The UK’s critical national infrastructure is more reliant on GPS than it knows – and must take steps to protect against jamming, spoofing, and other types of damaging interference, says Blackett report.
First the US Department of Homeland Security, now the UK Government Office of Science.
On both sides of the Atlantic, governments are warning operators of key services to step up their approach to risk management around global navigation satellite systems (GNSS).
Last week saw the publication of the Government Office of Science’s long-awaited Blackett review, titled Satellite-Derived Time and Position: A Study of Critical Dependencies. It’s the result of a thorough investigation into how much our critical infrastructure relies on GPS and other satellite navigation systems, and makes recommendations to mitigate the growing risks associated with that dependency.
(Disclosure: I was honoured to be an expert contributor to this report, on behalf of Spirent.)
An essential read for any organisation that relies on GNSS
The 86-page report makes essential reading for any public sector or commercial organisation that relies on GNSS signals for position, navigation and timing (PNT).
It clearly sets out the crucial role played by GNSS in all aspects of critical infrastructure – from helping to regulate the supply of electricity, to ensuring our farms can produce enough food to sustain our growing population.
It spells out the risks arising from this level of reliance. GNSS signals are highly vulnerable to interference from all kinds of natural and man-made sources, including jamming; spoofing; space weather; solar activity; the presence of tall buildings or structures; radio activity in adjacent frequency bands; and even noise from other elements inside the receiving system’s circuitry.
Added to that, in recent years we’ve seen a surge in instances of cyber-criminals hacking GPS-dependent systems at the application level, such that the system misinterprets the signals received from the satellite system, or locks on to fake signals, and produces an erroneous response. One high-profile example is the way Pokémon GO players spoofed the AR-based smartphone game to appear to be in different locations, in order to catch rare Pokémon.
Many organisations are unaware of their dependence on GNSS
The report highlights a major concern that I share, based on countless conversations I have had over the past few years – that many decision-makers in critical infrastructure providers are unaware of the extent to which their services rely on GNSS signals, and unaware of how vulnerable those signals are to disruption.
I have found that levels of awareness are especially low when it comes to the use of GNSS signals to provide precise timing data; the sort that’s used to co-ordinate the flow of electricity across the power grid, or the execution of high-speed transactions across a financial trading network. Many senior executives are simply unaware that this timing data is ultimately derived from GPS or another satellite navigation system, so the threats to those signals are overlooked in their risk assessments.
Energy grids at risk from GNSS spoofing
That’s especially important because the risks to stationary GPS timing receivers are growing. In January 2015, for example, a manufacturer of a GPS-dependent grandmaster clock commonly used in energy grids self-reported a vulnerability that made one of its models susceptible to GPS spoofing attacks. This was hardly remarked upon at the time, as GPS spoofing was then a very obscure technique that was very difficult to carry out, requiring advanced electronics knowledge and expensive equipment.
But later in the same year, a team of Chinese cybersecurity researchers demonstrated a “home-made” spoofer built with cheap components and open-source software, and requiring no special knowledge of how the GPS signal is constructed. Suddenly, GPS spoofing was something any opportunistic hacker could do – and critical infrastructure like energy grids became highly vulnerable almost overnight.
Ten recommendations for users and government
It’s this kind of threat that the Blackett review seeks to mitigate. It makes 10 recommendations in all, which can be rolled up as follows:
Operators of critical national infrastructure should conduct proper risk assessments to understand the threats to GNSS signals and the systems (and systems-of-systems) that rely on them, model the potential impact of GNSS disruption on their services, draw up their own standards for receiver quality, and put appropriate backup and mitigation measures in place to ensure continuity of service in the event of interference or loss of signal. This could involve planning for the use of eLORAN as a supplementary or back-up to GNSS in the event of disruption. They should also report their risk assessment findings to Government, which should build up a picture of the UK’s risk exposure at the ecosystem level.
Government departments should collaborate to improve the resilience of the UK’s critical national infrastructure, including reviewing the law around ownership of jammer-type devices; looking at the potential impact of new spectrum allocations on GNSS signal quality; and helping organisations to access appropriate testing and validation services.
Government should take a more co-ordinated approach to determining and enforcing performance standards for GNSS-reliant systems in critical national infrastructure, working with industry and standards bodies. (Currently, standards exist for some CNI sectors and systems, but not others.)
All GNSS user organisations should conduct a risk assessment
In its recommendations, the report echoes the advice I’ve been providing in these blogs for three years now. Any organisation that relies on GNSS to carry out its work or deliver services to others should conduct a thorough risk assessment to understand their level of dependence on the signal, and how interference to the signal could disrupt or compromise that work.
Organisations that identify a critical dependence on GNSS will need to carry out tests to understand how their receivers and associated systems behave in the event of GNSS disruption. That can involve some complex scenarios, especially to determine how receivers might react to spoofing or other types of disruption in which the signal is distorted or falsified, rather than simply unavailable.
The report notes that testing with “live” signals is insufficient to fully understand the impact, and that operators of critical national infrastructure should avail themselves of professional testing facilities and simulation equipment to model and test complex scenarios.
I was delighted to see Spirent cited in the report as a UK centre of excellence for professional testing and validation of PNT equipment, and I would encourage anyone concerned about how to test for GNSS-related vulnerabilities to contact us for advice.
Stay up to date with GNSS cybersecurity developments
Threats to GNSS-based position, navigation and timing (PNT) systems are evolving all the time. To stay up to date with the latest news on GNSS vulnerabilities, join the growing community in the GNSS Vulnerabilities LinkedIn Group.