APT Drives Up Bomber Cost

Bill Sweetman wrote a good article on the new Air Force bomber program titled USAF Bomber Gets Tight Numbers. I found the following paragraph interesting:

One factor will drive up the cost of the bomber’s R&D: its status as a SAP [Special Access Program]. SAP status — whether the program is an acknowledged SAP, as the bomber is likely to be, or completely black — incurs large costs. All personnel have to be vetted before they are read into the program. Information within the program is compartmentalized, reducing efficiency. SAP status has been estimated to add 20% to a program’s cost.

Security for SAP isn't cheap! Sweetman elaborates:

The most likely reason for this measure is the sensitivity of ELO [extreme low-observable] technology, combined with the fact that the U.S. is the target of what may be the most extensive and successful espionage program in history — China’s Advanced Persistent Threat.

How much is the new bomber supposed to cost?

The magic numbers for the bomber are a fleet size of 80-100 and a flyaway cost of $500 million.

So, that's $50 billion, assuming 100 aircraft at $500 million each? Let's assume that cost includes SAP fees. If SAP protection adds 20%, that means without SAP the cost would be roughly $42 billion.

That means, for this program alone, the APT costs the US taxpayer $8 billion.

I find this sort of article really interesting because it demonstrates a real-world cost due to ongoing computer intrusions perpetrated by the APT.

Comments

Anonymous said…
"The cost of one modern bomber is this...".

It gives me the creeps, how smart and how much ahead Theo was.
Mitchell said…
"it demonstrates a real-world cost due to ongoing computer intrusions perpetrated by the APT."

SAP status would be applied based on the damage caused if the program is compromised. The risk of computer intrusion is probably in the minority of the reasoning here.
Anonymous said…
First the $8B is based as if each of the 100 cost the same. After the first the base security would already be in place and would incur little if any additional cost.
Second most of the cost is likely NOT related to computer intrusions. Security costs would involve physical security, clearances, access controls, etc, etc.
Anonymous said…
SAP is just another security clearance level, similar to TS/SCI. There's a cost for any level of security clearance. This isn't big news, and it has little if anything to do with computer/information security by itself. Just as getting a TS/SCI clearance has little if anything to do with computer/information security. It's about ensuring the people staffing the project are trustworthy and not subject to compromise, blackmail, etc.
Anonymous said…
"it demonstrates a real-world cost due to ongoing computer intrusions perpetrated by the APT."

Read "Skunk Works" by Ben Rich. This same procedure, now called SAP, was in play in the 50s and 60s during development of the SR-71 and the original stealth fighter. Rich talks about how insanely inefficient it was. Get up for coffee or to hit the head? Everything on your desk needs to be cleared and locked up.

There was no Chinese APT at the time, biggest threat was Russian satellites. It still rendered designers encumbered by too many Ps and Qs. I'd venture 20% is conservative.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4