Help protect critical infrastructure for a safer world!

US DHS – ‘US Increasingly At Risk from Dependency on GPS’

December 1, 2015

“U.S. critical infrastructure sectors are increasingly at risk from a growing dependency on the Global Positioning System (GPS) for space-based position, navigation, and timing (PNT).”

So begins the US Department of Homeland Security’s 2012 “Risks to US Critical Infrastructure from Global Positioning System Disruptions” National Risk Estimate.

Work on the report was completed in 2011, but it was not issued until the end of 2012. It included a classified annex “GPS Disruption Threat Assessment” and the overall document was marked “For Official Use Only.”

Recently the public interest group Governmentattic.org was successful in getting the report, minus the classified annex, released under the Freedom of Information Act.

The report does include the phrase “In the short term, the risk to the nation is assessed to be manageable.” That isn’t consistent with the rest of the report, nor with what national experts were saying at the time. But it might have been an excuse for government inaction – though making America safe in the long term should have started right away.

Regardless, today, four years down the road, “the short term” has passed into history, and the problem has gotten much worse.

Spoofers now cost less than $300 each and tens of thousands of jammers are used in the US each day. The FBI and CBP have declared jammers favorite tools of organized crime. Military grade jamming and spoofing across wide areas is common in the Ukraine and elsewhere. The US military has been bombing ISIS jamming sites in Syria.

These worsening conditions were predicted in 2011 by the report’s authors: “The increasing convergence of critical infrastructure dependency on GPS services with the likelihood that threat actors will exploit their awareness of that dependency presents a growing risk to the United States.”

To make four years of inaction worse, every federal department that might be able to fix (or at least greatly mitigate) the problem seems to think it is someone else’s job.

So the next question for our elected and appointed leaders has to be “What are you going to do about it?”

I am afraid we won’t like the answers…

Here is a bit more from the 2011-12 National Risk Estimate’s executive summary (emphasis added):

“U.S. critical infrastructure sectors are increasingly at risk from a growing dependency on the Global Positioning System (GPS) for space-based position, navigation, and timing (PNT). In September 2011, after a nine-month review, U.S. Government and private sector experts concluded that portions of the Nation‘s critical infrastructure are increasingly reliant on GPS and GPS-based services. In the short term, the risk to the nation is assessed to be manageable. However, if not addressed, this threat poses increasing risk to U.S. national, homeland, and economic security over the long term.

Awareness that GPS-supported services and applications are integrated in sector operations is somewhat limited, prompting the idea that GPS is a largely invisible utility. Therefore, dependence on GPS is likely significantly underestimated with many of the critical infrastructure sectors depending on the GPS timing function. Often, these critical dependencies do not become apparent until a GPS disruption occurs. In addition, instances of both unintentional and intentional threats against those GPS services are also increasing. Although most known GPS disruptions have been unintentional, threat actors are constantly adapting their operational tactics while technology advances, making intentional disruptions more likely in the future. For example, the market for personal protection GPS jamming devices has increased markedly over the past two years. The increasing convergence of critical infrastructure dependency on GPS services with the likelihood that threat actors will exploit their awareness of that dependency presents a growing risk to the United States.”