A British minister warned that control over F-35 data would give the US the ability to shut down export fleets at will. In 2006.
He was right, and people who are pish-poshing that possibility today are either ignorant or engaged in intentional deception.
There’s been a lot of “debunking” lately about the degree to which the US can shut down or restrict F-35 operations by what are still formally called “partner nations” but are now, in at least two cases “invasion targets”.
With Canada openly talking about cancelling or truncating its 88-aircraft order, as the US president continues to rant about it becoming the 51st state while threatening economic warfare, the question is a real concern. And of course officialdom is going to say everything is fine, for the usual Mandy Rice-Davies reason.
The F-35 program’s advocates have, over the years, “debunked” a lot of things and in the process changed the meaning of the word to “misdirection”. In the current case, the message is that an F-35 “kill switch” is a myth.
That may be true. Technically, you could write code into the F-35 that would be triggered by a cyber payload received by the ASQ-239 electronic surveillance measures system. It could cause the fighter’s avionics system to reset itself in flight frequently (although that might be a Parker-Coolidge issue), or inhibit weapon use. But it creates a dangerous new cyber attack surface – the cyber payload itself would have to be protected, and the “friendly malware” in the system would have to be guaranteed inert unless the genuine trigger signal was received.
But the existence of the kill switch is neither here nor there. US control is in plain sight, via the Mission Data File (MDF). That uninspiring nomenclature describes the software that makes the F-35 work, and its development and upgrading is entirely under US control. If that is cut off for any partner nation, their jets will quickly become less survivable and less capable, depending how quickly an adversary can change the software in their own defensive systems.
The MDF is software hosted on the F-35’s integrated core processor (ICP). As an Air Force release explained in 2017, “the mission data is similar to an iPhone’s contact list and apps. The iOS is required for an iPhone to turn on, but the contact list and apps are what help translate this technology into a functional format. In this way, mission data interacts with the aircraft software in order to enable the F-35’s sensor fusion”.
Sensor fusion is absolutely central to the F-35’s mission. Combining active radar, passive ESM, infrared, and inputs from other F-35s int unified target files, it’s what allows an F-35 or an F-35 four-ship to identify targets and threats with minimal emissions – because there’s no point in a stealth aircraft that emits constant radar signals. MDFs “allow the F-35 to use updated maps and and counter… missiles, electronic warfare systems, and adversary fighters.” The MDF also hosts terrain data, required for precise, minimum-emission navigation if GPS is denied.
More than that. “Mission data enables F-35s and pilots to sense, identify, locate, and counter threats across the electromagnetic spectrum,” states another release.
This is critical. Early in the development of stealth, 45 years ago, Pentagon official Paul Kaminski established a Red Team to wire-brush the emerging, near-miraculous technology. One of the Red Team’s key discoveries was that a stealth aircraft could not just fly with impunity through an array of defensive sensors. It was vital to plan routes so that the stealth aircraft would show its least visible side to known radars. The USAF and Lockheed developed the first automated mission planning system for the F-117A. Constantly updated with the location of hostile radars, the system devised the stealthiest routes to any chosen target. Pilots nicknamed it Elvira, after late-night TV’s Mistress of the Dark.
Now, the so-called “blue-line” track can be updated on board the aircraft in near-real-time. This function depends on data in the MDF, which also manages the coordination of tracks across a formation,
In the run-up to conflict, MDF updates will be essential, because Red will move defensive assets around and switch to wartime waveforms. During conflict, MDF updates will be rapid and frequent.
I’m not asking you to believe this. A newly released report by Justin Bronk of the Royal United Services Institute makes it clear how the F-35 depends on MDF updates: it’s just too smart to work without them.
Russian air defence systems were operating using ‘war modes’ that had previously not been observed or collected by NATO ELINT systems. As a result, despite having the most capable ESM suite on any NATO fighter on the Eastern border, the F-35s did not always recognize and correctly identify Russian GBAD systems. In the words of the Wing’s commanding officer, Colonel Craig Andrle: ‘We’re looking at an SA-20. I know it’s an SA-20. Intel says there’s an SA-20 there, but now my jet doesn’t ID it as such, because that SA-20 is operating, in a war reserve mode that we haven’t seen before’.
In other words, the F-35 systems were just too smart to call the S-300s out for what they were, and accordingly did not provide the appropriate warning. Nor could they have matched the Blue Line path to the threats. (Note that Bronk’s extensive report would have been researched before the US election and probably closed for press before Inauguration Day and the lunacy that has followed it.)
The MDF is in a sense a much expanded version of the threat libraries used by earlier semi-automatic electronic warfare systems. When those were exported it was standard practice to provide the customer with the means to update the library, and early partners, including the UK, expected to have similar access to the F-35. And as it became apparent that it was not part of the deal, the British government expressed concern.
“The UK has warned America that it will cancel its £12bn order for the Joint Strike Fighter if the US does not hand over full access to the computer software code that controls the jets,” the Daily Telegraph reported in late 2006. “Lord Drayson, minister for defence procurement, told the The Telegraph that the planes were useless without control of the software as they could effectively be “switched off” by the Americans without warning.”
Italics mine. At the time, those comments seemed hyperbolic, almost crazy. Now?
Days later, the Financial Times reported that a deal had been struck. “Lord Drayson said the agreement meant the British military would have an “unbroken chain of command of UK citizens”, ensuring operational sovereignty. He said the UK would receive all the source code needed to maintain and update the stealth technology.”
But apparently there wasn’t a deal. Three years later, in December 2009, it was up to JSF Program Office international affairs chief Jon Schreiber to play the role of Lucy to Britain’s Charlie Brown, snatching the football away. Nobody was going to get source code access, he said. But by then the UK had ordered its first test aircraft and had cut metal on its new aircraft carrier, which was not designed to operate any type of aircraft except the F-35.
“Nobody’s happy with it completely, but everybody’s satisfied and understands,” said Schreiber.
Up to a point, Lord Copper. I am not sure how “f**k that noise” translates into Hebrew, but the IDF in 2010 firmly informed Washington that they were not going to buy the F-35 on those terms. And by then, the wheels had come off the program: JPO director MG David Heinz was (so to speak) canned in February, his replacement fired everyone in sight, and it was three years before there was even a schedule leading to initial operational capability. The last thing the program needed was a blue-chip customer, one who everyone understood knew a thing or two about airpower, stomping loudly out of the showroom. Israel got its own lab and an in-country test aircraft.
Apparently, Israel believed that the value of built-in stealth did not offset an inability to update the software locally.
Moreover, it was not until 2014 that then-JPO director LtG Chris Bogdan was able to announce that a compromise had been reached, and that a block-long line of labs would be built at Eglin AFB, each dedicated to a different partner group. The webpage of the F-35 Partner Support Complex, a civilian unit reporting to the 350th Spectrum Warfare Group (quite the name and doubtless appropriate) shows how the labs operate. The Australia-Canada-UK lab (Five Eyes members) operates with a majority partner crew. Norway and Italy have a minority representation, and others rely on an all-American lab.
Bottom line: There may not be a kill switch per se, but the moment your adversary’s electronic order of battle changes, your F-35 becomes less capable by the day without MDF support, which is why the US has kept control of; and the dependency is greater than on less integrated systems.
A hypothetical: A crisis is emerging, and US strategy and policy differs from that of a partner nation; the US is not going to intervene militarily at any likely threshold. The pressure point is simple: the door code at Eglin is changed. The partner nation’s people can’t get in.
Who needs a kill switch, other than one for the program’s mendacious PR machine?