Air Force scrambles to harden weapons systems

USAF Gen. Ellen M. Pawlikowski

Air Force Gen. Ellen Pawlikowski said cybersecurity must be addressed "as early as we can in the life cycle of a weapons system and a mission."

Cybersecurity needs to be incorporated into all weapons systems from the outset, said Gen. Ellen Pawlikowski, commander of Air Force Materiel Command.

At the Air Force Association's Air, Space and Cyber Conference, she said the Air Force is a year into executing its seven-point Cyber Campaign Plan.

Under the plan, which is expected to take five to seven years to fully execute, officials are looking for vulnerabilities with to the goal of hardening existing systems and ensuring that new ones are developed with cybersecurity in mind.

"We want...our contractor teammates, our government engineers and contracting officers and program managers and financial managers to have the tools and the understanding to address cybersecurity as early as we can in the life cycle of a weapons system and a mission," Pawlikowski said.

She added that the Air Force is putting together a group that will test the cybersecurity of weapons systems in the development and operational phases.

The other half of the initiative is making existing systems more secure and resilient. Pawlikowski said the F-16 shows the nature of the challenge. The computer test equipment, mission planning data (which could have been generated on a number of computer platforms), the plane's operational flight platform and its spectrum-based systems are some of its vulnerabilities.

"You find that there are cyberthreat surfaces all over the place," she said. "So if we want to talk about how we make sure the F-16 is cyber secure and resilient...we need to address each and every one of those threat surfaces."

One of the challenges of hardening systems is the mix of government and industry hardware and software, but she said the Defense Department is increasingly focusing on cybersecurity requirements in the contracting process.

"If you're going to do, for example, software development," Pawlikowski said, "you may actually see us in some cases, depending on the criticality, go back to the 'trusted foundry' concept, where if we're concerned about introducing vulnerabilities by a chip, that you need to buy your chips from [specific] vendors to ensure that you are compatible."

Still, she said it's important not to overly burden industry with requirements. "The thing that I want to be careful as we do that is we don't end up restricting our ability to leverage the full scope of what this American industrial base can provide," she added.

Although potential vulnerabilities can be introduced into weapons systems through commercial hardware and software, Pawlikowski said companies are increasingly concerned about security. She cited the financial sector as an area where industry is striving for greater security, which means that in some cases, industry can provide more secure code than government.

"I think it's a two-way street," she said. "I'd really like to see the industry get together and look at this in a team environment so that we can...have them engage in developing that common security environment and helping to share tools that are developed."

Pawlikowski said some of the other lines of action in the Cyber Campaign Plan are growing the cyber workforce (including creating a cybersecurity engineering team), standardizing the language and terminology used to discuss cybersecurity, and improving cyber intelligence to better anticipate and plan for future threats.

Some of the solutions will not necessarily involve new technology but better use of existing tools and resources, Pawlikowski said, adding that the current uncertainty about the defense budget is hindering progress on hardening weapons systems.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.