BERLIN – The U.S. Air Force is devoting fresh energy to plugging cybersecurity holes in the F-35's external support systems, as they are deemed the easiest entry points for hackers into the fifth-generation combat jet, according to a key service official.

“It’s a software-based aircraft, and any software-based platform is going to be susceptible to hacking,” Brig. Gen. Stephen Jost, director of the Air Force F-35 Integration Office, told Defense News in an interview at the International Fighter industry conference here.

The service considers the information backbone of the actual airplane – managed by manufacturer Lockheed Martin – relatively safe. That is thanks to what Jost called “multilayer security protections” ranging from secure authentication when crafting mission data packages for each aircraft before takeoff, to pilots punching in personal identification numbers to start up the plane.

The confidence wanes “as you get further from the air vehicle,” Jost said. When taking into account systems like the Autonomic Logistics Information System or the Joint Reprogramming Environment, there are “a lot of nodes of vulnerability that we’re trying to shore up,” he added.

Patrick Shanahan on the F-35, modernization and budget cuts The deputy secretary of defense discusses his view on the budget, cutting costs and how to change the internal workings of the Pentagon.

The Autonomic Logistics Information System, or ALIS, is a key application meant to provide unprecedented automation in monitoring the status of the aircraft's components. The Joint Reprogramming Enterprise refers to government software labs compiling collections of updated threat characteristics – Russian tanks, for example – for upload into the aircraft so that its sensors can recognize targets.

Additionally, officials worry about cyber-hardening F-35 flight simulators, which could be attractive targets for hackers seeking information about the plane. The introduction of wireless applications for easier maintenance on the flight line also could pose new vulnerabilities that must be addressed, Jost said.

The Government Accountability Office published a report in October warning warned about cyber vulnerabilities in almost all of the Defense Department's weapons. The shortfalls exist because many systems were conceived at a time when cyber attacks were still in their infancy.

× Fear of missing out? Sign up for the Early Bird Brief, the defense industry's most comprehensive news and information, straight to your inbox. Thanks for signing up. By giving us your email, you are opting in to the Early Bird Brief.

“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” auditors wrote. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications.”