Protecting GNSS

Constructive action is required globally if we are going to develop safe, secure infrastructures for providing highly accurate and precise PNT services that are relied on to keep our society operating.

BY Guy Buesnel

Access to Global Navigation Satellite System (GNSS) has become a fundamental expectation and a mainstay of the modern world. While the low strength of GNSS signals received on Earth means that they are particularly vulnerable to RF interference, multipath and atmospheric events, the use of GNSS to obtain precise timing and positioning data has become ubiquitous. In many cases, systems have dependencies on GNSS data that are not readily understood or recognized. The impacts of GNSS denial or disruption on these systems are largely unknown or untested, so when a disruptive incident does occur, the consequences are at the very least unexpected and can cause complete failure of dependent systems.

The COVID-19 pandemic has made the task to secure our GNSS signals even more urgent. The recent blockage of the Suez Canal by a large container ship demonstrates just how quickly our just-in-time supply chains can be severely affected by an event.

Increasing risks

During 2019 and 2020, there was a concerning rise in the number of GNSS jamming and spoofing incidents worldwide. Several of those incidents have had widespread impacts, including, for example, the reported spoofing of commercial shipping in the Black Sea in which hundreds of ships were affected, as well as the recent report by Eurocontrol that over 3500 GPS outages were reported to them in 2020.

Internal flights in the north-east of Norway lost GPS reception multiple times in 2017 and 2018. This was attributed to jamming from nearby Russia — either as part of a Russian military exercise, or as a deliberate attempt to disrupt the NATO exercise Trident Juncture. Russia, however, denied the allegations. Military jamming exercises in the United States are also having an increasing impact on commercial and private aviation – such that the Aircraft Owners and Pilots Association has appealed to the FAA to recognize military GPS jamming as a safety risk.

These nation-states initiated jamming and spoofing incidents often have the unintended consequence of affecting significant numbers of commercial users who have the misfortune of being located in the range of the powerful equipment that is available to nation states.

The strong need for an assured, secure PNT for critical national infrastructure has even led to GNSS being singled out as a priority area

Real impacts

In June 2019, iHLS reported that container ports in Haifa and Ashdod experienced loss of GPS reception, attributed to the ongoing Syria conflict. GPS-guided autonomous cranes were unable to operate, meaning the ports had to revert to manual methods of loading and unloading cargo. This incident has echoes of the hours-long shutdown experienced by an unnamed port on the US East Coast in 2014, in which the source of the jamming was never identified, or at least not made public.

In 2016, more than 20 ships off the Crimean Peninsula reported that their electronic chart displays were showing their location as being on land. This was widely attributed to Russian GPS spoofing equipment designed to protect President Putin from possible drone attacks. The theory gained credibility with a March 2019 report by the Center for Advanced Defense Studies which also notes similar incidents in the Black Sea’s Kerch Strait.

On 23 September 2020, The US Department of Transportation’s Maritime Administration (MARAD) issued a new warning on GPS interference affecting commercial shipping, following reported instances in eastern and central Mediterranean Sea, the Persian Gulf and multiple Chinese ports.

There is increasing evidence that criminals are using GNSS jammers routinely for the theft of luxury cars or cargo shipments. The jammers are used to mask the location of the car when it is being stolen, then the location of the shipping container. Taking it a step further, it was reported that cargo thieves in North Florida used GPS jammers with a stolen refrigerated trailer containing a temperature-controlled shipment. In this incident, the hauling tractors were swapped out by the cargo thieves.

The GPS Week Number Rollover is a phenomenon that happens every 1024 weeks (19.6 years). The GPS broadcasts a date, including a weekly counter that is stored in only ten binary digits. The range is therefore 0–1023. After 1023, the internal value “rolls over”, changing to zero again. Older software that is not coded to anticipate the rollover to zero may stop working or could be moved back in time by 20 or 40 years. The New York City Wireless Network, which controls traffic lights and other key functions within the city, was adversely impacted for 11 days in April 2019. A report concluded the outage could have been prevented had firmware updates been conducted in advance of the rollover event.

Each of these incidents show that commercial users (and parts of our supply chain) are at risk from the possible impacts of GNSS disruption. Even if they are not the intended targets, all it takes is being in the wrong place at the wrong time. With such impactful repercussions, why do these attacks continue to fly under the radar and go unaddressed while ransomware makes headlines daily?

Improving security

The “Father of GPS”, Dr Bradford Parkinson proposed the “Protect, Toughen, Augment” framework for securing GNSS. This is a constructive approach to improving the overall security of systems dependent on GNSS for precise PNT data. “Protect” covers operational-type measures, such as improved legislation, regulations and standards, “Toughen” covers improving the resilience of the system (including the GNSS receiver), and “Augment” is concerned with the use of complementary technologies to augment GNSS. Applying the framework to improve GNSS security is the most cost-effective way to carry out a risk assessment and audit existing GNSS dependent systems. The audit should include an assessment of the system’s current levels of robustness and resilience against real world threats and its ability to detect anomalies, as well as confirm the software and firmware are up-to-date.

Risk assessments and audits should also identify where and how the precise positioning and timing info is used and what the constraints are on integrity, continuity and availability of GNSS inputs in addition to any impacts of degraded performance. Creating a recovery plan in the event of significant disruption is also an important consideration.

Constructive action is essential

Our widespread dependencies on GNSS means it is essential to secure its use in all critical application areas. Having the ability to carry on as normal when GNSS is denied or degraded is obviously a highly desirable state of affairs. The US and UK have both been proactive in raising awareness of GNSS vulnerabilities by developing frameworks and strategies that will reduce sole dependencies on GNSS in crucial areas, such as national critical infrastructure. The strong need for an assured, secure PNT for critical national infrastructure has even led to GNSS being singled out as a priority area in the recently published UK Integrated Review. However, this is not enough. Constructive action is required globally if we are going to develop safe, secure infrastructures for providing highly accurate and precise PNT services that are relied on to keep our society operating.

Guy Buesnel is PNT Security Technologist at Spirent Communications​.

More Prime Read