Unclear for take-off? F-35 Procurement Contents

3Reported communications and software issues

The Communications Link

23.The F-35’s information gathering capabilities are considered to be one of its key assets and the main value of the fighter to the UK’s future carrier strike capability. As Justin Bronk puts it, “the most effective use of the aircraft is likely to be as a survivable intelligence, surveillance and reconnaissance (ISR) enabler in defence airspace to enhance the lethality, flexibility and survivability of legacy platforms such as the Typhoon and the Type 45”.19

24.According to The Times, the UK is “particularly exposed” as a result of the MoD failing to buy “critical support technology”. For example, The Times reports that the MoD has not purchased a Battlefield Airborne Communications Node (BACN) “that allows secure signals from the F-35 to be read by older aircraft”.20 The Times argues that, as a result, F-35 pilots wishing to share data with older aircraft will have to use a less secure channel “known as Link 16, potentially giving away their position”.

25.In addition, the paper claims that another problem lies in the jet’s ability to communicate in stealth mode to HMS Queen Elizabeth:

The Royal Navy’s new aircraft carrier is understood to lack a Multifunctional Advanced Data Link (MADL), which enables covert transmissions of data. It means that an F-35 returning to the carrier in stealth mode would be indistinguishable on radar from an enemy missile, one source said.

The source raised the possibility of an accompanying British ship, such as the Type 45 destroyer, shooting down a jet returning to the carrier in error.21

26.According to the MoD’s briefing for Conservative MPs, the claim that the F-35 is unable to share data “is incorrect”, with the F-35 acquitting itself “exceptionally” during a recent data exchange test. Similarly, the MoD’s briefing insisted that it was “incorrect” to describe the data link as insecure.

27.In their oral evidence to the Committee, Deborah Haynes and Alexi Mostrous suggested that one of the key questions underpinning their investigation was whether the UK was “putting sufficient resource and prioritisation on the networking side [of the F-35]” as the F-35 had the potential to “be an incredible force multiplier if it can talk to all the legacy equipment, not only the airframes, such as Typhoon, but also the carrier strike group–the ships”.22

28.Indeed, they suggested that it was “surprising [ … ] that the relevant technology has not been invested in”, particularly as the UK is buying relatively few F-35s, in comparison with the USA, and might therefore need these fighters to be even more integrated with the rest of its military capabilities.23

29.Ms Haynes and Mr Mostrous noted that the US had invested in a Battlefield Airborne Communications Node (BACN) and a multi-function advanced data link (MADL) to enable secure transmission of data between the F-35s and legacy aircraft and vessels. By contrast, they claimed that, while similar technology has been trialled in an F-35-Typhoon demonstration, “as things stand today the funding is not there to bring that capability forward”.24

30.Justin Bronk’s 2016 report on the F-35 programme emphasised the transformational potential of the F-35’s information gathering abilities and the consequent importance of investing in the technology and processes needed to harvest this potential; “the F-35 has the potential to be a huge capability and flexibility enhancer for legacy platforms [ … ] because of its abilities in gathering, processing and sharing information”.

31.The F-35, he suggested, will represent “a significant advance in the situational awareness of pilots and their ability to interpret commanders’ intent” and could “significantly enhance operational flexibility and survivability in heavily defended airspace, which will boost the UK government’s options in certain crisis situations”.25

32.For example, he contended that if “the F-35 could securely and covertly transfer target data to Typhoons and, potentially, take over guidance of their AMRAAM/Meteor missiles once launched, the F-35 would greatly enhance the potential survivability of the Typhoon whilst the Typhoon would provide a significant firepower advantage to the F-35”.26 Similarly, if the F-35 can exchange data in real time with the Type 45, as part of a combat air patrol mission, it could, “greatly increase” the usable range of the Type 45’s anti-aircraft and anti-missile ‘punch’.27

33.However, Mr Bronk’s report identified a number of areas where action needs to be taken for the F-35 to be of full value to the UK’s defence. Although stressing the capacity of the F-35 to gather information and the high level of situational awareness it can provide to pilots, he nonetheless asked “to what extent the situational-awareness picture which is generated automatically and presented to the F-35 can be successfully shared and utilised by legacy assets in the air, at sea and on land”.28

34.There appear to be two main issues, which are linked: data handling and sharing. At present, “most sensor data gathered by each F-35 are fused, analysed, presented to the pilot and then disappear, unless the aircraft is operating in ‘open transmit’ model using Link 16 [a military tactical data exchange network]”. Crucially, this link, although used by NATO, “may be detectable and, therefore, compromise survivability”.

35.If, however, the pilot has to be relied upon to choose which information to record—and where—for bringing back, Mr Bronk claimed that this was likely to result in “potentially vital data” being lost “and a “huge potential benefit of the F-35 to whole force” being wasted. Furthermore, although the pilot can manually record some of this data, the internal memory is limited.

36.While these internal memory constraints should, Mr Bronk argued, be “significantly alleviated” by the time full operational capability is declared in 2023, the information management system whereby pilots have to choose which information to record for bringing back will remain a more difficult problem to resolve.29

37.This is particularly the case as the UK has no capability to convert advanced low-probability-of-intercept waveforms such as the Multifunction Advanced Data Link (MADL) “into Link 16 format for transmission to non-stealthy assets”. The US, by contrast, is using a Battlefield Airborne Communications Node (BACN) to enable sensitive data to be transmitted from MADL into Link 16 format.

38.The UK is, therefore, in a situation where, according to Mr Bronk, the Armed Forces “do not have the equipment or processes in place, nor on order, to make use of the F-35’s data-gathering and data-sharing potential”. Nor does it have the interconnectivity, network bandwidth or operating principles to make use of the data gathered by the F-35. He drew attention, for example, to the Joint Data Network, a programme to provide enhanced networking capability within the RAF for the F-35 and other assets, which was cancelled as a cost-saving initiative in 2011.

39.In his oral evidence, Mr Bronk repeated this emphasis on the importance of investing in a secure communications link for the F-35s and the rest of the carrier group. He believed that if the F-35 is to be able to share data with other UK “assets” without broadcasting on Link 16, and potentially giving away its position while inside defended enemy airspace, then the UK needs “some form of gateway translation node”. This could either be the US BACN, or the Freedom 550, which was the system used during the F-35-Typhoon trials.30

40.While Mr Bronk noted that there could be data protection and security issues regarding the use of the MADL, he was nonetheless clear that, unless an advanced data link and translation node were purchased, the UK would be undermining or underusing one of the key capabilities of the F-35: the only secure alternative would be to deploy the F-35s on their own (they can communicate with one another covertly and securely) rather than using them effectively as a force multiplier.31

41.Lockheed Martin told us that the US is “exclusively using Link 16” for communication from the F-35 to legacy assets. Steve Over, Lockheed Martin’s Director of International Strategy and Customer Engagement, said that the US Air Force undertook a ‘Red Flag’ (large ‘force-on-force’) exercise in January 2017 in which F-35s and legacy assets, including RAF Typhoons, participated. In this exercise the F-35s reportedly communicated their sensor picture to those legacy assets via Link 16.32 However, Peter Ruddock, the Chief Executive of Lockheed Martin UK, conceded that using Link 16 did make the jet more detectable. Mr Over also emphasized that “there will be times and places that F-35s go—where only F-35s can go—and they will communicate with each other via MADL”.33

42.In their supplementary evidence, Lockheed Martin reasserted the reliability and security of Link 16 as a means of communicating information between the F-35 and fourth generation assets.34 They also claimed that they were unaware of the US using a BACN as a means of sending MADL encrypted communications between F-35s and other assets. However, they did acknowledge that the US and UK have begun experimenting with fifth to fourth generation gateways, including the UK’s Babel Fish III trial and a US demonstration in which the F-35 was successfully integrated with an Aegis fire control system. According to Lockheed Martin, in the latter demonstration:

… the Aegis system successfully engaged an airborne target drone with an SM-6 missile using only the targeting solution provided by an unmodified F-35B. This F-35 targeting solution was passed to the Aegis via a MADL datalink that had been integrated into the Aegis system.35

43.Air Commodore Lincoln Taylor, Assistant Chief of Staff (Capability Delivery, Combat Air), also stressed the usefulness of the Link 16 system, on 17 October, telling us that “it provides incredible situational awareness” to other assets.36 However, he also told us that the Government had started to look at the benefits of sharing MADL capability with legacy fighters and had conducted a trial called Babel Fish III in 2016 which included F-35s and Typhoons.37

44.When asked why legacy assets had not been equipped with a communications node to enable more secure transmission between those assets and the F-35, Lieutenant General Mark Poffley, Deputy Chief of Defence Staff (Military Capability), responded that there was always a lag between new technologies and capabilities and older assets and capabilities.38 Air Commodore Taylor also argued that it would take time to assess how to share F-35 to F-35 data with other planes and judge the benefits that such a link could yield.39

45.However, despite his comments, Lieutenant General Poffley did accept that a link such as MADL would “undoubtedly start to be a very attractive option to move data” and that the UK would “undoubtedly” wish to transfer data from the F-35s to the Typhoons.40 Indeed, he told the Committee that it was the MoD’s ambition to “have MADL-type capabilities across the portfolio of capabilities”, including the Type 45, Crowsnest and Typhoon.41

46.We are pleased that the Government acknowledges the potential value of using the Multifunctional Advanced Data Link (MADL) for secure communications between the F-35 and our older aircraft. We note both that it is the MoD’s ambition to have MADL-type capabilities across the carrier group and that trials of a gateway communications node have been undertaken involving the F-35 and Typhoon.

47.We agree with Justin Bronk from RUSI that, without an advanced data link and translation node, the UK will be underusing one of the key capabilities of the F-35its ability to interact with older aircraft and greatly augment their potency. In the light of the successful Babel Fish III trial, which saw a gateway node used to translate MADL messages to Link 16 format between F-35s and Typhoons, earlier this year, and ahead of the UK receiving its first squadron of F-35 fighters next year, we recommend that the MoD make provision for the procurement of a gateway translation node for MADL-based F-35 to Typhoon communication in the next Equipment Plan.

Broadband capacity

48.Another of the claims made by The Times is that the broadband on HMS Queen Elizabeth “is four times weaker than that for an average UK household, severely hampering the jet’s capabilities”. This will mean that “the F-35 will not be able to send data on enemy threats back to ground forces while in flight”.42

49.In their oral evidence, Ms Haynes and Mr Mostrous warned that if the MoD wanted to use the F-35 to its “full capability, in terms of all the data that it is hoovering up, you will want a significant bandwidth to be able to transmit that all back to the carrier”.43 Deborah Haynes’s sources had suggested that the capacity existed to increase bandwidth to about 64 megabits, if not more, “but that requires funding”.44

50.Both in their written articles and their oral evidence, Ms Haynes and Mr Mostrous drew upon Justin Bronk’s 2016 report on the F-35. He had argued that “the limited bandwidth of 8 megabits available on the QEC [Queen Elizabeth Carriers] is a serious bottleneck”. Indeed, he contrasts the bandwidth available with that of the USS America which, despite its 32-megabit capacity, has still prompted concerns from the US Navy about its ability to cope with the volume of data generated by the F-35.

51.The F-35’s Autonomic Logistics Information System (ALIS) puts particular pressure on the bandwidth of aircraft carriers. According to Mr Bronk, “the bandwidth available on the ship is nowhere near sufficient to make full use of the F-35B’s potential capabilities”.45

52.When we asked him about the claim, made by the MoD, that the broadband capacity was sufficient to carry out the scope of carrier strike operations over the lifetime of the programme, he suggested that “for that statement to be true, the scope of carrier strike operations across the lifetime of the platform would have to be pretty mundane compared with what they could be”.46

53.Indeed, returning to the reference in his report to the 32 megabits on the USS America, Mr Bronk suggested that the Americans were already “urgently upgrading” their bandwidth to a “target” of 100 megabits (he described this level of capacity as “the American gold standard at the moment”).

54.Furthermore, he stated, if the US Marine Corps, which tend to operate a smaller air group than the Queen Elizabeth class carriers are designed to operate, views 32 megabits as “inadequate”, then “it would be strange if we would not at least benefit from significantly over 32 megabits”. Not least as the UK “will be relying on the F-35s for more of the total carrier strike group capabilities than the US Marine Corps”.47

55.While refusing to confirm the broadband capacity of HMS Queen Elizabeth, Mr Over nonetheless noted that Lockheed Martin and the US Navy had undertaken testing that had “proven demonstrably” that, “with disciplined communication”, an 8-megabit bandwidth was “satisfactory for operation of F-35s on board the ship”.48 In their supplementary evidence, Lockheed Martin provided further details of this demonstration, explaining that it included eight F-35s.49

56.The Minister also refused to confirm the broadband capacity on the Queen Elizabeth, telling us that she did not “recognise” the figure mentioned in The Times’s investigation and insisting that the bandwidth was “exactly sufficient” for what the UK “currently” needs.50 However, both Mrs Baldwin and Lieutenant General Poffley confirmed that there was scope for the carriers’ bandwidth to be improved in the future, as required.51

57.If the potential benefits of the F-35 to the UK’s future carrier strike capabilities are to be realised then the Queen Elizabeth carriers will require a broadband capacity beyond 8 megabits. While we note that the MoD claims that there is scope for the current bandwidth to be enlarged, it is seems highly likely that a capacity in excess of the 32 megabits currently available on the USS America will be required for an effective carrier strike capability.

Autonomic Logistics System (ALIS)

58.One of the main concerns outlined by The Times relates to ALIS–the operational and management system for the F-35. As the House of Commons Library briefing paper explained, ALIS “will serve both the pilots, in terms of mission data and track pilot training, and the aircraft, by tracking maintenance data”.52 According to The Times, experts fear that this £12 billion software system “is filled with bugs and potentially vulnerable to hacking”.

59.The Times cited a report for the DoD which noted that ALIS exhibited several vulnerabilities “both from ‘insiders’- referring to employees or contractors who may want to hack the system—and ‘outsider’ threats, which would include rogue states”. According to one source cited in The Times’s investigation, ALIS represents the “soft underbelly” of the F-35 carrier strike capability.53

60.The Times also raised concerns about ownership of the intellectual property rights for the system, reporting fears that Lockheed Martin “could exploit” the ALIS system “to drive up fees for purchasing countries including Britain”. According to one source cited by The Times in their investigation, “Lockheed could ultimately decide how, when and if the F-35 flies, and it alone will decide how much it charges F-35 customers for the privilege”.54

61.When asked to elaborate on the claims made about the vulnerability of the ALIS system, during the oral evidence session on 13 September, Alexi Mostrous appeared to downplay them, arguing that “all we were trying to say [ … ] is that this plane relies very much on software [and that] certain vulnerabilities have been identified with the software”.55

62.In his 2016 report on the F-35, Justin Bronk acknowledged that there were bugs within ALIS and that the system “is still some way from final maturity”. However, he went on to argue that software upgrades should significantly reduce maintenance and operating costs when mature.

63.Furthermore, version 2.0.2 of the ALIS software is, according to him, “expected to solve many outstanding issues”, while as ALIS is a programme priority for the US Air Force and Lockheed Martin, “it is reasonable to expect that by the time the UK declares IOC [initial operating capability] in 2018, the system will be significantly more mature”.56

64.During his appearance before the Committee, Mr Bronk noted that, in theory, ALIS could be the soft underbelly of the F-35. However, he stressed that, in light of the “extremely strategic nature of ALIS software security and its extreme complexity”, it was “impossible for us to know how vulnerable ALIS is”.57

65.We asked Lockheed Martin to respond to the concerns about ALIS. Steve Over stressed that “there has been rigorous cyber-testing of the ALIS system and we are unaware of any successful efforts to penetrate the system”.58

66.Christopher Bogdan, the former head of the Joint Programme Office (JPO), had commented that “we have a lot of work to do on ALIS [ … ] it is not nearly as good as it can be, and [ … ] frankly it’s late”, Mr Over noted that since then a “very big ALIS upgrade” was being pushed forward and he suggested that by the end of the year there would have been “one more significant capability upgrade to ALIS”.59 Overall, Mr Over expressed confidence that Lockheed Martin was on track to deliver the full performance of ALIS before the conclusion of the SDD (system design and development) phase of the programme “either late this year or very early in 2018”.60

67.On the question of intellectual property rights, Peter Ruddock told the Committee that the UK had “sovereign ownership” of the ALIS software deployed on the UK’s F-35Bs and carriers and “can modify and use it without support from the US for a period, if they so wish”.61 Jeff Babione said that he was “not aware of any constraints” the UK as a consumer would have in stress-testing and modifying the system.62 However, Mr Ruddock suggested that the UK “would not want” to make changes unilaterally to the software:

… One of the benefits of having a common system is that it is common. If you start to step outside and make it different, you are making problems for yourself [ … ] if you wished you could go and do something else, but it is not something that the user would find attractive.63

68.However, in their supplementary evidence to the Committee, Lockheed Martin note that they, as the developer of the software, will continue to own the intellectual property. Furthermore, while the UK will have “complete and unfettered use of ALIS and its technical data for the sovereign operation of their aircraft”, the US Government has an “unlimited rights license” which provides them with the ability “to use such data for any purpose whatsoever, including providing it to foreign partners and industry competitors”.64

69.Unsurprisingly, during their appearance before the Committee the MoD sought to downplay the potential vulnerabilities of ALIS. Indeed, Harriett Baldwin suggested that The Times’s reporting had been focused on getting headlines.65 Air Commodore Taylor, however, conceded that “like any IT system, it [ALIS] can be vulnerable to cyber-attack”. Nonetheless, he emphasized the work which had been undertaken to make the system “cyber-resilient” and which had left him “assured that we are as resilient as we possibly can be at the moment”.66

70.With regard to bugs within the ALIS software, Air Commodore Taylor suggested that those issues had “mostly” been remedied. He also took pains to stress that bugs were a normal part of software development and argued that it “is good that we find them” so that they could be fixed.67

71.The F-35 probably relies more on software than any other defence programme in history and ALIS is of particular importance. This software plays a key role in the day-to-day operation and management of the F-35 and it is unsurprising, then, that concerns have been raised about potential vulnerability to hacking. We were, therefore, glad to hear from Lockheed Martin and the MoD that there has been rigorous cyber-testing of ALIS and that software bugs have mostly been rectified.

72.We are aware that concerns were raised about the intellectual property rights of ALIS and the potential implications for the MoD’s long-term management of the UK’s F-35 fleet. While we were pleased that Lockheed Martin confirmed in oral evidence that the UK will have complete and unfettered use of ALIS and its technical data for the sovereign operation of our fleet, we note that Lockheed Martin’s supplementary evidence weakened this guarantee by claiming that the US Government had an ‘unlimited rights license’ for this software, including the right to distribute technical data to other nations and to industry competitors. We ask that Lockheed Martin provide clarity on the level of protection in place for the technical data gathered by ALIS software concerning UK F-35s—including whether this data falls within the US Government’s ‘unlimited rights license’.

20 Alexi Mostrous and Deborah Haynes (17 July 2017), Jets are overbudget, unreliable and vulnerable to cyber attacks, The Times, https://www.thetimes.co.uk/article/jets-are-overbudget-unreliable-and-vulnerable-to-cyberattacks-v3gt8dcbb

21 Alexi Mostrous and Deborah Haynes (17 July 2017), Jets are overbudget, unreliable and vulnerable to cyber attacks, The Times, https://www.thetimes.co.uk/article/jets-are-overbudget-unreliable-and-vulnerable-to-cyberattacks-v3gt8dcbb

22 Q3

23 Q8

24 Q9

25 Justin Bronk (February 2016), Maximum Value from the F-35: Harnessing Transformational Fifth-Generation Capabilities for the UK Military, RUSI: Whitehall Report 1–16, pp.vii, 17

29 Justin Bronk (February 2016), Maximum Value from the F-35: Harnessing Transformational Fifth-Generation Capabilities for the UK Military, RUSI: Whitehall Report 1–16, pp.vii-viii, 3–4, 6–7

30 Q46

31 Q47

32 Q128

33 Q128

34 PRO0001

35 PRO0001

36 Q140

37 Q139

38 Q148

39 Q146

40 Q148

41 Qq149–153

42 Alexi Mostrous and Deborah Haynes (17 July 2017), Britain spends billions on flawed F-35s, The Times, https://www.thetimes.co.uk/article/britain-spends-billions-on-flawed-fighter-jets-qrtj95kvh

43 Q12

44 Q12

46 Q49

47 Q50

48 Qq121–122

49 PRO0001

50 Qq165, 167

51 Q170

52 Louisa Brooke-Holland (6 February 2015), The UK’s F-35 Lightning II Joint Strike Fighter, House of Commons Library, Standard Note: SN06278, p.12

53 Alexi Mostrous and Deborah Haynes (17 July 2017), Jets are overbudget, unreliable and vulnerable to cyberattacks, The Times, https://www.thetimes.co.uk/article/jets-are-overbudget-unreliable-and-vulnerable-to-cyberattacks-v3gt8dcbb

54 Alexi Mostrous and Deborah Haynes (17 July 2017), Jets are overbudget, unreliable and vulnerable to cyberattacks, The Times, https://www.thetimes.co.uk/article/jets-are-overbudget-unreliable-and-vulnerable-to-cyberattacks-v3gt8dcbb

55 Q11

57 Q52

58 Q88

59 Q89

60 Q89

61 Q81

62 Qq82–83

63 Q86

64 PRO0001

65 Q173

66 Q172

67 Q172

18 December 2017