The F-15 is a legendary air superiority platform with an unscathed combat record and the title for fastest fighter jet in the U.S. arsenal. It, along with a limited number of F-22 Raptors, represent America’s dog fighting force, as these two aircraft are the only platforms built to fill the primary role of air-to-air interceptors.
When it comes to white-knuckle flying, few foreign fighters can stand and swing with the F-15, but as a small group of hackers recently proved, foreign militaries may not need a billion-dollar fighter program to take down America’s 4th generation workhorse; all they really need is a small group of highly skilled hackers, some pizza, and plenty of iced coffee.
The team of hackers were brought together by a digital defense contractor known as Synack, who held a series of “Hack the Pentagon” and “Hack the Air Force” competitions for ethical hackers to participate in and help identify security threats primarily in public-facing DoD websites and similar applications. Some participants were then chosen for further vetting, asked to sign non disclosure agreements, and asked to hack into more sensitive systems, including the F-15 in a previous event.
This time, the team were granted access to an F-15’s Trusted Aircraft Information Download Station (TADS), which is digital relay component (that costs around $20,000). The intent behind giving the team direct access to the hardware was simple: Chinese intelligence assets could likely gain access to large enough portions of the F-15’s supply chain to determine what type of hardware can be found in the TADS, so by allowing hackers to exploit one of these systems, they were able to replicate the efforts of a broader espionage ring.
The results weren’t good. Awash in empty pizza boxes, the team reported that they gained access to the system using the same backdoors identified in previous hacking efforts (that were supposedly fixed since), and they went on to identify a litany of other vulnerabilities and issues that could be exploited by nefarious hackers wearing a different flag on their shoulder.
These results weren’t a surprise to Will Roper, a top U.S. Air Force acquisitions executive. His goal is to find ways to mitigate just these sorts of risks, and the first step toward doing that is identifying weaknesses.
“There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” Roper told the press.
“We want to bring this community to bear on real weapons systems and real airplanes. And if they have vulnerabilities, it would be best to find them before we go into conflict,” He added.
Adding digital security to existing systems is a far more complex process than developing the systems with integrated protections, but even advanced networks like those employed by the F-35 have had vulnerabilities highlighted in recent years. As a result, this process of allowing “good guy” hackers to go after defense platforms may be the Pentagon’s best chance of staying ahead of (or at least keeping up with) the curve.
“It’s difficult to do this going backward, but we’re doing our best,” Roper explained. “I can’t underscore enough, we just got into the batter’s box for what’s going to be a long baseball game.”