Language

Avoiding The Coming Disaster in GPS Cybersecurity

Did you know that the US Naval Academy reinstated training in celestial navigation in 2015? I, for one, hadn’t known they’d ever discontinued this seemingly essential element of naval training. It turns out Annapolis stopped teaching cadets how to navigate ships by the sun, moon and stars in 2006. As Lt. Cmdr. Ryan Rogers, then the deputy chairman of the academy’s Department of Seamanship and Navigation told the Capital Gazette, “We went away from celestial navigation because computers are great. The problem is, there’s no backup.”

It’s a good thing the Navy has returned to teaching celestial navigation. The Navy was either prescient in its renewal of celestial navigation, or it knew something no one else did. Commander Rogers was right. (He’s been promoted since the article appeared in the Gazette.) There is no backup, nor can satellite signals cannot be trusted. As NBC News recently reported, Russia is engaged in widespread spoofing of GPS signals in order to protect its military sites from drone surveillance and attacks.

How widespread is the practice? According to NBC, citing a report published by the Center for Advanced Defense Studies (C4ADS) Russia has engaged in 9,883 cases of suspected satellite navigation spoofing since 2016. These deceptions have affected over 1,300 civilian vessel navigation systems.

GPS spoofing works by sending out strong but deliberately incorrect navigation signals to confuse GPS receivers. According to researchers at the University of Texas at Austin, who collaborated with C4ADS on the report, the Russian GPS spoofing signals were about “500 times stronger than authentic GNSS (global navigation satellite systems) for aircraft flying within line of sight of the transmitter.” The research team used a GPS sensor on the International Space station to pinpoint the spoofing transmitter, which turned out to be located at Russia’s Khmeimim airbase.


On the Front Lines Fighting GPS Spoofing

 

The revelations shared by NBC are not news to Yonatan Zur, CEO of Regulus Cyber, which offers solutions to mitigate GPS spoofing. He reacted to the NBC story by saying, “Previous Russian GNSS (GPS) attacks such as the June 2017 Black Sea region spoofing that threw over 50 ships off course, or in November 2018, when a Norwegian frigate suffered a navigation failure leading to a collision with a commercial tanker, remind us of the dangerous collateral effect on civilian maritime operations.”

As Zur has seen, GPS instruments typically have no native defenses against spoofing attacks. Regulus has tested dozens of systems, including mobile phones and cars for their susceptibility to GPS spoofing. His team has had 100% success in spoofing cars. “It only takes a few seconds to take control of the car’s GPS,” he said. In one case, Regulus was able to make an autonomous vehicle 55 miles per hour in a 25 zone. With phones, the team was able to change location and time, even when the phone was locked.

The NBC report also concerned Zur regarding aviation. He observed, “Commercial aviation is affected, like with what we saw with GPS interference that caused passenger airplanes to miss the runway at Manila Airport during a three-month period in 2016. The civilian airliners operating in and around Norway and Finland experienced GPS disruptions during the second half of 2018.”

Regulus offers solutions that detect and remediate GPS spoofing. One of their products takes an off-the-shelf GPS receiver and adds a patented array of small antennas. The hand-sized device is able to provide accurate navigational data and detect spoofing. It’s been created in accordance with guidance from the FAA, which has specified classes of GPS spoofing. The company is also developing a software-based solution that can be added to the operating system of a device that uses GPS. The software uses an algorithm to make a GNSS chip more resilient to spoofing.

It’s Time to Be Serious about GPS Spoofing

Zur thinks the GPS issue needs to be taken more seriously by industry and government. “Interfering with GNSS (GPS) signals is a common practice among state actors, as part of their electronic warfare strategy.” Everyone should take note. He explained, “This has a dangerous collateral effect on civilian systems as well. With more civilian infrastructure and transportation technologies dependent on GNSS, it is the responsibility of the commercial market to prepare with commercial solutions to protect against jamming and spoofing.”

People are starting to take note. Zur is now in dialogues with government entities in the United States and Europe regarding building stronger countermeasures against GPS spoofing. “A lot of money is on the line,” he added, citing EU research that claimed 7% of the EU GDP (Approx. €800 billion) was dependent on satellite navigation.  “We are in a race now to protect our economies and national security apparatus against navigational deceptions,” Zur said.

*Originally published by Hugh Taylor on Journal Of Cyber Policy
https://journalofcyberpolicy.com/2019/04/10/avoiding-coming-disaster-satellite-based-navigation/
Photo Credit: wuestenigel Flickr via Compfight cc