The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked. (popularmechanics.com)

← Back to Stories (view on slashdot.org)

The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked. (popularmechanics.com)

Posted by msmash on Thursday November 15, 2018 @07:25AM from the closer-look dept.

schwit1 shares a report: Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation's Central Point of Entry, which then passes it on to Lockheed's central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations. Another networking system is the Joint Reprogramming Enterprise, or JRE. The JRE maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet. For example, the JRE will seek out and share information on enemy radar and electronic warfare signals so that individual air forces will not have to track down the information themselves. This allows countries with the F-35 to tailor the mission around anticipated threats -- and fly one step ahead of them.

Although the networks have serious cybersecurity protections, they will undoubtedly be targets for hackers in times of peace, and war. Hackers might try to bring down the networks entirely, snarling the worldwide logistics system and even endangering the ability of individual aircraft to get much-needed spare parts. Alternately, it might be possible to compromise the integrity of the ALIS data -- by, say, reporting a worldwide shortage of F-35 engines. Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not. Even the F-35 simulators that train pilots could conceivably leak data to an adversary. Flight simulators are programmed to mirror flying a real aircraft as much as possible, so data retrieved from a simulator will closely follow the data from a real F-35.

69 of 137 comments (clear)

Min score:

Reason:

Sort:

That's two wring guesses. Try again by raymorris · 2018-11-15 07:31 · Score: 1

Neither of those. Care to try again?
1. Re:That's two wring guesses. Try again by fahrbot-bot · 2018-11-15 07:46 · Score: 2
  
  in C/C++?
  Neither of those. Care to try again?
  COBOL?
  
  --
  It must have been something you assimilated. . . .
2. Re:That's two wring guesses. Try again by Sarten-X · 2018-11-15 07:57 · Score: 3, Funny
  
  Considering the size of the program, I'd be more surprised if any language wasn't involved somewhere.
  When I worked in defense, the only rules on languages for one component (a sub-contract to a sub-contract) was that it had to be more than 10 years old, with compilers still supported. I suggested INTERCAL. The engineers laughed, and my boss was pissed, but he couldn't object. I suggested Java. He was happier, but the engineers weren't. I think we settled on Perl for that component...
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
3. Re:That's two wring guesses. Try again by Ksevio · 2018-11-15 08:08 · Score: 3, Insightful
  
  I'm guessing Ada - defense contractors love that
4. Re:That's two wring guesses. Try again by sconeu · 2018-11-15 09:03 · Score: 3, Informative
  
  Mulitple languages... Ada for sure, and also C++, and probably others.
  C++ coding standards for JSF. http://www.stroustrup.com/JSF-AV-rules.pdf
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
5. Re:That's two wring guesses. Try again by 0100010001010011 · 2018-11-15 09:07 · Score: 2
  
  There's C++ in there, they bill it as such.
  
  We were once required to use a MIL-STD-1760 processor with Ada or other military languages; now we use commercial PowerPC with C++."
  source
  Here's their toolchain: https://www.ghs.com/AerospaceD...
  From RTOS to IDE to Compiler, GHS the only name in this space.
6. Re:That's two wring guesses. Try again by Archtech · 2018-11-15 09:51 · Score: 2
  
  I'm guessing Ada - defense contractors love that
  People who want to fly and stay alive love Ada.
  
  --
  I am sure that there are many other solipsists out there.
7. Re: That's two wring guesses. Try again by Archtech · 2018-11-15 09:52 · Score: 1
  
  The F35 contains a lot of C++ code, with very stringent coding guidelines.
  That explains a lot.
  
  --
  I am sure that there are many other solipsists out there.
8. Re: That's two wring guesses. Try again by Type44Q · 2018-11-15 10:29 · Score: 1
  
  Turbo Pascal?
9. Re: That's two wring guesses. Try again by hey! · 2018-11-15 10:47 · Score: 1
  
  Emacs Lisp?
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
10. Re: That's two wring guesses. Try again by Plus1Entropy · 2018-11-15 19:23 · Score: 1
  
  One misplaced space in the source code could mean a whole new backdoor to let the Russians in.
  Could you please cite this vulnerability? I'm genuinely curious.
  
  --
  Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Lockheed takes this pretty seriously by raymorris · 2018-11-15 07:33 · Score: 2

Lockheed takes the security of this system, and all of their weapons systems, pretty darn seriously.
1. Re:Lockheed takes this pretty seriously by Anonymous Coward · 2018-11-15 07:39 · Score: 1
  
  So do Microsoft and Intel.
2. Re:Lockheed takes this pretty seriously by BringsApples · 2018-11-15 08:14 · Score: 1
  
  Proof?
  
  --
  Politics; n. : A religion whereby man is god.
3. Re:Lockheed takes this pretty seriously by currently_awake · 2018-11-15 08:57 · Score: 1
  
  China has an aircraft that is said to be a copy of the F35. The plans for the F35 should be better protected than the Alis data, since they don't need to be remotely accessed.
4. Re: Lockheed takes this pretty seriously by Type44Q · 2018-11-15 10:31 · Score: 1
  
  The problem isn't Lockheed's seriousness; the problem is Lockheed.
5. Re:Lockheed takes this pretty seriously by rtb61 · 2018-11-15 12:57 · Score: 1
  
  Obviously the idiot countries buying the F35 flying pig, take their defence a whole lot less seriously. WTF? a US corporation can control all F35s at all times, put them straight out of the air if it wants to. You totally dumb fuckers, you are not buying aircraft you are renting them, wait until the next model comes out, the current model will fall out of the sky like nobodies business. Seriously what are you stupid fuckers thinking.
  
  --
  Chaos - everything, everywhere, everywhen
6. Re:Lockheed takes this pretty seriously by liquid_schwartz · 2018-11-15 13:44 · Score: 1
  
  Lockheed takes the security of this system, and all of their weapons systems, pretty darn seriously.
  Then how did this happen? https://en.wikipedia.org/wiki/...
7. Re:Lockheed takes this pretty seriously by arglebargle_xiv · 2018-11-15 22:09 · Score: 1
  
  They're serious about software update security, I've seen the manual, it's just:
  
  curl -sSL https://firmware-upgrade-f35.lockheed.com/ | bash
  
  As you can see, they use SSL, so it's perfectly safe.
Greatest? by mi · 2018-11-15 07:42 · Score: 4, Insightful

The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked.
Although we should not discount the danger of such hacks, I doubt, it is the greatest vulnerability of the weapon.
TFA goes to great length explaining the potential dangers, but offers no justification for using "the greatest" in the title... Seems like a cheap sensationalism...

--
In Soviet Washington the swamp drains you.
1. Re:Greatest? by PPH · 2018-11-15 07:51 · Score: 2
  
  Not by a long shot. The greatest vulnerability would be fueling an F-35 from a truck painted something other than white.
  
  --
  Have gnu, will travel.
2. Re:Greatest? by DCFusor · 2018-11-15 08:13 · Score: 1
  
  How can you hack something that doesn't even always run as it is? Did ALIS suddently start working and become highly available? Last I heard....not so much.
  You gotta fly before you can crash. (but you can burn without flying!)
  
  --
  Why guess when you can know? Measure!
3. Re:Greatest? by Nidi62 · 2018-11-15 08:37 · Score: 2
  
  The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked.
  Although we should not discount the danger of such hacks, I doubt, it is the greatest vulnerability of the weapon.
  TFA goes to great length explaining the potential dangers, but offers no justification for using "the greatest" in the title... Seems like a cheap sensationalism...
  Right now the biggest danger to the F-35 fleet are pilots passing out due to oxygen flow issues.
  
  --
  The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
4. Re: Greatest? by Type44Q · 2018-11-15 10:32 · Score: 1
  
  it is the greatest vulnerability of the weapon.
  Nope, that would likely br gravity. Pedantic much?
A non-story by Sarten-X · 2018-11-15 07:46 · Score: 4, Insightful

TFA reads like FUD. If I were trying to sell my services as a cybersecurity contractor, this is the kind of crap I'd write. Essentially, it boils down to "complexity is bad", and "wireless is scary".
I've worked defense contracts. They're always trying to "shore up vulnerabilities", and always making a big deal about every tiny detail that isn't perfectly in compliance with a rule written for an entirely-different scenario. Exceptions are the norm. That doesn't mean the system is actually vulnerable to any attack, or even that a possible attack would be successful.
Now, I'm not suggesting that anyone stop looking at security, especially in such important systems... I'm just saying that shouting about generic insecurity doesn't improve anything, and in fact makes things worse by encouraging a checklist-based approach to compliance.

--
You do not have a moral or legal right to do absolutely anything you want.
1. Re:A non-story by Drethon · 2018-11-15 08:28 · Score: 3, Interesting
  
  TFA reads like FUD. If I were trying to sell my services as a cybersecurity contractor, this is the kind of crap I'd write. Essentially, it boils down to "complexity is bad", and "wireless is scary".
  I've worked defense contracts. They're always trying to "shore up vulnerabilities", and always making a big deal about every tiny detail that isn't perfectly in compliance with a rule written for an entirely-different scenario. Exceptions are the norm. That doesn't mean the system is actually vulnerable to any attack, or even that a possible attack would be successful.
  Now, I'm not suggesting that anyone stop looking at security, especially in such important systems... I'm just saying that shouting about generic insecurity doesn't improve anything, and in fact makes things worse by encouraging a checklist-based approach to compliance.
  I don't know how the F-35 handles network security, but I found this a fascinating read for network security for a military UAV prototype helicopter: https://journals.plos.org/plos...
IOT on a new level by kiviQr · 2018-11-15 07:51 · Score: 1, Funny

I did not know that F35 were considered IOT devices. Any one has a link to live webcam?
1. Re:IOT on a new level by Anonymous Coward · 2018-11-15 10:16 · Score: 1
  
  If the avionics systems are connected to the internet that is called:
  Id1oT.
2. Re: IOT on a new level by Type44Q · 2018-11-15 10:35 · Score: 1
  
  Any one has a link to live webcam?
  Fuck that; how about RC/FPV with our Fat Sharks?
I wonder if I can use Shodan to find F-35s by sinij · 2018-11-15 07:53 · Score: 3, Funny

I wonder if I can use Shodan to find F-35s?
1. Re:I wonder if I can use Shodan to find F-35s by grep+-v+'.*'+* · 2018-11-15 14:47 · Score: 1
  
  I wonder if I can use Shodan to find F-35s?
  You COULD, but they're not there if you look, only if you ping. And if it's flying greater than Mach 1 even that'll be in the wrong place. ;-)
  
  --
  If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
Cloud services suck ass by rtkluttz · 2018-11-15 08:00 · Score: 1

Everywhere

--
Digital is, by definition, imperfect. Analog is the way to go.
Nah by argStyopa · 2018-11-15 08:03 · Score: 1

It's greatest vulnerability? Its own cost.
At $85 million per plane, that probably resulted in several hundred aircraft that were supposed to be purchased, never being bought - far more than will ever be brought down in combat.

--
-Styopa
1. Re:Nah by Dorianny · 2018-11-15 08:21 · Score: 2
  
  It's greatest vulnerability? Its own cost.
  At $85 million per plane, that probably resulted in several hundred aircraft that were supposed to be purchased, never being bought - far more than will ever be brought down in combat.
  The only comparable Fighter is the Advanced Super Hornet F/A-18F and Boeing is pricing it at $80 million. Not exactly tremendous savings
2. Re:Nah by sycodon · 2018-11-15 08:23 · Score: 1
  
  The planned acquisitions is in the thousands (2,443).
  The more that are bought the cheaper they become as sunk costs are recovered.
  
  --
  When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
3. Re:Nah by currently_awake · 2018-11-15 09:01 · Score: 1
  
  It's not $85 million. The current design has hundreds of critical flaws that must be fixed, and Lockheed won't do that for free. Expect to pay another $100 million for repairs to get a working aircraft.
Crash and Burn by PopeRatzo · 2018-11-15 08:04 · Score: 1, Offtopic

What we spent on these stupid fucking planes that we're never going to use would be enough to pay for universal health care AND shore up social security for decades to come.
I mean, as long as we're borrowing the money anyway, can we please invest it in people and not dumb shit?

--
You are welcome on my lawn.
1. Re:Crash and Burn by PopeRatzo · 2018-11-15 09:06 · Score: 2
  
  Defense is the FIRST and most important function of the Government.
  The F-35 has nothing to do with "defense".
  
  --
  You are welcome on my lawn.
2. Re: Crash and Burn by Type44Q · 2018-11-15 10:41 · Score: 1
  
  Unless they get hit on the ground, they'll see use.
  Unfortunately.
3. Re: Crash and Burn by Type44Q · 2018-11-15 10:44 · Score: 1
  
  I'm not so sure about that; VTOL capability, more than anything else, means far less vulnerability due to runways getting destroyed.
  Pretty sure that's a defensive matter...
4. Re:Crash and Burn by PopeRatzo · 2018-11-16 07:55 · Score: 1
  
  But I see no reason to skimp on the military in order to feed the parasites.
  But what if the military and military contractors are actually the parasites?
  
  --
  You are welcome on my lawn.
5. Re:Crash and Burn by PopeRatzo · 2018-11-16 07:59 · Score: 1
  
  The F35 has an expected $857 billion full life cycle cost over 53 years.
  
  Since the F-35 first hit the drawing board in 1992, I'm not sure where the "53 years" comes from. Maybe you're using military math.
  Plus, when did you ever hear of a military program that actually came in at it's expected expenditure? Originally, the price tag for the F-35 was supposed to be about $50 billion. We're up to $857 billion and counting (and that's a very conservative estimate).
  
  --
  You are welcome on my lawn.
6. Re:Crash and Burn by PopeRatzo · 2018-11-16 10:52 · Score: 1
  
  The F35 program is expected to end in 2070
  Seriously, the F35 program will be 80 years old in 2070. Do you really think the F35 will still be viable sixty years from now? For comparison, the F8 Crusader's lifespan was 45 years from first flight to when it was retired.
  Let's not bullshit: The F35 program is not about the F35 being used by the military, but being sold by Lockheed Martin. It was a taxpayer-funded boondoggle from the beginning. There are moral and practical arguments for why universal health care would be good for the country (and its citizens). There are no such arguments for the F35.
  
  --
  You are welcome on my lawn.
7. Re:Crash and Burn by PopeRatzo · 2018-11-16 17:26 · Score: 1
  
  Assuming there isn't another major conventional war that forces major shifts in tactics, or some other major development in weapons technology?
  Major shifts in tactics aren't forced by conventional wars, but by asymmetric warfare.
  
  One of the major roles of government is mutual defense of the citizens from external threats.
  Our military budget hasn't been spent on the mutual defense of the citizens from external threats for at least 70 years. Some would say that the last time the US military defended US citizens from external threat was more like 150 years ago. So your argument is completely irrelevant to the F-35. It will not be used to defend US citizens. Ever.
  
  Saying that single fighter program could somehow fund the entirety of US healthcare is wrong and social security is baseless and wrong.
  That's actually not what I said. I'm saying it would fund the difference between what we're spending now on health care and what universal health care for all Americans would cost and still have enough left over to make Social Security solvent for many decades.
  
  --
  You are welcome on my lawn.
Re:Let me guess, the system is written by DickBreath · 2018-11-15 08:04 · Score: 1

Some dialect of BASIC maybe?

--

I'll see your senator, and I'll raise you two judges.
Comment removed by account_deleted · 2018-11-15 08:15 · Score: 1

Comment removed based on user account deletion
Power Mac G4s in the Sky. by 0100010001010011 · 2018-11-15 08:20 · Score: 5, Informative

It's more or less a PowerPC G4 right down to the Firewire bus.
Components were billed as "COTS". However those chips were still back when they were Motorola/Freescale

The system departed from the historical use of low speed Mil-Std-1553B busses, using the high speed Fibre Channel-Avionics Environment (FC-AE) serial bus for high speed internal interconnects.

built around PowerPC RISC processors - essentially a bigger and faster cousin to the 6U VME packaged PowerPC processors now being used in F-15E, F/A-18E/F and F-111C Block C-4.

"So we have designed for technology refresh, so at the appropriate time we can stop putting in the 1 GHz processor board and swap out to the 2 GHz board without having to go back and do any redesign. We were once required to use a MIL-STD-1760 processor with Ada or other military languages; now we use commercial PowerPC with C++."
http://www.ausairpower.net/APA...
https://www.militaryaerospace....
Slashdot cannot be the first to consider all this by Aristos+Mazer · 2018-11-15 08:21 · Score: 2

I find it impossible to believe that this is the first time any of these concerns have been brought up. Lockheed has a lot of very savvy and security-conscious engineers. Yes, the networks might be vulnerable to hacks. The question is whether that risk downside is worth the upside of these highly networked machines (say, avoiding friendly fire). I don't know what those tradeoffs are, but this article lacks any analysis of why these security risks were considered acceptable and what is done to mitigate them. Without that balancing content, this is just FUD and useless blather.
JRE? by cormandy · 2018-11-15 08:28 · Score: 2

The f15 was programmed using Java?????
Re:I am a little suspicious of this by PPH · 2018-11-15 08:44 · Score: 4, Interesting

Not constantly. This is a ground maintenance function. But if it can be monitored, an enemy can gain some valuable information about the status of your forces. And if it can be hacked, that enemy could effectively ground all your planes pending unneeded maintenance*.
*"I've just picked up a fault in the AE-35 unit. It is going to go 100 percent failure within 72 hours."

--
Have gnu, will travel.
Give me an A-10 anyday by neo-mkrey · 2018-11-15 08:51 · Score: 3, Insightful

"It Just Works"
Too expensive to risk Ground Support. by Zorro · 2018-11-15 08:57 · Score: 1

Yeah can't EVER get down to visual range or it will get bagged by a $100 MANPAD or a 12.7 MM machine gun.
Over teched by Anonymous Coward · 2018-11-15 09:38 · Score: 2, Interesting

I think were developing stuff that is over teched to a point of being fragile in a way. Especially in military environments you have to wonder how these incredibly technical machines can ever survive a war?
Bleeding edge [Re:Nah] by Tablizer · 2018-11-15 09:46 · Score: 2

Our military has traditionally accepted "ahead of the curve" jet designs, expecting that manufacturing and technology will eventually catch up. The theory is that you have to stay at least one step ahead of the enemy, otherwise your kill ratio will be close to 1-to-1.
While this philosophy has mostly worked, it has hippucced from time to time. The F-35 may be one of these hiccups.
For example, our planes had difficulty during the early phases of the Vietnam war because it was felt that air-to-air missiles would render dogfights obsolete, and our planes were designed with this assumption in mind. However, the missiles proved buggy, and the Soviet planes used their maneuverability against our planes and the missiles.
A combination of better missiles and improved training in "team based" tactics eventually overcame most of these problems, but we took a beating for a good while.
It could be argued the philosophy pays off more than it doesn't such that we should stick with it. However, we will get occasional expensive duds and/or whippings along the way.

--
Table-ized A.I.
1. Re: Bleeding edge [Re:Nah] by Type44Q · 2018-11-15 10:39 · Score: 1
  
  improved training in "team based" tactics
  NAS Miramar...
2. Re:Bleeding edge [Re:Nah] by phantomfive · 2018-11-15 12:11 · Score: 1
  
  For example, our planes had difficulty during the early phases of the Vietnam war because it was felt that air-to-air missiles would render dogfights obsolete, and our planes were designed with this assumption in mind
  Note this is also the assumption of the F-35 design.
  
  --
  "First they came for the slanderers and i said nothing."
3. Re:Bleeding edge [Re:Nah] by Comrade+Ogilvy · 2018-11-15 16:56 · Score: 1
  
  Missile guidance systems have gotten better and better with every decade. Flares can still confuse some dirt cheap systems, but how do you fool a well designed phased array radar? It is not the 80s anymore: Russia and China have access to excellent computer technology to build their guidance systems with. What they sell to the highest bidder today is both more lethal and cheaper than
  The bigger question is whether a big expensive craft carrying a pilot makes sense when you might have better mission capability with drones.
  And drones do not come home in flag draped caskets.
4. Re:Bleeding edge [Re:Nah] by phantomfive · 2018-11-15 17:08 · Score: 1
  
  It makes sense still to have a pilot because larger countries have the capability to jam GPS and other wireless signals.
  
  --
  "First they came for the slanderers and i said nothing."
5. Re:Bleeding edge [Re:Nah] by tinkerton · 2018-11-15 20:55 · Score: 1
  
  The ahead of the curve design is a euphemism for 'far too long development cycle'. In a rapidly changing environment it does not make sense to try and look decades ahead. In a short development cycle you can be allowed to have duds. Long development cycles are too big to fail.
  With the F35 the all-in-one approach exacerbates those weaknesses. The development process becomes bigger and the compromises become bigger.
  Except of course if you consider that these things are built to make money but not ment to be used in an actual conflict which tests their capabilities. Instead they get used to to things which can be done better by planes at a fraction of the cost.
Glassdoor by raymorris · 2018-11-15 09:54 · Score: 1

With Glassdoor you can see them hiring a lot of experienced security professionals, and see what the pay is, along with the qualifications they expect of everyone working on the system.
That's all from ONE open source intelligence resource, which anyone can see in less than 20 minutes.
If you happen to be a 20-year career veteran in the security space, working 25 minutes Lockheed headquarters and hanging out with their engineers at ISC2 meetings every month, you can really get to know their security culture if you're paying attention.
You can then easily position yourself, over the next 12 months, to have exactly the knowledge and references they'd like to see in a new hire, giving you an excellent backup plan whenever you decide to quit your job at $major_security_company.
1. Re:Glassdoor by BringsApples · 2018-11-15 10:18 · Score: 1
  
  I get your point, but I also work with a bunch of guys that are, on the surface, very intelligent and professional. They make a lot of money, and they seem happy with their lives. However this in no way seems to help them make good decisions when it comes to very basic operations in the work environment. When it comes to egos and personal interests, those things tend to forbid common sense.
  
  Sometimes, here at work, I feel like our ticketing system runs the same course as slashdot discussions. And the output from it is about as equal. We're not a security company, and I know that matters. I'm just pointing out that just because you met the people, you like them and they like you, doesn't mean that you can attest for the level of security accomplished there. For all you know, they're stuck in an echo-chamber like many other companies.
  
  Of course, there's also the chance that I also know nothing about their security and that it's comparable to Ft. Knox. Hopefully the latter is true, for the sake of our military overlords.
  
  --
  Politics; n. : A religion whereby man is god.
Oh dear, too late... by Archtech · 2018-11-15 09:56 · Score: 1

"As the plane finally reaches full production, the Air Force is racing to plug holes that could allow hackers to exploit the jet's connected systems—with disastrous results".
Major fail.
Security cannot be added like a bag on the side, as an afterthought. Since Mr Mizokami evidently thinks it can (as far as one can judge from his breathless prose) it's pretty obvious he doesn't know much about software or security.

--
I am sure that there are many other solipsists out there.
I see what you did there by William+Baric · 2018-11-15 12:05 · Score: 1

so that a pilot thinks she is safely outside the engagement zone when she is most certainly not
She? Considering that very few women have the physical aptitudes to become fighter pilots, considering that men will always be the best fighter pilots, I think the pronoun "he" should be used here. Seriously, can feminists stop trying to shove their crap down everyone's throat?
Let's not forget the worst enemy the date line ;-) by Lennie · 2018-11-15 12:22 · Score: 1

https://www.defenseindustrydai...

--
New things are always on the horizon
Half right - Emacs and systemd. Seriously though by raymorris · 2018-11-15 13:23 · Score: 1

It's written as Emacs and systemd modules. Nothing to worry about here!
In all seriousness, I was actually thinking of a different security contractor in town when I posted that. Lockheed asks F-35 candidates to know some of the following:
Go
Python
Java
Assembly
C / C++
The original post was actually somewhat correct.
Management priorities + technical skills by raymorris · 2018-11-15 13:32 · Score: 2

I figure management sets the overall tone and priorities, the culture. Management values security.
Their people have the ability and interest to deliver security.
So there is a pretty good chance that they do a good job. Lockheed isn't a customer of ours, so I haven't done a security audit of them. I do have enough information to make an educated prediction or hypothesis.
Of course that's relative to other companies. We do have banks as customers, so I know how bad / good some banks are regarding security. Overall, the software industry sucks at security and reliability. We need about four times as many *engineers* in the roles that have job titles like "senior software engineer". Engineering means designing things to meet known requirements based on proven design methods. Software is often built with little or no engineering involved.
1. Re:Management priorities + technical skills by pnutjam · 2018-11-16 05:03 · Score: 1
  
  I work for a small to midsize company that sells to enterprise customers. They are always poking at our security and making us do audits, normally in ways that degrade things.
  The open source stuff we use doesn't check their boxes and we end up shelling out for stuff that doesn't improve our security and adds another layer of integration (which of course degrades security).
  We're usually dealing with an HR style department so the hardest thing for companies to understand (aside from linux), is that security relies on culture as much as tools.
  
  --
  Cheap storage VM.
Maybe that's why. Maybe the Iran air force by raymorris · 2018-11-15 14:39 · Score: 1

We don't know how that happened, unfortunately. We do know the Iraqi air force had Russian-built fighter jets, so they certainly have the ability to shoot an aircraft down. They have have aerial refueling capability, the ability to fly precisely next to another aircraft and give it fuel, or even drop a cargo net on it.
The primary navigation system is inertial guidance, explicitly because spoofing GPS is pretty easy, so GPS spoofing wouldn't be a possibility that would be expected to work.
It *could* have had programming that said basically "if all your sensors are totally confused and you don't know what to do, land". The hobby version I designed and built does that. Then Iran and their allies would have needed to muck with the onboard gyroscopes and other sensors somehow.
What we I do have evidence of is that years later, Lockheed takes security seriously.
"each user helps improve the system for others" by jago25_98 · 2018-11-15 18:20 · Score: 1

Info-cartoon highlight:
"The system is unique because each user helps improve the system for others."
Wouldn't it be great if you could write messages to other users:
"Hi infidels. So glad we're finally using the same technology as you now. We've submitted so much feedback on the system but we've noticed maybe you need to contribute more. Perhaps we could get together over a coffee sometime? Lots of love, (insert evil dictator here)"
I just love this. It seems like something that was specifically designed by a techie smart enough to know war is stupid and boy, did they do a great job of building bridges. Or maybe life just imitates art with a bit of serendipity.

--
A blog I run for the wealth