The information technology backbone of Lockheed Martin's F-35 joint strike fighter is its autonomic logistics information system, or ALIS. However, as the latest iteration of the system--known as version 3.0--prepares to be rolled out later this year, one Pentagon agency has said the program faces risks.
Robert F. Behler, the Defense Department's director of operational test and evaluation, said the system--which allows operators to plan, maintain and sustain the aircraft throughout its lifecycle--has cyber vulnerabilities, deficiencies and is at risk of schedule delays.
"ALIS is designed to bring efficiency to maintenance and flight operations, but it does not yet perform as intended due to several unresolved deficiencies," he said in the fiscal year 2017 DOT&E annual report which was released in January.
In 2017, the joint strike fighter operational test team, or JOTT, conducted two evaluations of ALIS version 18.104.22.168 to include the cooperative vulnerability and penetration assessment and the adversarial assessment.
The testing included all three components of the system: the autonomic logistics operating unit, which serves as the collection point and hub for global F-35 logistics data; the central point of entry, the component that collects and stages data distributed to and from the field; and the squadron kit, an operational component at the field units, according to the report.
"Cybersecurity testing in 2017 showed that some of the vulnerabilities identified during earlier testing periods still had not been remedied," the report said. "More testing is needed to assess the cybersecurity structure of the air vehicle and supporting logistics infrastructure system... and to determine whether, and to what extent, vulnerabilities may have led to compromises of F-35 data."
According to the report, not all of the testing associated with the adversarial assessment was completed due to circumstances out of the JOTT's control. The team planned to reschedule those tests for 2018, it noted.
"The program should fully complete end-to-end cybersecurity testing on all three levels of ALIS for each of the planned updates to ALIS software," the DOT&E report said.
When asked about the report's findings, Reeves Valentine, vice president for F-35 logistics at Lockheed Martin, said ALIS' cyber protections were sound.
"We believe our cybersecurity is very good," he said in an interview. "We'll continue to adapt to threats and continue to upgrade and make...