Air Force scrambles to harden weapons systems

USAF Gen. Ellen M. Pawlikowski

Air Force Gen. Ellen Pawlikowski said cybersecurity must be addressed "as early as we can in the life cycle of a weapons system and a mission."

Cybersecurity needs to be incorporated into all weapons systems from the outset, said Gen. Ellen Pawlikowski, commander of Air Force Materiel Command.

At the Air Force Association's Air, Space and Cyber Conference, she said the Air Force is a year into executing its seven-point Cyber Campaign Plan.

Under the plan, which is expected to take five to seven years to fully execute, officials are looking for vulnerabilities with to the goal of hardening existing systems and ensuring that new ones are developed with cybersecurity in mind.

"We want...our contractor teammates, our government engineers and contracting officers and program managers and financial managers to have the tools and the understanding to address cybersecurity as early as we can in the life cycle of a weapons system and a mission," Pawlikowski said.

She added that the Air Force is putting together a group that will test the cybersecurity of weapons systems in the development and operational phases.

The other half of the initiative is making existing systems more secure and resilient. Pawlikowski said the F-16 shows the nature of the challenge. The computer test equipment, mission planning data (which could have been generated on a number of computer platforms), the plane's operational flight platform and its spectrum-based systems are some of its vulnerabilities.

"You find that there are cyberthreat surfaces all over the place," she said. "So if we want to talk about how we make sure the F-16 is cyber secure and resilient...we need to address each and every one of those threat surfaces."

One of the challenges of hardening systems is the mix of government and industry hardware and software, but she said the Defense Department is increasingly focusing on cybersecurity requirements in the contracting process.

"If you're going to do, for example, software development," Pawlikowski said, "you may actually see us in some cases, depending on the criticality, go back to the 'trusted foundry' concept, where if we're concerned about introducing vulnerabilities by a chip, that you need to buy your chips from [specific] vendors to ensure that you are compatible."

Still, she said it's important not to overly burden industry with requirements. "The thing that I want to be careful as we do that is we don't end up restricting our ability to leverage the full scope of what this American industrial base can provide," she added.

Although potential vulnerabilities can be introduced into weapons systems through commercial hardware and software, Pawlikowski said companies are increasingly concerned about security. She cited the financial sector as an area where industry is striving for greater security, which means that in some cases, industry can provide more secure code than government.

"I think it's a two-way street," she said. "I'd really like to see the industry get together and look at this in a team environment so that we can...have them engage in developing that common security environment and helping to share tools that are developed."

Pawlikowski said some of the other lines of action in the Cyber Campaign Plan are growing the cyber workforce (including creating a cybersecurity engineering team), standardizing the language and terminology used to discuss cybersecurity, and improving cyber intelligence to better anticipate and plan for future threats.

Some of the solutions will not necessarily involve new technology but better use of existing tools and resources, Pawlikowski said, adding that the current uncertainty about the defense budget is hindering progress on hardening weapons systems.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected