I’ve set a reminder in my calendar and I’ll do the googling and analysis so you don’t have to. Assuming we all survive, that is.
The F-35 has a particular, new, problem that’s a result of how the program’s pork was parceled out to so many vendors: figuring out who made what expensive hard-to-replace part, and when to order it is complicated. A logistical management system for an aircraft like that is a non-trivial thing – you need a database and a knowledge-base (probably some blockchain and AI, too!) and it needs to track which version of what doodad goes with which plane; the specifications are changing constantly, as are the planes, as are the parts, as are the supplies.
Logistical nightmares are nothing new for the military; consider for a brief moment that the German assault on France in WWI was meticulously planned down to the timing of each unit down individual roads, by hand, on paper. But the combinations of things that need to be tracked for something like an F-35 explodes into untrackability pretty quickly. And, any of you who think about complex system failures know that one does not simply substitute a “more or less equivalent” screw in a jet engine – a single-engine aircraft like an F-35 takes engine function very seriously, indeed.
The F-35 program’s software for logistics appears to be a nightmarish mess:
WASHINGTON – Setting the weekly flying and maintenance schedule for an F-35 squadron is a weeklong process. It takes hours for multiple people to download data from the jets and comb through it, paste information into different spreadsheets, and continuously update each system.
With a new app called Kronos, on track to be delivered in early March, the U.S. Air Force is hoping it can trim the amount of time for that process to 15 minutes.
Kronos was developed by the Air Force’s Kessel Run software development team as part of a new effort called Mad Hatter, which was established late last year to solve pilot and maintainer gripes with the F-35 fighter jet.
If all goes well, it could lead to a much bigger overhaul of the F-35’s troubled logistics backbone, known as the Autonomic Logistics Information System, or ALIS, said Will Roper, the Air Force’s top acquisition official.
“There are many things about ALIS that are very frustrating and time consuming,” Roper told Defense News on Feb. 12 in an exclusive interview. “The goal [of Mad Hatter] is not simply to fix ALIS within the constraints that define it. It is to make the operator — the maintainer — more efficient, to make their user experience more pleasant.”
(Sputter)What?! It takes a week to plan flying for a week? And it involves manual cross-inputs between spreadsheets? Holy shit, somewhere some clay tablet-maker is filing a lawsuit saying that they were unfairly cut out of the program.
That’s only the start of things, of course it gets worse:
“You can imagine: What do the users want? They want Wi-Fi on the flight line. We believe we can do that securely. They want to have a touch screen where they have one database that can touch ALIS and all the other tools, that translates automatically. These are not Herculean tasks,” he said.
I can imagine! And my imaginings lead me to Lovecraftian horror. Whose Wi-Fi are they going to use? Cisco’s? Huawei’s? Is the software going to be operated by the same kind of Air Force geniuses that managed to infect the command console of their predator drones with Russian malware? The same geniuses that couldn’t get the malware out for 16 months? [reg] I know, let’s give those geniuses flight-line WiFi so that anyone with a new day0 exploit can mess with a very complex piece of software that controls a very very expensive fly by wire aircraft. I guarantee you that, if they do that, within 2 years the aircraft will refuse to work at all if the WiFi signal is jammed, which means the whole garbage-pile can be grounded with minimal effort.
The problem here is that when a piece of complex technology embeds another piece of complex technology, it embeds all the flaws in that technology, as well. For obvious reasons (because they aren’t expensive enough!) they almost certainly won’t rely on Chinese-made Huawei WiFi gear; they’ll use Cisco – which includes NSA backdoors and intermittent “holes so big you could parade a moose-riding mariachi band through.” [zd]:
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network.
The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
Yeah, it’s a herculean task. Specifically, the Augean Stables [wik] – computer security is an endless shit-shoveling contest and if your starting premise is that logistics are hard you’ll know that entering into a vulnerability-management cycle is a guarantee of eventually getting compromised.
“There is a logistics system that supports the F-35 called ALIS. It cannot scale. It has got huge problems. It drives the maintainers nuts. And so we put together a team of Lockheed Martin, Air Force programmers and maintainers on the flight line,” she said. “They named themselves. The new program is called Mad Hatter, rather than ALIS. It is always the young techies that come up with something.”
Two other applications will follow closely on the heels of Kronos. Titan will help expeditors determine fleet status, assigning tasks between maintenance teams as the workflow changes.
“It’s 3:00am, go check the tire pressure on all the aircraft. NOW!” Whoever controls the logistics system controls the function of the total system. I’m also curious how this sucker’ll forward-deploy on, say, an aircraft carrier with a communications blackout. I assume it’s going to be massively dependent on reliable bandwidth, and plenty of it. That shouldn’t be a problem, right? It’ll use the government’s classified network – the one with 750,000+ trusted users. Trusted, yes. Trustworthy, maybe. Let’s build some more interdependencies in there and make it more complicated because complex is better!
A stealth aircraft fleet with a single point that lets you determine fleet status. It’s strategic genius.
And once Mad Hatter has a chance to prove itself with its initial apps, it may move onto a more substantial task: creating an experimental, cloud-based version of ALIS, and then helping build future software drops.
The team has begun the process of re-hosting the latest iteration of ALIS, version 22.214.171.124, on Pivotal’s cloud foundry, Roper said.
I’m tempted to stop right there and leave you hanging off the edge of the cliff, but that’d be mean. Remember that the F-35 is a multi-national NATO aircraft; the Turks and Japanese (the Brits and Canadians are good little lap-dogs) are going to love having their military aircraft’s logistical system dependent on a US 3rd-party contractor’s cloud servers.
In 5 years there will be moaning and wailing and finger-pointing accusations that the Chinese and Russians have hacked the F-35’s logistical system. Shock and aww!
It’s hard to believe I did this nearly a decade ago:
This posting requires the mandatory link to Charles Perrow’s Normal Accidents – [wc] It does a better job than I can of explaining the exploding complexity of interactions in interdependent systems, and how humans rapidly become incapable of figuring out how things break. It’s fascinating stuff.
I love it when software developers say “How hard can it be?!” and decide to build their own complete replacement system. The results are usually about as bad as the first system, for the same reason. To be fair, this stuff is really hard to write – which is all the more reason to be skeptical when someone says they’ll just put together a modular cloud-based version of their own. You should always ask “why do you believe you will get right the things that everyone else got wrong? Because the reasons that they got it wrong apply to you, as well.”