Numerous reports and investigations have turned up a host of alarming problems.
Why the F-35 Isn't Ready for War
The Navy’s version of the F-35 Joint Strike Fighter, recently declared ready for combat, has netted unacceptably low “fully mission capable” rates—meaning it’s in fact almost never fully ready for combat—according to a document obtained by the Center for Defense Information at the Project On Government Oversight (POGO).
The fact that the Navy is pushing ahead with the aircraft in spite of evidence that it is not ready for combat and could therefore put at risk missions, as well as the troops who depend on it to get to the fight, comes at the same time as the Pentagon’s annual operational testing report for fiscal year 2018 shows that the entire F-35 program, the most expensive weapon system in history, is not ready to face current or future threats.
Sold in 2001 as a cheap multi-role fighter at a promised $38 million per plane, the troubled F-35, now at an average $158.4 million per copy, continues to dramatically underperform in crucial areas including availability and reliability, cyber-vulnerability testing, and life-expectancy testing.
For as much as the 2018 report from the Director of Operational Test and Evaluation (DOT&E) reveals about the F-35’s lack of progress in nearly every essential area, it is markedly less transparent than previous reports. It provides no updates on the crippling deficiencies highlighted in previous years, reports far fewer findings critical of the program than earlier reports, and contains almost no quantitative results on the F-35’s most urgent problems. The report omits any mention of the program’s fully mission capable rate—let alone the Navy version’s—which is the most significant measure of whether a fighter force is ready to show up for combat.
Little or no improvement in the key availability, reliability, and flying-hour metrics over the last several years means too few F-35s will likely be ready for combat when they are most needed, now or for the foreseeable future.
During durability testing, the Marine and Navy F-35s have suffered so many cracks and received so many repairs and modifications that the test planes can’t complete their 8,000-hour life-expectancy tests. The Marine version’s airframe life could be so short that today’s F-35Bs might end up in the boneyard as early as 2026, 44 years before the program’s planned 2070 sunset.
Despite years of patches and upgrades, the F-35’s most combat-crucial computer systems continue to malfunction, including the Autonomic Logistics Information System (ALIS) maintenance and parts ordering network; and the data links that display, combine, and exchange target and threat information among fighters and intelligence sources.
The program has not provided the resources necessary to build, test, and validate the onboard mission-data files that control mission accomplishment and survival.
As in previous years, cybersecurity testing shows that many previously confirmed F-35 vulnerabilities have not been fixed, meaning that enemy hackers could potentially shut down the ALIS network, steal secret data from the network and onboard computers, and perhaps prevent the F-35 from flying or from accomplishing its missions.
The all-important and much-delayed F-35 Initial Operational Test and Evaluation report—assessing whether the plane is combat-suitable and ready for full-scale production—may well not only be late (perhaps well into 2020), but may also be based on testing that is considerably less combat-realistic than planned. This is both because test personnel are forced to make do with incompletely developed, deficiency-laden planes, and the F-35 program has for years failed to fund adequate test-range hardware and realistic multi-aircraft, multi-threat simulation facilities.
But the report presents precious little hard data on maintainability; availability and flying hours; weapons-testing results; ALIS-caused maintenance problems; pilot difficulties with sensors and display; and shortfalls in testing resources and realism. By leaving out any information on the program’s fully mission capable rates, which previous years’ reports included, DOT&E keeps the public from knowing the percentage of time these aircraft are ready to perform all of their intended missions. It is unclear why this is absent from the report, but it raises questions as to whether performance has actually gotten worse, and whether the Pentagon is seeking to hide that fact.
DOT&E declined to comment on any aspect of the report.
Also not mentioned are the results of several important test activities, including summer 2018’s close air support fly-off tests between the F-35 and the A-10—which, as POGO reported, were conducted under unrealistic conditions and appeared designed to favor the F-35.
According to the report, DOT&E is withholding most new testing details and results by promising to include them in the final Initial Operational Test and Evaluation report; that report is unlikely to be published until the beginning of next year, at the earliest.
Meanwhile, the F-35 Joint Program Office (JPO) is sticking to its current schedule, which would have the program starting full-rate production for the entire fleet by the end of this year, despite hundreds of critical, unresolved design flaws.
Of the DOT&E report, the Joint Program Office said: “All of the issues mentioned are well known to the JPO, the U.S. Services, our international partners and allies, and our industry team and are being aggressively addressed. The F-35 Enterprise achieved numerous critical milestones during 2018 which have set a solid foundation for the program to complete Initial Operational Test and Evaluation and move into full rate production as planned in late 2019.”
The services did not respond to POGO’s request for comment on the DOT&E report.
POGO conducted an in-depth analysis of the report. The results, together with POGO’s reporting, reveal that the F-35 program is more deeply troubled than ever, and should be of great concern to the Pentagon, Congress, and the taxpayers, who are footing the steadily rising bill.
Fighter Jets that Can’t Get to the Fight
The most important measure of an aircraft’s readiness for combat is the “fully mission capable” rate. This is the percentage of aircraft on hand that have fully functional, non-degraded vehicle systems (flight controls and engine), electronic mission systems (radar, electronic warfare systems, computers, etc.), and weapons employment capabilities—a particularly important measure for the F-35. The 2017 DOT&E report showed a 26 percent fully mission capable rate across the entire F-35 fleet. Because the 2018 report makes no mention of this rate, it is impossible to know what the 2018 rate was.
The Navy document POGO obtained shows that the problem persists: the Marines’ F-35B and the Navy’s F-35C variants posted even worse figures in 2018 than in the previous year. The F-35B’s fully mission capable rate fell from 23 percent in October 2017 to 12.9 percent in June 2018, while the F-35C plummeted from 12 percent in October 2016 to 0 percent in December 2017, then remained in the single digits through 2018.
Based on the Navy and Marine variants’ dismally low fully mission capable rates, and on how little appears to have improved across the program since 2017, the fully mission capable rate for the full fleet is likely far below the 80 percent target rate for the program set by former Secretary of Defense James Mattis.
In response to POGO’s questions about the Navy’s fully mission capable rates, the Joint Program Office highlighted the entire F-35 fleet’s higher “mission capable” rate, a less rigorous—and less useful—measure showing how often the aircraft can perform at least one of its assigned tasks. The office also identified the lack of spare parts as the biggest factor impacting availability.
To tell how many planes can actually get to the fight requires a second measure, the sortie generation rate: that is, how many flights per day each fighter in the fleet completes. The 2018 DOT&E report makes no mention of it.
The fleet-wide sortie rates for the three F-35 variants POGO calculated from the 2017 report were extremely low, averaging between 0.3 and 0.4 sorties per day. During Operation Desert Storm, frontline combat aircraft including the F-15 and F-16 flew an average of at least one sortie per day, and the A-10 fleet averaged at least 1.4 sorties per day. Even under the pressure of recent Middle East combat deployment, the F-35’s rates have not improved. According to statements from the squadron commander, 6 F-35Bs onboard the USS Essex flew over 100 sorties in 50-plus days in the Middle East. In other words, each F-35B flew a third of a sortie per day—meaning they flew an average of once every three days—in sustained combat.
F-35 Combat Performance Shrouded in Mystery
The 2018 report leaves out most details on the F-35’s ongoing testing. The F-35 Joint Program Office ended the Systems Design and Development phase in April 2018 in a seemingly arbitrary move, despite a large backlog of design deficiencies. The program has now transitioned from developmental testing, where engineers test to see if individual system functions meet contractual specifications, to operational testing, where military combat users test whether the overall plane is combat effective and suitable, rather than just in line with contract or engineering design specifications, which sometimes do not match up with combat needs.
Specifically, the report provides no information on or results of the two preliminary Initial Operational Test and Evaluation test events completed in 2018—both of which involved limited combat realism: the cold-weather test for F-35 basing in Alaska, and the opening round of the congressionally-mandated close air support combat-effectiveness fly-off between the F-35 and the A-10.
The Pentagon’s lack of information and transparency in reporting the fly-off tests is particularly disturbing, especially in light of POGO’s investigation of mismanagement, bias, and conflict of interest in the conduct of these tests. The tests’ outcome and the future of the A-10 should be of great concern to every soldier and Marine who may find themselves in need of air firepower.
F-35 Still Can’t Shoot Straight
The report does provide some detail on the developmental testing for the 25 mm gun, though nearly all of the details are actually old results already reported in previous years. The gun is of major significance for close air support because accurate strafing is almost always a better choice than bombs or missiles when troops are endangered by close-in enemies or when enemy targets are close to civilians.
The report includes a combination of this and previous years’ testing results for each of the three F-35 models’ guns, but the most significant results involve the F-35A’s. Like most aspects of the F-35 program, because there are three service-specific aircraft, there are three different guns: an internally mounted cannon for the Air Force’s F-35A, and a belly-mounted gun pod carrying 220 rounds for the Marine Corps’ F-35B and the Navy’s F-35C, though because of differences in the shape of each variant, the gun pods are not interchangeable. DOT&E reports that, based on a small sample of developmental flight tests, the Marine Corps’ and the Navy’s model gun pods have met their engineering accuracy specifications.
In contrast, the Air Force’s F-35A’s internally mounted gun continues to demonstrate poor accuracy during testing, as in years past. The gun shoots long and to the right of targets when pilots aim using cues projected into their helmets. Adjustments to the helmet’s targeting software should be able to correct the cues to match with bullet impacts, but repeated attempts over a period of at least two years have failed. Investigators first found misalignments in the gun mounts in 2017; according to the 2018 report, “the true alignment of each F-35A gun is not known.”
Due in no small part to the inadequacy of the testing program, still other questions remain about the effectiveness of the gun’s ammunition against real targets encountered in combat. The developmental testing phase tested three ammunition types: the PGU-23, a training and practice round; the PGU-47 armor-piercing high explosive incendiary round; and the PGU-48 frangible armor-piercing round. The incendiary round is mainly for use against light armor, as it is designed to penetrate thin armor plate before detonating with a delay inside the target. The last is a nontraditional, non-explosive fragmenting round meant to punch a hole through lightly armored targets and set off secondary detonations when it penetrates into fuel or stored ammunition. Live fire effectiveness testing of the ammunition to date has been against small numbers of obsolete vehicles, obsolete planes, and plywood silhouette dummies—none of which resemble the most common threats troops encounter.
Flight testing of the gun and its ammunition has been even more limited. According to the report, there were just 19 air-to-ground strafing test missions for the F-35A “through July 2018,” in which aircraft fired approximately 3,400 rounds of the three ammunition types, approximately 70 passes of 50 rounds apiece, since the F-35A carries only 182 rounds. (For comparison, the A-10’s 30 mm gun can carry 1,350 rounds.) In order to gather useful data on ammunition effectiveness, gun flight tests need to cover at least three approach angles and three opening ranges. The report does not shed light on the specifics of the test program, but simple arithmetic suggests that if the evaluators tested each round in all the appropriate scenarios, then they only have one or two sets of data for each ammunition type, far from the amount of data needed to properly determine performance.
Nothing in the report indicates that there will be much more gun-effectiveness testing, or that there will be any of a sort that would be sufficient to compare effectiveness of the A-10’s 30 mm gun with the F-35A’s 25 mm gun, with realistic targets and numbers of passes.
The F-35 is supposed to meet or exceed the combat performance of the aircraft it is slated to replace. The F-35A is intended to eventually replace the A-10 in the close air support role. Until engineers can make the F-35A’s gun shoot straight, and demonstrate this conclusively in testing, it is unlikely that many ground troops will be willing to trust the F-35 as they do the A-10 to fire safely at enemy targets close to their positions. And likely fewer still would be willing to entrust their lives to the F-35’s 182 25 mm rounds instead of the 1,350 30 mm rounds the A-10 can carry.
Aircraft Durability Showing Cracks
The services had expected the F-35 to fly for half a century, but it is possible that many of the legacy aircraft it is meant to replace may still be in service by the time the first F-35s have been scrapped.
All F-35s are supposed to have a service life of 8,000 hours, a standard military aircraft lifespan. To ensure the design will last, each model is required to undergo three lifetimes’ worth (24,000 hours) of structural load testing to determine if they can handle the representative stress placed on them during takeoffs, landings, and in flight. In the course of this life testing over the years, engineers have found numerous instances of cracks and wear in the test airframes’ structural components and joints. For example, an attachment jointbetween the vertical tail and the airframe on an F-35A failed during testing in October 2010. This forced a redesign of the joint that was later incorporated into the manufacturing process. That test aircraft, after this repair and others, went on to complete the full three lifetime tests, and, according to the 2018 report, is currently undergoing a complete evaluation to determine what other fixes are needed and whether F-35As do indeed have an 8,000-hour life.
The Marines’ F-35B structural test airframe proved unable to complete the three lifetimes of testing. According to the 2018 report, Joint Program Office officials suspended tests on that airframe in 2017 after its second lifetime when they found the necessary patches and modifications were so extensive that the airframe was “no longer representative of the wing-carry-through structure” of the aircraft coming off the assembly line. Shockingly, there are no plans to procure a replacement airframe to test the F-35B to the full three lifetimes required by the contract. Using the data gathered during the tests the aircraft did complete, evaluators determined that the service life of the F-35B could be as low as 2,100 flight hours. That means the Marine Corps could potentially have to start retiring the first of its F-35s in seven years, and may never acquire any F-35Bs with a verified 8,000-hour service life.
Similarly, Joint Program Office officials called off durability testing on the Navy’s F-35C test airframe in the middle of the third lifetime iteration following the discovery of damage to several structural components that were deemed too costly to repair. As with the F-35B, the program office appears to have no plans to procure a replacement test airframe or to complete the required third lifetime of tests.
In order to match the service life of the later models, already-built F-35s will require costly retrofits to incorporate design modifications to fix problems discovered during even the incomplete tests.
Logistics and Maintenance System Undermines Logistics and Maintenance
The troubled Autonomic Logistics Information System (ALIS)—the massive, complex network owned and operated by Lockheed Martin, the F-35’s prime contractor—continues to vex the entire program.
The network is supposed to integrate maintenance diagnosis and scheduling and supply chain management with combat-mission planning and threat analysis. Despite years’ worth of evidence—including from the government’s own Government Accountability Office—that the system is not succeeding, Lockheed Martin claims on its website that ALIS’s capabilities will “reduce operating costs and increase aircraft availability.” In the manner of many of the Pentagon’s purportedly labor-saving efforts, ALIS has actually increased the workload of hard-pressed maintainers, due to persistent problems including false positive maintenance diagnoses, cumbersome data entry procedures, and slow uploads and downloads of data between the aircraft and ALIS. In fact, ALIS has so many flaws and has experienced so many failures that Lockheed Martin did not even use its version of the system on its manufacturing floor until March 2018.
The program fielded ALIS version 188.8.131.52 in early 2018. Units in the field reported numerous significant problems with it. Ironically, the system’s Deployment Planning Tool did not alleviate the substantial difficulties of deploying F-35 units. Users also complained about the Life-Limited Parts Management tool, saying it consumed a great deal of time and required them to manually work around the system to complete their tasks—exactly the opposite of how the system is supposed to work. In the meantime, yet another patched ALIS version, 3.0.1, has been in testing since late 2017 and has already required two revisions, the latest of which, 184.108.40.206, was introduced for use at the beginning of Initial Operational Test and Evaluation but will be upgraded again in six months.
“Manual workarounds”—a phrase that comes up in the latest DOT&E report—are a common theme in the ALIS saga. The majority of what ALIS is supposed to be able to do only works with “a high level of manual effort” by maintenance crews and administrative staff. For example, problems with the Deployment Planning Tool and transferring data generated on the aircraft into the ALIS network still have not been corrected. To complete the necessary tasks, contractor specialists must take over from the service members, causing “frequent work stoppages.” Every time an F-35 requires a maintenance action it must be logged in the system. According to the testing report, “documenting maintenance tasks in ALIS frequently takes more time than completing the maintenance action.”
When a component like an ejection seat has a problem, crews must record it in ALIS’s Electronic Equipment Logbook, which is then supposed to track parts through the supply chain. As for most such actions, ALIS is supposed to automate this process. But so far, maintenance crews have found they must instead manually enter “missing or incorrect” data into the network. The lack of standardization among vendors for the F-35’s various subsystems is one of the main drivers of problems with the Electronic Equipment Logbook feature. The outsourcing of subcontracts to about 1,500 vendors all over the country has helped buy the program widespread Congressional support, but compounds ALIS data errors, slows parts deliveries, and increases costs to the program.
With all of these problems, and the fact that many have persisted for years, “end users” (read: hard-working uniformed maintenance crews) have good reason to question the functionality of ALIS. According to the report, some crews keep two sets of books, maintaining separate databases on laptops to track the usage of parts as a check against the data ALIS generates, which frequently proves incorrect.
Many of these problems will likely continue indefinitely as the software continues to receive patches on top of patches. ALIS has gone through at least 27 versions. This year’s testing report alone includes discussion of 5. Each is meant to add functionality and correct deficiencies in earlier iterations. DOT&E reports some progress, including a patch that helped filter the false alarms that have afflicted the system. Yet ALIS continues to cause more problems than it solves. The program is planning to release four major ALIS upgrades over the next three years. The challenge inherent in this is that each version will almost certainly introduce new problems. “According to some estimates, between ten and fifteen percent of security patches actually introduce new vulnerabilities,” software developer Chad Perrin wrote on TechRepublic in 2010. The program plans to roll out more frequent, smaller releases to deal with this.
ALIS designers have their work cut out for them solving new problems and those that have endured since early in the development process. For example, nearly six years ago, ALIS’s Squadron Health Management application incorrectly reported an aircraft as non-mission-capable, while at the same time another application, the Customer Maintenance Management System, reported the aircraft as ready to fly. First identified in ALIS version 1.0.3A3 in December 2012, this problem has yet to be corrected.
Problems with ALIS are so bad that the Air Force recently announced that, with help from Lockheed, it is now working to develop a new program, called “Mad Hatter,” which would perform all of ALIS’s intended functions by incorporating Wi-Fi and touchscreens on the flight line. To be clear, taxpayers funded Lockheed Martin to create ALIS, and Lockheed made a complete mess of it. Now, taxpayers will pay Lockheed Martin to build the Mad Hatter replacement, while also footing the bill for patch after patch on the original system.
Data Files Required to Test Threat Evasion Not Finished
Program officials have not built or funded the programming capacity to build all the data files needed to power the F-35’s complex array of computers and sensors, known collectively as the aircraft’s mission systems. The full range of functionality of the F-35, particularly its use of stealth, depends on having up-to-date information about enemy ground and air radar signals, missiles, and jammers, as well as similar information about friendly units. This data is gathered into massive files called Mission Data Loads (MDLs), which the aircraft’s sensors use to identify threats, disregard friendly signals, and calculate safe flight paths. Programmers must tailor MDLs for each potential combat theater, because every country employs its own array of radar and weapon systems. These combinations change frequently, so MDLs must be continuously updated, and, accordingly, their accuracy reverified. Without up-to-date and fully verified MDLs, the F-35’s radar, electronic warfare systems, and other onboard sensors cannot properly locate, track, evade, or target enemy systems.
Programmers at the United States Reprogramming Laboratory at Florida’s Eglin Air Force Base create and update the MDLs. Because the lab’s hardware and software are so cumbersome, it took 12 to 15 months to build and test the MDLs intended for the Initial Operational Test and Evaluation stage—and these have yet to be verified as accurate. According to the report, the lab still “lacks adequate equipment to be able to test and optimize MDLs under conditions stressing enough to ensure adequate performance against current and future threats in combat.”
The Joint Program Office has mismanaged the process of creating and testing MDLs. The lab doesn’t have enough high-fidelity signal emulators to reproduce the kind and quantity of radar signals that a realistically dense enemy defense system would emit. Those emulators are needed to stimulate the F-35’s electronic warfare sensors to test whether they respond properly. The lab is funded to install eight high-fidelity signal emulator channels in each of its two test lines by the end of 2019. The program office’s own analysis shows 16 to 20 high-fidelity channels are recommended in each of the two test lines to adequately replicate near-peer threat signal environments for MDL testing—but the office has not provided funding to purchase them. Inadequate signal emulators will inevitably lead to inadequate test MDLs—and, far more seriously, will lead to inadequate MDLs for use in real combat, which could put missions and troops at risk.
While the program has already fallen behind in the production of these critical files, the situation will only get worse as it presses forward with the current so-called follow-on modernization phase, variously known as Block 4 or Continuous Capability Development and Delivery (abbreviated as C2D2). This nomenclature is effectively a smokescreen for evading the onerous milestones, capability definitions, and schedule commitments of a normal development phase for any major weapons program. The Continuous Capability “innovation” allows the Joint Program Office to roll out small increments of new and ill-defined capabilities every six months or so, thereby escaping responsibility for not having met the standard schedule and capability thresholds for the development phase. A substantial portion of the Continuous Capability rollouts will actually be fixes for the mountain of unresolved deficiencies that remained when the Joint Program Office arbitrarily called off the formal development phase in 2018. Taxpayers have already paid for the development phase. They will now be billed again to fix the many lingering problems and complete what the program left undone.
The Continuous Capability rollouts of new hardware and software every six months will necessitate continuous new MDL updates and, worse, “continuous” operational testing—a veritable nightmare for the programmers at the lab, and even more of a nightmare for the operational testers. With 6 current F-35 configurations, plus at least 4 new Block 4 iterations planned, and 12 geographic regions requiring region-specific MDLs, the Reprogramming Laboratory will have to create, update, distribute, and manage at least 120 MDLs. Creating new MDLs for that testing is estimated to take eight months, and, according to DOT&E, even minor updates take “several months.” The program office has not identified the manpower or hardware required for the task, and has not contracted for it.
Cybersecurity Concerns Continue
Pentagon officials have touted the F-35’s supposed advantages as a “computer that happens to fly.” The aircraft derives almost all of those advantages from the intricate internal and external network of hardware and software linking it to other aircraft, intelligence sources, ground stations, satellites, software labs, maintenance computers, and more. Testing for cyber vulnerabilities is therefore crucial to any evaluation of the program. The Government Accountability Office released a report in October 2018 showing that nearly every software-enabled weapon system tested between 2012 and 2017 can be hacked, often by simple means like looking up default passwords online for commercially available software. Numerous parts of the F-35 program use this kind of software; ALIS runs on Windows, for example.
Cybersecurity testing has long been part of F-35 program evaluation. The testing office is mum on the specific issues found so far, but reports that as of 2018 “some of the vulnerabilities identified during earlier testing periods still had not been remedied.” DOT&E calls for more cyber testing of the aircraft and of the program’s supply chain to “ensure the integrity of hardware components for initial production of air vehicles and ALIS components, plus resupply of replacement parts.”
So significant are DOT&E’s concerns about the integrity of ALIS that the report reiterates an earlier warning that program officials should find a way to operate the F-35 entirely without it, in case the network is compromised. F-35 program office officials claim that an F-35 can fly for at least 30 days without connecting to ALIS to exchange data and log maintenance actions. DOT&E wants the program to do better than that. “In light of current cybersecurity threats and vulnerabilities, along with peer and near-peer threats to bases and communications, the F-35 program and Services should conduct testing of aircraft operations without access to ALIS for extended periods of time.” However, DOT&E has not planned or mandated a testing event to confirm whether or not the F-35 can operate without ALIS for 30 days or more.
The fully integrated nature of all F-35 systems makes cybersecurity more essential than for any other aircraft. Legacy aircraft already in service are equipped with software-enabled subsystems, and while a hacker could penetrate the GPS system in a legacy system, because the subsystems are not fully integrated, a hacker could not also access the communications system, for example. The F-35 is inherently far more vulnerable. Lockheed Martin brags on its website about the aircraft’s “sensor fusion” that connects all of the onboard subsystems, such as the Active Electronically Scanned Array radar; the Distributed Aperture System; and the Communications, Navigation, and Identification Avionics system. That means enemy cyber-warriors need only compromise the software of one of these to corrupt the entire system. According to the 2018 Government Accountability Office report: “A successful attack on one of the systems the weapon depends on can potentially limit the weapon’s effectiveness, prevent it from achieving its mission, or even cause physical damage and loss of life.”
A 2007 incident shows what this could look like. A flight of F-22 fighters crossing the Pacific lost all of their systems when they passed over the International Date Line. In that case, a software glitch in the main processor wreaked havoc on all of the systems connected to it, including navigation, communications, and fuel indicators, forcing the flight to divert back to Hawaii. That was just the result of a coding error. It is not difficult to imagine what a hacker with malign intent could accomplish.
F-35 Can’t Be Tested Against the Most Serious Threats
The transition from developmental to operational testing is a milestone in any weapons program. For the F-35, it came nearly a decade late. Now, even with the extra time, the program has started the process with no apparent plan to resolve major, potentially life-threatening design flaws, and without several of the tools necessary to properly evaluate the aircraft’s combat effectiveness or suitability in the hands of troops serving on the front lines. The program office appears to be planning to complete this phase of testing without making a proper evaluation possible.
Prior to beginning the operational testing phase, officials had also failed to properly address 941 design flaws during the program’s development phase, with 102 listed as “Category I” flaws that “may cause death [or] severe injury,” or lead to major damage to the aircraft or seriously inhibit combat effectiveness. As POGO reported, rather than taking the proper corrective actions, program officials made paperwork adjustments in a series of meetings during the summer of 2018 to make some design flaws, like one involving the emergency transponder and another with the F-35A’s emergency tailhook, appear to be less serious “Category II” deficiencies.
Each of these 102 flaws could ground aircraft or force them to abort missions. These design flaws likely also contribute to the program’s poor availability rates. According to DOT&E, this will have an impact on the operational testing process, which requires an 80 percent availability rate for the 23 aircraft instrumented for operational testing. The fleet is averaging a monthly rate “well below” 80 percent (the rate is not specified in the report), which “will remain a challenge for the efficient conduct and timely completion of [operational testing].”
The operational testing plan also hinges on use of a complex simulation facility capable of reproducing the multi-plane enemy and friendly formations and the dense threat environment inevitable in any war against a near-peer adversary. This is necessary because the available test aircraft and the open-air test ranges in the western United States cannot replicate all the modern threats flights of six or more F-35s might face.
But, troublingly, DOT&E reports that the simulation facility is not expected to be fully functional until late 2019, right at the end of the current operational testing schedule. “Without [the simulator], the IOT&E will be unable to adequately assess the F-35 against dense and modern threats that are not available for open-air testing, resulting in operational risk,” the report states.
Known as the Joint Simulation Environment and located at Maryland’s Naval Air Station Patuxent River, the facility took over from the mismanaged and failed Lockheed VSim simulator development program. Programmers are now attempting to develop accurate, verified and validated F-35 cockpit simulators and ground and airborne threat simulators for pilots to fly virtual multi-ship missions against multiple enemy missile and aircraft defensive arrays, but, according to the report, this has run into serious problems.
The simulation facility can only produce credible and useful test results if its computer programs are based on accurate data from the F-35’s demonstrated flight, sensor, and weapons performance—and, according to the report, it is not clear that they are. The necessary data is gathered during flight tests and integrated into the simulation program, which is then supposed to complete a verification and validation process. However, DOT&E found that simulator development began without the crucial verification and validation step having been completed. On top of that, the basic and essential terrain modeling—familiar to anyone who has used a flight simulator on their home computer—has yet to be finished. Most distressingly, the physical facilities where all of this operates, which are to include cockpits and visuals, and even the buildings themselves, were not even completed by the start of operational testing.
Yet it appears that the F-35 program office intends to keep to its current operational testing schedule. Because the simulators will likely not be complete until the tail end of the schedule, the resulting report assessing the F-35’s combat suitability will likely have no valid basis for judging whether the F-35 can survive against a dense, multi-threat environment or whether it can function effectively in real-world four- or eight-ship formations.
Conflicts of Interest Skewing Operational Testing Results
Ensuring the absence of bias in test planning, execution, and reporting is just as important as having adequate resources and managing testing competently. Congress created DOT&E in the 1980s as an independent testing office in the Department of Defense to end the practice of contractors and the services’ acquisition advocates writing and grading their own exams. Nevertheless, the F-35 program office approved Lockheed Martin, the F-35’s prime contractor and the firm with the most to gain from a favorable operational assessment, to conduct one key F-35 system test and to analyze and report on the results of another.
First, instead of using a government cyber red team, as it should have done to avoid even the appearance of a conflict of interest in the process, the program office paid a Lockheed Martin red team to do the cybersecurity testing of the company’s own ALIS network—the heart and brains of the worldwide ALIS network—as part of the overall cyber-vulnerability evaluation of ALIS.
Second, the program office paid Lockheed Martin to analyze F-35 live-fire vulnerability tests and produce the F-35 Vulnerability Assessment Report on whether the aircraft met their contractual specifications and military requirements for pilot survival against four air-defense threat weapons. The Lockheed study determined, according to this year’s DOT&E report, that the three “F-35 variants meet [Joint Strike Fighter] JSF contract specification requirements to enable safe ejection of the pilot in the event of an engagement” for three out of the four threats. That’s the opposite result from the 2017 DOT&E report, which stated that the F-35B failed to meet pilot-survival specifications for three out of the four threats, and that the F-35’s vulnerability was higher than expected. The Lockheed analysis also concluded, unsurprisingly, that the F-35 met its military requirements to be at least as survivable as the legacy F-16 by managing to return to safe territory after being hit by each of the four threats.
Curiously, Lockheed’s Vulnerability Assessment Report did not analyze the other major legacy plane slated to be replaced by the F-35, the famously survivable A-10. Apparently to temper suspicions of bias, DOT&E states it will do an independent review of Lockheed’s conclusions—but it will not report the results until after operational testing is complete, so the results will be all but useless for this key phase.
Lockheed was also entrusted with doing an overall analysis and summary of all of the Navy’s F-35 live-fire-test data, which will likely influence all future computer modeling of F-35 survivability rates in combat. The DOT&E report does not indicate when this study is expected to be released.
Report Missing Key Data to Assess Progress
At 14 pages, this year’s assessment is much shorter than those of previous years. The 2017 report was a full 29 pages, while the 2016 report was 61. The gap between the arbitrary end of developmental testing last April and the beginning of operational testing in December 2018 partially explains this report’s brevity.
But that does not explain the omission of significant information from this year’s report, particularly areas of reporting that had been included before. As noted earlier, the report does not contain a single mention of the program’s fully mission capable rate, from this year or any year. The 26 percent rate reported in the last assessment was appalling, and likely caused program leaders a great deal of embarrassment. That is hardly an excuse to leave out the figure this year.
DOT&E also withheld new data about key performance metrics that were included in the 2017 report. The 2018 report contains only two charts of data, down from last year’s ten. The 2017 report included a chart showing the program’s availability rates broken down by location, with detailed numbers. This year’s report simply said the rate was below the program’s goal of 60 percent.
The 2017 report also included a chart listing the weapons delivery accuracy test events and the success and failure status for air-to-air missile firings, air-to-ground deliveries, and gunnery. Aside from the discussion of the gun test, no mention of the program’s combat-testing performance appeared in the 2018 report—even though further tests were conducted. Security concerns must not have been the deciding factor in leaving that out, as the Air Force made public a successful test event in April 2018, well within the reporting period of the latest assessment.
Under federal law, the testing office must write an annual report on the programs it reviews and submit an unclassified version simultaneously with submission of any classified version. The smaller amount of information included in this report compared to previous years suggests that DOT&E may be taking cues from the White House and Pentagon leadership on reducing transparency and withholding information that had previously been made public.
Testing Office and Congress Must Protect Troops and Taxpayer Interests
Now nearly a decade behind schedule and $200 billion over budget, the F-35 program continues to perform far below expectations—and is nowhere near to fulfilling the Pentagon and Lockheed’s many promises. Its continuing performance and design failures are not commensurate with the massive investments made for the past 20 years. At this point, the operational testers should complete the original stringent testing plan agreed to by the services, the F-35 program office, and DOT&E, without succumbing to powerful political pressure to sacrifice combat-realism for expediency. Only then will anyone know if the F-35 will actually work in combat—and whether our troops would be well supported when the F-35 replaces the A-10. Until then, to serve the troops and taxpayers better, Congress should stop increasing F-35 production rates every year, as every incompletely tested, deficiency-laden F-35 built will waste even more taxpayer dollars on costly retrofits.
Congress should also demand that DOT&E return to its previous transparency. Lawmakers should then use that operational test transparency to shoulder their oversight responsibilities, and demand that the withheld information be made public.
The American people, especially the men and women who will have to trust their lives to the F-35, deserve nothing less.
This article by Dan Grazier originally appeared in The Project on Government Oversight on March 19, 2019.