Tag Archive: F-35 Security Failures


Contact Nick Schwellenbach, 202-347-1122




Pentagon IG: Joint Strike Fighter Classified Information “May Have Been Compromised”

Due to Lax Contractor Oversight by Pentagon Agency



Washington, D.C. – “The advanced aviation and weapons technology for the JSF [Joint Strike Fighter] program may have been compromised by unauthorized access at facilities and in computers at BAE Systems, and incomplete contractor oversight may have increased the risk of unintended or deliberate release of information to foreign competitors,” states a previously unreleased March 2008 Pentagon watchdog report obtained by the Project On Government Oversight through the Freedom of Information Act (page 12).  DOD IG Report: http://pogoarchives.org/m/ns/dod-ig-report-20080306.pdf

The Defense Department Inspector General (DoD IG) report examines the Defense Security Service’s (DSS) lack of oversight of foreign-owned BAE Systems’ work on the Joint Strike Fighter, the world’s most expensive fighter program that utilizes highly classified U.S. technology.  The DoD IG found that DSS was deferential to BAE by refusing the U.S. government access to information as required by a security agreement.  This access is necessary to determine the security of U.S. government classified information.  In addition, DSS often did not analyze BAE reports that had been made available to them.

“How can the Pentagon security agency allow BAE, its contractor, to deny access to these security records?  This is government information and BAE is stiff-arming the Pentagon.  Systemic problems at DSS mean we cannot be sure if contractors are protecting classified information as well as they should,” stated Nick Schwellenbach, POGO, National Security Investigator.

According to the report’s summary (pages 14-15):

DSS did not properly monitor BAE Systems’ submission of its security reports and appropriately evaluate BAE Systems security.  DSS was unable to verify whether BAE Systems submitted the required security audit reports for 2001 through 2003.

BAE Systems stated that all information contained in the internal audits was privileged and not available to the Government, despite the requirement in the SSA [Special Security Agreement] that the contractor submits those reports to DoD for review and appropriate action.  DSS did not challenge BAE Systems’ claim that the internal audits are privileged and not subject to Government review.  Rather than treating contractors’ audit reports as useful tools to complement the industrial security assessments, DSS classifies all contractor reports as “routine correspondence” and destroys them after two years.  DSS also authorizes the contractor to destroy any of its reports older than two years.  

DSS has the authority and responsibility to enforce compliance with the National Industrial Security Program.  DSS should use its oversight authority to make the contractor comply with security requirements.  DSS cannot fulfill its responsibilities to “review and take appropriate action” over contractors if it does not receive those reports or analyze the reports it does receive.  DSS needs to obtain and review copies of all independent annual audit reports, internal audit reports, and Government Security Committee annual reports from the contractor and use that information to monitor the contractor’s compliance with the SSA.

DSS’s systemic problems have been cited in two reports in 2004 and 2005 by the Government Accountability Office on the systemic inability of DSS to oversee contractors.  In testimony before the House Armed Services Committee on April 16, 2008, on DSS and the National Industrial Security Program, DSS Director Kathleen Watson admitted that when she began as director two years ago, DSS was “broken across the board.”


For additional information:

2004 GAO Report, “Industrial Security: DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information,” link: http://www.gao.gov/docdblite/details.php?rptno=GAO-04-332

2005 GAO Report, “Industrial Security: DOD Cannot Ensure Its Oversight of Contractors under Foreign Influence Is Sufficient,” link: http://www.gao.gov/docdblite/details.php?rptno=GAO-05-681

April 16, 2008, House Armed Services Committee Hearing, “National Industrial Security Program: Addressing the Implications of Globalization and Foreign Ownership for the Defense Industrial Base,” webcast link: http://armedservices.edgeboss.net/wmedia/armedservices/fc041608.wvx

Founded in 1981, the Project On Government Oversight is an independent nonprofit which investigates and exposes corruption and other misconduct in order to achieve a more accountable federal government.



‘Incomplete’ Oversight May Have Allowed Leaks, Report Says

By Dana Hedgpeth
Washington Post Staff Writer
Friday, May 2, 2008; D01

The technology going into the U.S. military‘s newest fighter plane may have been compromised by unauthorized access to facilities and computers that belong to BAE Systems, one the aircraft’s builders, according to a report from the Pentagon‘s inspector general made public yesterday.

The report did not identify specific leaks, but it said “incomplete” Pentagon oversight may have increased “the risk of unintended or deliberate release of information to foreign competitors.”

BAE, based in Farnborough, England, is one of two main subcontractors working on the F-35 Joint Strike Fighter and is building some of the plane’s electronic and weapons systems and parts of its body. Bethesda-based Lockheed Martin is the lead contractor on the roughly $300 billion program, which is being developed by the United States and eight foreign partners, including Britain. Northrop Grumman of Los Angeles is the project’s other main subcontractor.

In working on major aircraft, contractors have to share sensitive and classified information, and the government has safeguards in place for the use of it.

The Project on Government Oversight (POGO), a watchdog group, filed a Freedom of Information Act request for the inspector general’s report, which was done to ensure that controls over classified technology and information on the F-35 were adequate and were being followed by the Defense Department. The report, which was completed in March, looked at selected data that related to the F-35 and found that the “government and its contractors appropriately controlled the export of classified [Joint Strike Fighter] technology to foreign companies.”

But the report criticized the Defense Department, saying it “did not always employ sufficient controls to evaluate potential unauthorized access to classified U.S. technology” on the F-35 program. The department’s Defense Security Service, which is supposed to help oversee the program, didn’t monitor BAE or evaluate its security systems, according to the report.

The DSS also couldn’t verify whether BAE had submitted required security audit reports for 2001 to 2003, the report said. As a result, the Defense Department’s “advanced aviation and weapons technology in the [Joint Strike Fighter] program may have been compromised by unauthorized access at facilities and in computers at BAE Systems,” according to the 55-page report, which had 16 pages blacked out.

In addition, the report said, BAE maintained that information in its internal audits was “privileged and not available” to the government, although there was a “special security agreement” that the contractor was to submit such reports to the Defense Department for review. The DSS did not question BAE’s assertion that the reports were off-limits to the government.

“This is government information, and BAE is stiff-arming the Pentagon,” said Nick Schwellenbach, national security investigator for POGO. “DSS failed in its oversight role to ensure that security improved. It is unknown if classified information was compromised, but it may have been, and if it was, weak Pentagon oversight was a contributing factor.”

Greg Caires, a spokesman for BAE, said the report “explicitly found no instances of unauthorized access to classified or export control information on the [Joint Strike Fighter] program.” He continued: “We strongly disagree with the IG’s suggestion that nonetheless, such information may have been compromised in some unidentified way by unauthorized access at BAE Systems.”

Cheryl Amerine, a Lockheed Martin spokeswoman, said, “The F-35 program, along with the Joint Strike Fighter program office, has put stringent measures in place with our partner companies and global supply chain to keep program information safe.”

The F-35 program is one of the most highly audited programs on record,” Amerine said, “and we know of no sensitive information that has been compromised as a result of findings in the referenced report.”