Tag Archives: F-35

First F-35's STOVL propulsion system in-flight test video

The F-35B Lightning II short takeoff/vertical landing (STOVL) currently deployed at NAS Patuxent River conducted the first of a series of planend STOVL propulsion system in flight tests that will include short takeoffs, hovers and vertical landings. Piloted by the F-35 Lead STOVL Pilot Graham Tomlinson of BAE Systems, the aircraft took off at 1:53 p.m. EST, climbed to 5,000 feet and engaged the shaft-driven LiftFan propulsion system at 210 knots (288 mph), then slowed to 180 knots (207 mph) with the system engaged before accelerating to 210 knots and converting back to conventional-flight mode. The STOVL propulsion system was engaged for a total of 14 minutes during the flight. The aircraft landed back at 2:41 p.m. EST. The testing campaign will continue in the next week. Progressively, the aircraft will fly slower, hovering and ultimately landing vertically. Dan Crowley, Lockheed Martin executive vice president and F-35 program general manager, commented: “The joint F-35 industry and government team has already shown during extended ground tests that the STOVL propulsion system performs well, and thousands of hours of component testing has validated its durability. Now we are seeing early proof that the system operates in flight as our team predicted”.
The following video was released by Lockheed Martin and shows the aircraft engaging the LiftFan system while being chased by a Navy F-18B.

F-35 JSF: not an open source platform

I’ve recently read with much interest a Reuters news dealing with the software code that the controls the F-35. According to the article, a senior Pentagon program official has affirmed that no foreign partner will be granted access to the source code of the Joint Strike Fighter. Even if it is not clear which computer hosts such an important code, the 8 million lines software code (!) will not be made available to any of the 8 partners that have co-financed the F-35 development (Italy comprised) told Reuters Jon Schreiber, who heads the program’s international affairs. Instead, the US will set up a reprogramming facility, most probably at Eglin AFB in Florida, where F-35 software will be developed in order to provide the required upgrades.
New aircraft largely depend on software. The Italian Eurofighters are among them. The Italian Typhoon fleet is made by single seaters F-2000As and two seaters F-2000Bs in many different configurations: Block 1, 1B, 2, 2B, 5, 8 and 8B. Aircraft of different Blocks are much similar one another externally, as the main differences deal with the software releases. Functionalities evolve in terms of production software packages (PSPs): the manner in which the aircraft fight, employ the weapons, communicate and exchange data with other assets, largely depend on the PSP software version. However, “new” is not “better”: some of the aircraft hosting the old version of the software are more efficient and capable of the new aircraft coming with the “beta releases”, as the old software has been completely developed while the new one is in the early development stages. That’s why Italian Tranche 1 Typhoons are currently more mission capable of the recently delivered Tranche 2 examples.

F-35B and F-35C

A few days ago I wrote a post about the F-35 Lightning II is a fifth-generation, single-seat, single-engine, stealth multirole fighter, that will also equip the Aeronautica Militare (Italian Air Force, ItAF) and the Marina Militare, that will use the F-35B from the new Cavour STOVL aircraft carrier. In spite of a carrier variant designated F-35C, the RAF and Royal Navy will use the B variant from aircraft carriers and the U.S. Marines Corps are investigating the use of the Ship-borne Rolling and Vertical Landing (SRVL) method to operate F-35Bs from the aircraft carrier without disrupting carrier operations as the landing method uses the same pattern of approach as wire arrested landings. The F-35C carrier (whose only user will be the US Navy to replace the “legacy Hornets” and complement the Super Hornets) variant will be much similar to the A and B versions, but will have larger, folding wings and larger control surfaces for improved low-speed control. The aircraft will also be equipped with a stronger landing gear and hook for the stresses of carrier trap landings.

The following front, side and top views of the three variants will give an idea of the main differences among the F-35A, B and C.

First "naval" JSF lands at NAS Patuxent River

During my visit to the USS Nimitz in the Indian Ocean last month, I had the opportunity to see the Boeing F/A-18E/F Super Hornets in action. The Super Hornet is a 4.5+ generation naval multirole aircraft that was delivered to the US Navy in 1999 to replace the F-14, the S-3 and, in the long term, the F/A-18C and D Hornet.
Even if the “Rhino” (as the aircraft has been dubbed to distinguish it from the “legacy Hornet”) is the most advanced aircraft in the USN inventory, its replacement is already flying and undertaking flight testing: on Nov. 15, the first Lockheed F-35B Joint Strike Fighter (JSF) landed at Naval Air Station (NAS) Patuxent River, Md. The test aircraft, known as BF-1, after departing from Lockheed facility in Fort Worth, landed at Pax River after a stop in Dobbins Air Force Base, Ga.
BF-1 is the first of five test F-35B STOVL (Short Take-Off Vertical Landing) variants to be assigned to the air station. BF-2 is expected to arrive by the end of this year and BF-3 will follow shortly behind that, Lockheed spokesman John Kent said. The air station also will be home to three Navy carrier test variants. Before the aircraft can complete its first vertical landing, it must go through a transition phase. When regular airplanes fly, lift is created from the wing. But for hovering jets such as the F-35B, it is created from the jet itself. The transition phase is expected to include a series of flights, during which the aircraft will practice slowing down and transitioning lift from the wing to the jet — a critical step before an actual STOVL flight. Additional testing will include flying with different weight loads and ordnance payloads, according to a Marine release. “I’m anxious to have our engineers, our test pilots and our operators get their hands on this jet, and then see what we can do to turn test points and sorties at a rapid rate during the coming months,” said Lt. Gen. George J. Trautman, the deputy commandant for aviation, in a release. Eventually the Joint Strike Fighter will replace the F/A-18 Hornet, AV-8B Harrier, and the EA-6B Prowler. Marine Fighter/Attack Training Squadron-501, the first squadron that will train Marine JSF pilots and maintainers, is expected to stand up at Eglin Air Force Base, Fla., in April 2010 as part of the Joint Integrated Training Center. The first operational squadron will stand up in 2012. Even the Marina Militare (Italian Navy) is expeceted to receive 22 naval JSF that will replace the AV-8B+ Harrier and will operate from the new Italian aircraft carrier Cavour (that can accomodate 8 – 10 F-35B).

An F/A-18F of the VFA-41 and an E of the VFA-14 overflying USS Nimitz (courtesy USS Nimitz)

The BF-1 arrives at Patuxent River (Lockheed)

The BF-1 arrives at Patuxent River (Lockheed)

About the hack into the F-35 Lightning II JSF (Joint Strike Fighter) project

In the last couple of days, I was asked by many friends and colleagues about the recent Wall Street Journal news that top secret details about the Lockheed F-35 JSF (Joint Strike Fighter) were stolen by hackers that were able to gain access to the Pentagon network.

According to the reports, Information Leakage dealt with thousands of confidential files that were compromised over the past two years. The data related to the electronics systems and avionics of the JSF. Some sources claimed Terabytes (!) of data were stolen: design and performance statistics of the fighter, as well as the system used by the aircraft to conduct self-diagnostics during flight. The intruders were able to compromise the data by gaining access to the computers of Pentagon contractors in charge of designing and building the aircraft.

These were the facts, more or less reported the same way by many newspaper, agencies and web magazines.

“How was that possible?” is the first thing that came to my mind.

If those files were so sensitive, they had to be protected by applying a series of countermeasures aimed to prevent Integrity, Confidentiality and Availability of information (i.e. data) from being compromised. The three attributes1 are the basis of Information Security. By evaluating the impact that the loss of any of those attributes for a particular type of asset (meaning information at the higher possible level = data, documents, personal computer, hardware, software, oral communication, people, company’s reputation, etc) you can understand which assets require particular countermeasures and which other are less critical and require “loose” security measures.

For example, it is obvious that the file containing the office numbers of all the employees is less important than the file containing the detailed description of the weaknesses of the passive and active countermeasures of the F-22. So, you shouldn’t worry about the security of the group telephone and address book, but you should invest a lot (in terms of security devices, training, policies and procedures of course) to protect the survey about the weaknesses of the F-22 self-protection suite.

The entire process that goes from the evaluation of the Risk (Risk Analysis) to the ways to manage the Risk (Risk Treatment), is named Risk Management. You can’t say an asset is secure or not if you don’t put into relation the value of the asset (under the organisation’s perspective) and its peculiar threats.

Since Risk Management is paramount to address the investments on Information Security, organisations all around the world perform Risk Assessment and consequent Risk Treatment continuously. he Risk Management enables an organisation to manage the Risk’s lifecycle; after applying the countermeasures, an organisation is called to test their effectiveness and to fill the gap between the expected security level and the actual one (in accordance with the Plan Do Check Act or Deming Cycle paradigm).

Let’s get back to the presumed JSF hack.

For sure, someone who was not authorized to, was able to gain access to particular file –> Confidentiality break.

Even if I have no idea how the Pentagon network is protected I’m sure there are plenty of Firewalls, Authentication Servers, Intrusion Prevention Systems, Document Right Management and many other technical and procedural countermeasures to protect the sensitive information. If the stolen files were so critical, it is hard to believe they were so simply available on contractor’s computers.

So, there are three possibilities:

  1.  the data was not secured because it was not deemed to be critical
  2. since the risk can’t be avoided but just reduced (you can’t ever be 100% secure), there were a series of breaches that enabled the information to be leaked despite data was protected in a (most probably) heavily defended network architecture.
  3. Pentagon has no basic idea on how to deal with Information Security

I pick the first, since the second one is simply unlikely (but still possible) and I believe the third is just impossible for a nation where Network-Centric Warfare was pioneered. The second option is also possible but the more the information was critical, the less the possibilities that a security breach could remain undetected for 2 years (enabling leakeage of TB of data…).

1 Let’s quickly explain the meaning of the attributes:
Confidentiality: Assurance that information is shared only among authorised persons. Breaches of Confidentiality can occur when data is disclosed in any way (for example, watching the content of a document, eavesdropping a conference call, accessing private records, and so on).
Integrity: Assurance that the information is authentic and complete. Therefore, this attribute refers to the need to keep the data as it is, without any change. Information must be trusted.
Availability: Assurance that the data is available when needed. Leak of availability occurs if any network failure prevent an authorized user to gain access to a file stored in a Server.

Salva