Air Force, industry seek to cyber-protect weapons, fighter jets

The Air Force is working closely with industry partners to strengthen cybersecurity for larger service platforms such as an F-22 or F-35 fighters.

“We have to understand that today’s weapons systems are not operating in isolation. They are operating as part of a netted enterprise. Each weapons system will interface with a broader DOD network,” said Allan Ballenger, vice president of the Air Force division at Engility Corp.

Engility was recently awarded a $31 million task order deal from the Air Force Life Cycle Management Center,  at Hanscom AFB, Mass.

The F-22, often referred to by Air Force developers as an “aerial quarterback,” relies upon data link technology connecting to other aircraft and ground stations as more of the F-22’s technologies and avionics--such as radar warning receivers, mission data files, navigation and target mapping systems--are computer based,

The emerging F-35’s “sensor fusion” is entirely contingent upon modernized computer algorithms able to help gather, organize and present combat-relevant information to a pilot by synthesizing otherwise disparate data  such as targeting, mapping and sensor data onto a single screen.

“The real focus is on the cyber vulnerability assessments across many Air Force platforms, such as command-and-control and battle management systems,” Ballenger said.

Engility’s focus is closely aligned with cybersecurity priorities recently articulated by senior Air Force leaders.  (For the Defense Systems story on Air Force Cybersecurity going on CLICK HERE)

Part of the focus, Ballenger explained, is to examine trends and current security controls with a mind to the kinds of attacks likely to emerge in the future against IT systems, platforms and networked weapons.

While increased interoperability among networks, weapons and platforms vastly expedites combat efficacy in a wide range of scenarios, Ballenger emphasized that greater connectivity can also increase vulnerability to malicious penetration and server attacks, among other problems.

“We are looking much earlier in the life cycle of these systems with a concern not just about their security but how they interface with other elements of the network. We want to embed cybersecurity earlier in the process,” Ballenger added.

Seeking to emulate threat vectors and anticipate potential methods of attack -- such as how a web-based application could be exploited or the extent to which a trap door may interact with other elements – is an important ingredient in establishing the most effective security protocols.

Also, much of this begins and ends with network IP protocol--codes which can both further enable interoperability between networks and systems while also possibly exposing networks to additional vulnerabilities

“When you have an IP address that is assigned to you, you need to have the appropriate controls in place to reduce that vulnerability,” Ballenger added.

The need for better information security extends from larger systems down to an individual soldier or airmen on a particular combat mission. Tactical Air Controllers are an instance cited where ground targeting technology is used to identify and secure targets for nearby air assets. This kind of air-ground synergy is itself reliant upon computer networking technologies, he explained.

“You do not want someone to manipulate data going from airmen on the ground to a shooter in the air,” Ballenger said.