn't been instantiated yet etc.
No language can solve an out of memory problem so all programs will fail in that scenario whether its a crash or just an error. C++ is no worse in that regard than any other. And bringing up walking off an array or non instantiated object shows you know nothing about modern C++. Its not 1998 anymore.
This post has been deleted by its author
"Modern C++ (2011 onwards) is a powerful and safe (if used correctly) language..."
It's that bit about "if used correctly" that has the teeth. It reminds me of something... Ah, yes:
https://4.bp.blogspot.com/-ERGJ3cHACEE/VEpYjRWbj0I/AAAAAAAAAqc/IBNkX3uryEA/s1600/Then%2Ba%2Bmiracle%2Boccurs.jpg
It's an interesting dilemma how much software is used to control the fighter jet. I suppose the US already includes software whereby if the fighter jet was flying near the US and the pilot tried to drop a bomb, the software would not allow them to do it. I wonder if enemy's fighter jets also include similar software to prevent bombs being dropped in their countries?
I wonder if enemy's fighter jets also include similar software to prevent bombs being dropped in their countries?
The answer to that is negative as those enemies (and most allies) can still remember clearly things like being invaded and having to retake (parts of) their own countries.
believe it or not, it's not just phones that "you own the hardware, but you don't control the device" applies to
The USA retains the "ignition keys" to every F35 sold.
There are rolling codes required to be entered into the flight control computers in order to start the engines and operate the avionics which are keyed to every airframe/engine serial number and are obtained upon request from the Department of State. These codes are valid for a few hours each time
The RAF (as codevelopers of the F35 via BAE) were one of the few air forces which the US was going to sell code generators to, but those plans were axed in the early 2000s in favour of the USA retaining total control over who can fly their F35s today
"Earlier he had referred to the incident as a "rumour" partially explaining "why the F-35 is so expensive.""
Quite funny how sub-contracting, which is aimed at reducing costs, actually make them sky rocket.
I now know why I quit SW dev ... Too much money to crooks and nothing in my pocket.
If you want to be really nefarious, you don't target the code itself, you target the compiler and other build tools. So even if they rewrite the code from the ground up there could still be an exploit injected. One would assume however being top notch military contractors they'd have considered this possibility... [crickets]
Turkey is supposedly doing hardware maintenance on any aircraft the UK might be foolish enough to purchase.
Turkey, the same country that now has close military relations with the Russian military and ís buying Russian hardware. Ìf the US intelligence services are worried about Trump doing deals with his knowledge of US security ìnfo, just imagine what "favourable deals" the Russians would offer in return for checking out F35's in for service in Turkey!
.. in F-35's software development effort if China somehow managed to unpublish Left-Pad.
I'm a bit of a cynic so I tend to read between the lines. This statement hits darkly of 'potentical Chinese compromising of software' but I rather suspect it was 'was found that the job was assigned to a graduate student who much to everyone's horror turned out to be Chinese'.
I wish people would tell the truth rather than talking in spy novel terms. What this also suggests is that the F-35 has got bits of code in it that are probably about as well integrated as MCAS was in the 737-Max.
'was found that the job was assigned to a graduate student who much to everyone's horror turned out to be Chinese'.
Or had a name sounding vaguely chinese, or incorporated libraries written by someone whose name sounded that way
IIRC "chong" has been a surname in the west of the UK for at least 400 years - where those carrying it didn't look asian in the slightest
Let's not forget the USA's policies of internment of both Japanese Americans(ww2) and German Americans (ww1) mostly based on surnames