The F-35 Joint Program Office is looking to industry for ideas to improve the cybersecurity of the Lockheed Martin F-35 fighter and associated ground systems under a new JPO Cybersecurity and Cyber Defense Challenge.
The JPO cyber team “is seeking innovative solutions to inform and integrate cyber event detection and response capabilities, meant for Real-Time Operating Systems (RTOS) and Platform Information Technology (PIT) systems, including but not limited to communication busses such as 1394, 1553, TCP/IP,” according to a Feb. 9 business notice. “A critical consideration for potential technologies will be minimal Size, Weight, and Power requirements.”
Such F-35 resistance to cyber attacks would mean that pilots would be less likely to receive false navigational and targeting data from adversary hackers. Cybersecurity concerns for the F-35 fighter and the program are not new.
In 2015, the German magazine Der Spiegel released documents provided by Edward Snowden, a former National Security Agency contractor at Booz Allen Hamilton, that suggested that China had been able to obtain plans on the F-35 from hacking a program subcontractor in 2007–efforts that helped China build its J-31 fighter. Since then, the Pentagon has instituted a Cybersecurity Maturity Model Certification (CMMC) program to help prevent such breaches.
“Cyber security, resilience, and survivability of the F-35 air system are critical to national security and necessary to maintain air dominance in any future conflict,” per the Feb. 9 business notice. “This challenge release is the first stage of a multi-stage selection process to augment existing security by developing and integrating promising technologies onto the F-35 aircraft and supporting ground systems. Proposed technologies should expand on traditional cybersecurity approaches to meet the unique needs of the air system, such as automated inflight detection and response, to increase its cyber resilience and survivability.”
The JPO said that it is seeking industry, academia, and government partners “to develop and integrate technologies to be a part of an aircraft-based real-time capability to enhance resilience through automatically detecting, responding, and/or recovering from a range of cyber events (IP and non-IP based) to mitigate existing and emerging threats.”
“Proposals should support an increase in capability to anticipate a threat, withstand a threat, and/or assure mission essential functions, thus increasing the resiliency and survivability of the aircraft,” the JPO said. “Solutions may also include methods to alert pre-flight, in-flight, and post-flight, and isolating or preventing various attack attempts in a way that does not impact/hinder flight safety, both during and after anomaly/event isolation (e.g. fail-safe).”
The JPO said that the challenge’s ultimate goal is “to integrate new advances in cyber protection capabilities into the F-35 architecture to increase mission assurance.”
“The optimal solution will leverage open system design and cyber resiliency principles to facilitate the integration of components (hardware/software/firmware) from various sources and allow for seamless updates and technology insertions to respond to emerging cybersecurity threats,” the program said.