AdobeStock_518836056

On the day after Constitution Day, the day of the signing of the American Constitution in 1787, a U.S. Marine Corps F-35B Lightning II Stealth Fighter was announced as missing.

The pilot and aircraft were from Marine Fighter Attack Training Squadron 501, based at Beaufort Marine Corps Air Station (MCAS) in South Carolina. The pilot had ejected and been recovered, but the location of the aircraft was unknown. Joint Base Charleston wrote on social media about the incident and asked for anyone who knew about the location of the aircraft to contact the base. Approximately 48 hours later, a debris field was found about 60 miles northeast of the base.

Official statements said the pilot was “forced to eject” at about 1,000 feet altitude, approximately two miles from Joint Base Charleston, which shares the airfield with Charleston International Airport. The “B” model of the F-35 is the Marine Corps version that can take off and land vertically like a helicopter. The Marine version of the F-35 also has a feature where, under certain parameters, the pilot can be automatically ejected without manually initiating the ejection sequence—this being a design safety feature because of the higher risk of accident during vertical take-off and landing.

The F-35 does appear to have the ADS-B transponder system, which is becoming a key part of air traffic management. ADS-B transmits information about the aircraft for air safety and is normally turned off in combat environments. In peacetime conditions, ADS-B is very helpful for flight safety, but it also introduces cybersecurity concerns. This F-35 episode brings back into focus a previous aviation event that may have used cyber techniques to compromise the air vehicle.

The Hijacking and Seizure of a CIA Drone by Iran

In 2011, a classified CIA stealth drone, now revealed as the RQ-170 Sentinel, was brought down in Iranian airspace. Iran claimed that their electronic warfare units had accomplished the feat of commandeering the drone. The Pentagon spokesperson at the time, John Kirby (now working as the National Security Council spokesperson at the White House), denied that the drone had been taken over by the Iranians, and that the drone wasn’t lost to “hostile activity of any kind.” Mr. Kirby was also the same Biden official who assertively denied any consensus on the COVID-19 virus originating in the Wuhan lab.

An Iranian engineer described the details of the claimed cyber operation to seize the drone. The drone was possibly being flown under the oversight of operators at Creech Air Force Base in Nevada and linked to the drone via satellite. The Iranians perhaps used a combination of Global Positioning System (GPS) spoofing and jamming of the satellite signals to help confuse and overtake the guidance of the drone. There’s some question on this, since the drones normally operate primarily using inertial navigation to counter GPS jamming and spoofing, which is relatively easy. Drones are normally also programmed to circle until they regain the trusted signal or run out of fuel. However, there has been a lack of encryption in drone communications that may have been a factor. Later articles painted the picture of design failure acceptance by American engineers and the vow to never let the 2011 episode happen again.

The F-35 Is ‘Software With Wings’ and Has Been One of China’s Top Cyber Targets

Back to the F-35, for years this aircraft has been the crown jewel and centerpiece of Chinese Communist Party (CCP) malign cyber operations. The F-35 has been dogged by supply chain issues and has been allowed to use Chinese-sourced parts through waivers because of the lack of alternatives that wouldn’t introduce lengthy schedule delays. The Byzantine Hades series of cyber hackings by China go back to 2006, and the F-35 is the centerpiece of these attempts to exfiltrate data from Lockheed Martin to the Chinese civil-military fusion operation.

More recently, the F-35 pilot oxygen system, critical for keeping the pilot healthy and conscious, has been a source of concern partly because of cyber vulnerabilities. In January 2022, an F-35C was lost off the USS Carl Vinson while the carrier was conducting operations in the South China Sea, and for a period of time, there was a furious sprint to see who could recover it first, a testament to the prized status of the F-35 in China’s eyes

The PLA Strategic Support Force Is the Tip of the Spear in Cyber Warfare

There was some wild speculation during the loss of this current F-35 in South Carolina that China had absconded with the F-35 to Cuba. Perhaps a bit of an overreaction; however, there’s a long history of China’s intense cyber intrusions into the F-35. The unique design feature of the F-35B’s auto-ejecting ejection seats that eject the pilot without the pilot’s consent does raise some reasonable questions.

The sophisticated nature of the Iranian cyber ambush drama with the CIA drone in 2011 establishes precedent on high-level Iranian cyber operations. The Chinese and Iranians work closely together on cyber-attacks directed at the United States.

The element of the People’s Liberation Army Service responsible for cyber, space, electronic, and psychological operations is the Strategic Support Force (pdf), a rather innocuous name. Could the Strategic Support Force possibly have tinkered with the auto-eject capability? Possibly. Could they have remotely flown the F-35 to Cuba? With the F-35B debris field found, not this time.

Please Share: