Michael Gilmore, Pentagon director of operational test and evaluation (DOT&E), issued a warning in a December 11 memo that was recently leaked to the media.
The F-35's Autonomic Logistics Information System (ALIS) "continues to struggle in development with… a complex architecture with likely (but largely untested) cyber deficiencies," Gilmore wrote.
He also cited "hundreds of unresolved deficiencies" in Block 2B software, which is what was in place when the US Marines declared initial operating capability for the aircraft in July.
The Pentagon's F-35 Joint Program Office (JPO) acknowledged the need for more robust cyber security testing of the ALIS.
"The Joint Program Office absolutely agrees with DOT&E that robust cyber vulnerability testing is essential," JPO spokesman Joe DellaVedova said in an email to IHS Jane's.
In last month's memo, Gilmore also warned that the jet's software development is in danger of falling behind.
DellaVedova acknowledged that there is approximately four months of "potential risk" in the Block 3F software testing schedule. He said that as of January 15, Block 3F development flight testing has completed approximately 50% of all baseline test points.
The office seeks to conclude testing by summer 2017 and "does not intend on 'short cutting" any required testing," DellaVedova said in an email to IHS Jane's.
The F-35 program has experienced multiple malfunctions, large cost overruns and long schedule delays. It is expected to cost some $1.5 trillion over its 55-year lifespan, making it by far the most expensive US weapons program to date.