“It could be one of a number of different actors,” Christopher Pyne, the minister for defense industry, told the Australian Broadcasting Corp. on Thursday. “It could be a state actor, [or] a non-state actor. It could be someone who was working for another company.”
The BBC describes Pyne as saying “he had been assured the theft was not a risk to national security.”
I contacted the F-35 Joint Program Office, asking how significant the hack was. Here’s their response: “The F-35 Joint Program Office is aware of this supplier cyber breach that compromised non-classified data in the summer of 2016. No classified F-35 information was compromised.”
That, of course, does not address whether “sensitive” or For Official Use Only level information was compromised. While it’s good news that this breach does not include any classified information about the F-35, it doesn’t mean that the information obtained is not useful to a potential adversary. Of course, the hacker could be someone looking to sell data to companies or to foreign governments. Without more information from the Australians or the US government it’s impossible to tell.