The F-47’s data security depends on CMMC certification and the zero trust model, which are essential for countering cyber threats.

The Boeing F-47, the US Air Force’s future 6th generation fighter, is at the heart of cybersecurity concerns. To protect sensitive data, the Department of Defense (DoD) is requiring the adoption of Cybersecurity Maturity Model Certification (CMMC) and the zero trust model. These measures are designed to prevent intrusions, particularly following past incidents involving data theft from the F-35 and F-22. Rigorous implementation of these standards is crucial for Boeing and its subcontractors to ensure the security of classified information.

The F-47: a strategic program under close scrutiny

The Boeing F-47 is the sixth-generation fighter developed as part of the US Air Force’s Next Generation Air Dominance (NGAD) program. The planned successor to the F-22 Raptor, the F-47 incorporates advanced stealth, sensor, and connectivity technologies. Technical details remain classified, but the goal is to deploy the aircraft by the end of the decade.

The contract awarded to Boeing, estimated to be worth $50 billion (approximately €46 billion), represents a major opportunity for the company, particularly after difficulties encountered on other programs. However, this ambitious project requires special attention to cybersecurity to protect sensitive information from potential threats.

CMMC certification: a must for data security

The Cybersecurity Maturity Model Certification (CMMC) is a DoD initiative aimed at strengthening cybersecurity within the defense industrial base. It comprises three levels of certification:

• Level 1: Basic measures to protect federal contractual information.
• Level 2: Compliance with the 110 security controls in NIST SP 800-171 to protect controlled unclassified information (CUI).
• Level 3: Advanced protection against advanced persistent threats, including additional requirements from NIST SP 800-172.

For the F-47 program, Level 3 is required, involving rigorous audits every three years by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). Boeing has already demonstrated 100% compliance with the 110 NIST controls during the joint surveillance program in 2024.

The zero trust model: a proactive approach to cybersecurity

The zero trust model is based on the principle of never trusting a user or device by default, even if they are inside the network. Each access request is verified in real time, based on various parameters such as identity, location, and behavior.

This approach is particularly relevant for the F-47, given the sensitivity of the data involved. It limits the lateral movement of attackers in the event of a breach and strengthens the network’s resilience to internal and external threats.

Subcontractors: an essential link in the security chain

The security of the F-47 program also depends on subcontractors’ compliance with CMMC standards and the zero trust model. Every company handling sensitive information must demonstrate its ability to protect this data. The DoD recommends that companies verify the legitimacy of providers offering certification services to avoid scams.

It is crucial that Boeing ensures that its entire supply chain complies with these requirements in order to prevent any security breaches that could compromise the program.

Consequences of inadequate cybersecurity: the precedent set by China’s J-20

Current cybersecurity concerns are reinforced by past incidents. Intrusions attributed to China have led to the theft of sensitive data on the F-35 and F-22 programs, facilitating the development of the Chinese J-20 fighter jet, which bears similarities to US aircraft.

This precedent highlights the critical importance of protecting classified information. A compromise of F-47 data could not only result in economic losses, but also compromise the technological superiority of the United States.

Outlook: strengthening cybersecurity to ensure air superiority

The rigorous implementation of CMMC certification and the zero-trust model is essential to ensure the security of the F-47 program. These measures must be integrated from the initial stages of development and maintained throughout the aircraft’s life cycle.

By strengthening cybersecurity, Boeing and its partners are helping to preserve US air superiority and protect strategic technology investments.

Get in touch to live a unique fighter jet experience – we fly in France AND YOU CAN TAKE THE CONTROLS!!!