The commander of Air Force Materiel Command recently laid out the service’s plan for ensuring attack aircraft and other weapon systems are secure from cyber-attack.
“We tend to talk about cyber security of our networks and those things that are connected to the World Wide Web — well our weapon systems are not totally invulnerable because they are not necessarily connected to the web when they are executing their mission,” Air Force Gen. Ellen Pawlikowski told an audience on Wednesday at Air Force Association’s 2016 Air, Space and Cyber Conference.
“And that means that we have to take a serious look at cyber security for our weapon systems in ways that a couple of years ago we didn’t think about,” she added.
The Pentagon over the past few years has focused on the cyber threat and developing policies to guard against cyber-attack.
During that time, Pawlikowski said, the Air Force spent a lot of time identifying potential threats by saying, “Look, look; this is not good. And we spent a couple of years acting like Chicken Little, but we really didn’t do anything to get at this issue of our weapon systems.”
Then in January of last year, the service established the Cyber Resiliency Steering Group and developed a lengthy plan of attack to ensure weapon systems are cyber-secure.
Pawlikowski then pointed to a global precision attack mission involving an F-16 as an example of just how vulnerable systems like this are to cyber-attack.
“Oh, the F-16 flies in the air; it’s not connected to the network,” she said. “OK, so what happens to that F-16 when it lands?
“We plug in the automatic test equipment to make sure that everything is working right on it. And before we get that F-16 up into the air, we did some mission planning didn’t we? And part of that mission planning was uploaded into that computer — Well guess what, that automatic test equipment is a computer isn’t it?”
It’s highly possible, Pawlikowski said, that one of the maintenance crew may stick a thumb drive in the system to transfer data, despite all the training to avoid using thumb drives.
“So we have just introduced a threat to the F-16,” she said. “When you go through and lay out the mission thread that it takes to conduct a global mission attack, you find that there are cyber threat surfaces … all over the place.”
The Air Force has to develop an understanding of where the cyber threats are to our weapon systems, Pawlikowski said.
The service is going to have to develop cyber security engineers, experts that will make up a Cyber Security Engineering Team within in the Lifecycle Management Center to ensure that cyber threats are not introduced when weapon systems are upgraded in the future, she said.
“We have to have the right people, we have to train the right people to use the tools we develop … we have to have the right security environment, we have to address the doors we have left open all these years and we have to have an intelligence” effort to sniff out future threats, Pawlikowski said.
“None of this is rocket science,” she said. “This is all just plain hard work. This is all just digging in and using the tools that we have.”