Monday, July 05, 2010

Joint Strike Fighter -- Face of Cyberwar?

Does anyone remember this story from April 2009?

Computer Spies Breach Fighter-Jet Project

Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks...

In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft...

"There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going..."

Former U.S. officials say the attacks appear to have originated in China...

Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into...


A week ago this story appears:

DoD Adviser: Foes' Advances Might Lead to F-35 Fleet Shrinkage

The Obama administration may have to rethink whether the U.S. military will need 2,500 F-35 fighter jets...

With possible American enemies, like China, developing and fielding ever-more advanced systems - such as sophisticated radar suites and surface-to-air missiles - Pentagon and administration officials must examine if the Lockheed Martin-made Lightning II will bring as much "value" to combat by the time it comes online next decade as thought decades previous when it was designed, [Andrew Krepinevich] said...

[B]ecause it might not be as useful from so-called forward air bases or aircraft carriers because of foes' advanced air defenses, the Defense Department might have to swallow hard, buy fewer F-35s and use any savings to buy other aircraft and missiles...


And today we have China's response:

China Seizes on F-35 Remarks:

[O]ne U.S. publication’s report about the possible cancellation of an American fighter jet program is being seized on by Chinese media as evidence of the Asian giant’s growing military prowess...

On Monday, the website of the People’s Daily, a mouthpiece for the Communist Party, reported the Obama administration was reconsidering its purchase of the fighter jets as a result of “astonishing progress” by militaries of China and other potential U.S. adversaries...


In case you missed it, here's the formula:

  1. US designs and builds a 5th-generation Joint Strike Fighter, with plans not only for the American military but for allied nations.

  2. China steals crucial information about JSF.

  3. American military officials and analysts realize the JSF might not be as effective as hoped due to the incorporation of counter-JSF technology into adversary (China) defense systems.

  4. China rejoices as American military officials rethink their plans for the JSF. China downs the JSF without firing a shot.


Incidentally, I am aware of financial issues with JSF, performance concerns, etc., along with DoD's $100 billion budgetary challenge. I live near the Beltway and watch This Week in Defense News religiously! However, I find my scenario plausible, and at least a possible contributing factor to plans to scale back JSF.

15 comments:

Ben said...

Sounds like the face of espionage or criminal activity. What about this constitutes "war"?

mwollenw said...

Foremost, if your analysis were correct I think one would still label this activity as espionage not warfare. Governments do all sorts of things through any means possible to affect policy in other nations. You can't just label those things warfare.

Digging into your analysis you claim
1. "China steals crucial information about JSF". Your only attribution is an unnamed former US official. Moreover an attack originating somewhere doesn't imply the attacker is Chinese or that it's state sponsored.

2. I've heard no claims that the information stolen was "crucial". If we're talking about the incident that was acknowledged several months ago the contractors claimed the information wasn't sensitive - much less crucial.

3. These attacks were reported in late April. It would be astonishing if China could obtain the said intelligence, scientifically review it, create plans for effective countermeasures, and then make sufficient development efforts to disuade international forces. On top of that, the US would then have had to shift policy on a major program in less than a month. That doesn't seem realistic.

4. If the plane was countered by a little stolen information and made mostly ineffective that quickly it doesn't seem like a realistic weapon system. Jets are shot down and analyzed in real wars. The probability that non-friendly nations would get technology seems almost certain.

5. The big news of the week is DoD budget concerns. It seems the best way to look at any shifts in purchasing the JSF is in the context of the overall DoD budget.

6. "downing" a plane and not purchasing it are entirely different. For example, buying one less plane versus shooting one down, killing the pilot, and the US losing a $200M asset really doesn't compare.

Anonymous said...

"China rejoices as American military officials rethink their plans for the JSF. China downs the JSF without firing a shot."

Somewhere, SunTzu is smiling. I ain't however.

Richard Bejtlich said...

mwollenw:

1. If you're limited to relying on newspapers for your info on the .cn threat, you're likely to be skeptical. Not my problem!

2. Ibid.

3. Do you think an attack reported in April happened in April? Do you think an attack reported in April was limited to a single event? Putting that aside, have you ever done damage assessment for an intrusion? DoD has an office that does nothing but that. They could easily see what was taken, project forward, and decide to alter policy.

4. I don't think you understand weapons programs. Aircraft aren't crypto. You don't rate the value of a weapons system by how well it withstands scrutiny in the hands of the enemy.

5. I said budget concerns were also a factor.

6. Your point is irrelevant. I think it's a huge win for .cn to keep a weapon out of the skies due to a cheap cyber operation, rather than designing, building, and operating their own improved SAMs, missiles, radars, or aircraft.

webjedi said...

Ah... yes... DAMO... great guys... slow, but good process...

RIch, I think a lot of the folks posting here have not had the "pleasure" of dealing with live-fire response and also (power of) the press.

Stated on the first day at CERT, I was asked... so why do you think stuff doesn't get reported out... well most of these companies are beholden to shareholders... shareholders loose faith in the company, drop the shares, then company goes under. I saw this working for my second Fortune 150... which was before time with CERT... it just drove the point home. By the time it get to the press, it's been vetted, cleaned and scrubbed, and become devoid of the real details. It's one of the reasons Mandiant never posts anything about their customers without their tacit approval as a reference... as would any other professional IR/IH company.

I remember my last run in with "the press" and how what was published regarding an event wasn't the full picture and was blown out of proportion due to the lack of complete information. yes, the event was bad, really bad, but ignorance of the details made it sound much worse, and since most leaders only read re-digest drivel from the press to make decisions a lot of the time, the folks doing the investigation, like myself, had to spend cycles deflecting base-less questions that were blown out by the improper details in the story... so yeah, if you read and believe EVERYTHING you read on blogs and websites *wink* then you probably are prone to being skeptical... but if you (not you Rich, but the general readership "you") get a chance to spend some time on the front lines and do the deep digging, it'll be an eye opening experience.

Eric said...

Instead of stockpiling warheads in this new cold war we will be stockpiling hackers.

Anonymous said...

I agree, Cyberwar is real. Unfortunately, the public is complacent, what with all the "chicken littles" running around with War on Terror, War on Drugs, War on Illegal Immigrants and Borders, War on Christmas, War on You name it, that, like the boy who cried wolf too many times, no one cares.
This seems a typical modus operandi of the Chinese (or any enemy) - copy the IP of others. Thus, I disagree with the DoD Adviser. Defend against the aircraft? Pshaw. The Chinese will build an exact replica, like the Concorde. Like the MiG. Only better.

Anonymous said...

4. China rejoices as American military officials rethink their plans for the JSF.

5. The U.S. military, having fed disinformation and useless, antiquated, decades old technology to the gullible Chinese (and American populace), now continue, uncontested, with their ultra-secret Manhattan project, remote-controlled pilot-less drone fighters, and attack satellites, the much publicized JSF having been an elaborate smoke-screen and government bail-out program.

Anonymous said...

I'm personally trying to strike the word/prefix 'cyber' from use at my job... I'm a govie and it's one of my missions in life... I think once we stop using stupid terms like this, the better we are for legitimizing the field and sounding less like a set of comic book characters.

mwollenw said...

Richard if you have specific evidence lay it out. I've worked with the DoD. I wrote network sensor software there. Currently I monitor 2 class B networks. I've also reversed several custom toolkits that appear to be from China in the last couple of months. I think I'm quite informed in regards to Chinese malware.

Perhaps GE has access to US intelligence that the rest of us don't? If so, are you using that intelligence here - wouldn't it be a security violation if you were confirming classified intelligence that you actually have?

Sorry your "trust me there's more" type attitude doesn't do it for me. If you have evidence present it. If not lets not pretend like you do.

My first hand experience with China is that most of their systems are unlicensed, unpatched, pieces of crap that are infected with ungodly amounts of malware and are constantly scanning and probing every network they can touch. Every piece of Chinese malware I've seen in the public space has been consistent with every other piece of criminal malware - mild data stealers, IRC botnets, spammers, and tools to drive traffic to porn.

Everything about the above I would characterize as criminal. There's nothing about it that seems like a military operation. Sure, the Chinese might have a public toolkit for deniability, but that's just a weak argument one uses for a lack of evidence.

I'm confident the Chinese government has at least a decent computer network exploitation capability. But it doesn't help anyone to continually hype the threat or by classifying criminal malware coming from china as cyber war.

As to the weapon system argument are you serious? You're right, I'm not a weapon systems expert. However, I think one can reasonable assume that in a war fighter planes get shot down in enemy territory. You can then assume the enemy will dissect every piece of the plane. If you believe some documents from unclassified internet systems yield more insight into a fighter than taking a few of them apart I don't buy it. And if that is enough information to effectively mitigate a multibillion dollar system in the matter of months it's craziness.

Finally, when did classic espionage become warfare? If spies broke into the contractors offices and got the documents it would be espionage. But if it's done through a computer it's warfare?

Matthew Wollenweber said...

Richard if you have specific evidence lay it out. I've worked with the DoD. I wrote network sensor software there. Currently I monitor 2 class B networks. I've also reversed several custom toolkits that appear to be from China in the last couple of months. I think I'm quite informed in regards to Chinese malware.

Perhaps GE has access to US intelligence that the rest of us don't? If so, are you using that intelligence here - wouldn't it be a security violation if you were confirming classified intelligence that you actually have?

Sorry your "trust me there's more" type attitude doesn't do it for me. If you have evidence present it. If not lets not pretend like you do.

My first hand experience with China is that most of their systems are unlicensed, unpatched, pieces of crap that are infected with ungodly amounts of malware and are constantly scanning and probing every network they can touch. Every piece of Chinese malware I've seen in the public space has been consistent with every other piece of criminal malware - mild data stealers, IRC botnets, spammers, and tools to drive traffic to porn.

Everything about the above I would characterize as criminal. There's nothing about it that seems like a military operation. Sure, the Chinese might have a public toolkit for deniability, but that's just a weak argument one uses for a lack of evidence.

I'm confident the Chinese government has at least a decent computer network exploitation capability. But it doesn't help anyone to continually hype the threat or by classifying criminal malware coming from china as cyber war.

As to the weapon system argument are you serious? You're right, I'm not a weapon systems expert. However, I think one can reasonable assume that in a war fighter planes get shot down in enemy territory. You can then assume the enemy will dissect every piece of the plane. If you believe some documents from unclassified internet systems yield more insight into a fighter than taking a few of them apart I don't buy it. And if that is enough information to effectively mitigate a multibillion dollar system in the matter of months it's craziness.

Finally, when did classic espionage become warfare? If spies broke into the contractors offices and got the documents it would be espionage. But if it's done through a computer it's warfare?

Matthew Wollenweber said...

Richard if you have specific evidence lay it out. I've worked with the DoD. I wrote network sensor software there. Currently I monitor 2 class B networks. I've also reversed several custom toolkits that appear to be from China in the last couple of months. I think I'm quite informed in regards to Chinese malware.

Perhaps GE has access to US intelligence that the rest of us don't? If so, are you using that intelligence here - wouldn't it be a security violation if you were confirming classified intelligence that you actually have?

Sorry your "trust me there's more" type attitude doesn't do it for me. If you have evidence present it. If not lets not pretend like you do.

My first hand experience with China is that most of their systems are unlicensed, unpatched, pieces of crap that are infected with ungodly amounts of malware and are constantly scanning and probing every network they can touch. Every piece of Chinese malware I've seen in the public space has been consistent with every other piece of criminal malware - mild data stealers, IRC botnets, spammers, and tools to drive traffic to porn.

Everything about the above I would characterize as criminal. There's nothing about it that seems like a military operation. Sure, the Chinese might have a public toolkit for deniability, but that's just a weak argument one uses for a lack of evidence.

I'm confident the Chinese government has at least a decent computer network exploitation capability. But it doesn't help anyone to continually hype the threat or by classifying criminal malware coming from china as cyber war.

As to the weapon system argument are you serious? You're right, I'm not a weapon systems expert. However, I think one can reasonable assume that in a war fighter planes get shot down in enemy territory. You can then assume the enemy will dissect every piece of the plane. If you believe some documents from unclassified internet systems yield more insight into a fighter than taking a few of them apart I don't buy it. And if that is enough information to effectively mitigate a multibillion dollar system in the matter of months it's craziness.

Finally, when did classic espionage become warfare? If spies broke into the contractors offices and got the documents it would be espionage. But if it's done through a computer it's warfare?

Richard Bejtlich said...

mwollenw: I'm afraid the more you say the less inclined I am to bother responding. Maybe you should stay on your own blog?

DMurph11 said...

I see your point but think it's important to separate espionage from war. Espionage/intelligence is a critical part of winning a war, but it is not war by itself.

We definitely need to do a better job of protecting our systems from espionage.

-Dan

mwollenw said...

Apologies for the multiple repeat comment posts. Google had responded with an error. On the material I obviously still disagree with your opinions. However, I didn't intend to spam the page with repeats of the same comment.