The technology going into the U.S. military’s newest fighter plane may have been compromised by unauthorized access to facilities and computers that belong to BAE Systems, one the aircraft’s builders, according to a report from the Pentagon’s inspector general made public.
The report did not identify specific leaks, but it said “incomplete” Pentagon oversight may have increased “the risk of unintended or deliberate release of information to foreign competitors.”
BAE, based in Farnborough, England, is one of two main subcontractors working on the F-35 Joint Strike Fighter and is building some of the plane’s electronic and weapons systems and parts of its body. Bethesda-based Lockheed Martin is the lead contractor on the roughly $300 billion program, which is being developed by the United States and eight foreign partners, including Britain. Northrop Grumman of Los Angeles is the project’s other main subcontractor.
In working on major aircraft, contractors have to share sensitive and classified information, and the government has safeguards in place for the use of it.
The Project on Government Oversight (POGO), a watchdog group, filed a Freedom of Information Act request for the inspector general’s report, which was done to ensure that controls over classified technology and information on the F-35 were adequate and were being followed by the Defense Department. The report, which was completed in March, looked at selected data that related to the F-35 and found that the “government and its contractors appropriately controlled the export of classified [Joint Strike Fighter] technology to foreign companies.”
But the report criticized the Defense Department, saying it “did not always employ sufficient controls to evaluate potential unauthorized access to classified U.S. technology” on the F-35 program. The department’s Defense Security Service, which is supposed to help oversee the program, didn’t monitor BAE or evaluate its security systems, according to the report.
The DSS also couldn’t verify whether BAE had submitted required security audit reports for 2001 to 2003, the report said. As a result, the Defense Department’s “advanced aviation and weapons technology in the [Joint Strike Fighter] program may have been compromised by unauthorized access at facilities and in computers at BAE Systems,” according to the 55-page report, which had 16 pages blacked out.
In addition, the report said, BAE maintained that information in its internal audits was “privileged and not available” to the government, although there was a “special security agreement” that the contractor was to submit such reports to the Defense Department for review. The DSS did not question BAE’s assertion that the reports were off-limits to the government.
“This is government information, and BAE is stiff-arming the Pentagon,” said Nick Schwellenbach, national security investigator for POGO. “DSS failed in its oversight role to ensure that security improved. It is unknown if classified information was compromised, but it may have been, and if it was, weak Pentagon oversight was a contributing factor.”
Greg Caires, a spokesman for BAE, said the report “explicitly found no instances of unauthorized access to classified or export control information on the [Joint Strike Fighter] program.” He continued: “We strongly disagree with the IG’s suggestion that nonetheless, such information may have been compromised in some unidentified way by unauthorized access at BAE Systems.”
Cheryl Amerine, a Lockheed Martin spokeswoman, said, “The F-35 program, along with the Joint Strike Fighter program office, has put stringent measures in place with our partner companies and global supply chain to keep program information safe.”
The F-35 program is one of the most highly audited programs on record,” Amerine said, “and we know of no sensitive information that has been compromised as a result of findings in the referenced report.”