By Ann Scott Tyson and Dana Hedgpeth
Washington Post Staff Writers
Wednesday, April 22, 2009
The Pentagon and Lockheed Martin, the lead defense contractor for the new F-35 Joint Strike Fighter, suggested yesterday that cyber-attacks had not caused any serious security breaches in the Pentagon's most expensive weapons program.
Still, defense and corporate officials said attacks on the Pentagon as well as the F-35 program are constant, and former defense officials familiar with the program said some of the F-35's less sensitive systems have been infiltrated by cyber-intruders.
"We know we are probed on this every day. We have very aggressive defensive systems. The more sensitive the information, the greater the safeguards are," said Pentagon spokesman Bryan Whitman. He said he was not aware of any sensitive F-35 technology having been compromised by a cyber-attack.
The comments came in response to a Wall Street Journal story Monday reporting that cyber-attackers copied and siphoned off data related to design and electronics systems, "potentially making it easier to defend against the craft."
The F-35 is the Pentagon's most expensive, complex and ambitious aircraft program. According to program estimates, the total investment required in the F-35 exceeds $1 trillion -- more than $300 billion to buy 2,456 aircraft and $760 billion to keep them flying beyond their expected life cycle.
The program has been troubled by cost overruns and delays. Some analysts said cyber-attacks could further delay delivery of the first aircraft.
In a conference call with Wall Street analysts to discuss the company's first-quarter earnings, Lockheed Martin Chief Financial Officer Bruce L. Tanner said, "To our knowledge there's never been any classified information breach." He went on to say, "Like the government, these attacks on our systems are continuous, and we do have stringent measures in place to both detect and stop these attacks."
Troy J. Lahr, a defense industry analyst at Stifel Nicolaus, said the news of any security breach would probably "shake up people in Congress" and lead to a push for more money to fund cybersecurity.
Jim McAleese, who has worked as a consultant to Lockheed and other major defense companies, said it appears that the information the attackers got would not allow crucial insights into the aircraft's software codes, radar or electronic warfare systems.
He said it appears that the spies got information on operations and maintenance of the aircraft, which he described as "materials that have very few details to make the aircraft vulnerable."
"They'll have very little information other than how you maintain the aircraft," he said. "They'd know, for example, at what number of hours do the engines get checked, or the procedures for maintaining the stealth coding," but "they wouldn't have information about key parts," he said.
Former defense officials confirmed that more than a year ago cyber-attackers had penetrated the F-35's logistics system.
"It was not sensitive -- not an area that was very critical," one official said. "Everyone went on an alert status, and most of the programs left vulnerable were fairly minor," he said, adding that the critical areas of the program are kept on an off-line computer system. President Obama is reviewing recommendations from a comprehensive interagency assessment of the government's cybersecurity efforts, seeking to ensure that public- and private-sector efforts are properly funded and coordinated and that the White House is organized to attack the problem.
A recent Pentagon report on China's military power noted that cyber-attacks on the United States had been traced back to the communist nation.
Staff writer Spencer S. Hsu contributed to this report.