Blog Editor’s Note: GPS disruptions have brought down networks, disabled end use devices, and provided bad data to users which has been used and stored. Yet few in the cybersecurity field see it as something they are responsible for worrying about.  Good to see this is finally getting some visibility.

Houston Chronicle

GPS system highly vulnerable, with no backups, says Paul Hobby

The satellite-based Global Positioning System has no backup system and is frighteningly vulnerable to a devastating attack, a scion of the venerable Hobby family told a cybersecurity conference Friday.

GPS is a critical part of 21st-century life, integral in everything from navigation to the timing of traffic lights to aviation and communications. But Paul W. Hobby said attempts to fund a backup system have stalled in the U.S. Congress.

Some stopgap measures are being developed. Still, he said, a failure of the system could be catastrophic.

Hobby, who is chairman and CEO of Texas Monthly magazine and has a background in investing and helping run telecommunications companies, likened ignoring a cyber threat to Houston’s decades of not dealing with flooding issues.

“When there is a known risk, you have to confront it,” Hobby said in the opening keynote of the symposium at the University of Houston-Downtown. “If you don’t confront the music, or in our case the water, it will come to face you.”

The GPS system involves 32 satellites orbiting 22,000 miles above the earth. Most people know it as the system that provides location information for mapping and navigation programs, such as Google Maps or Apple Maps.

But GPS also provides other services, such as timing, that are used in a variety of industries. Hobby said GPS timing is used by 15 of the 16 infrastructure resources in the United States deemed critical, and 13 of those service would fail completely without GPS. One of those is the electricity industry, which relies on GPS for helping manage the power grid.

Hobby cited a recently declassified, 219-page assessment of the risks to GPS prepared by the Department of Homeland Security. According to that document, the biggest risk to the system would be GPS jammers, a technology that exists and is relatively inexpensive to procure.

DHS National Risk Estimate … by on Scribd

Hobby talked about a 2013 case in which the owner of a pickup truck equipped with an inexpensive GPS jammer – which is illegal – was parked near Newark International Airport. The man was trying to block a GPS reporting system his employer installed in the pickup so his boss wouldn’t know where he was. The jammer caused interference with the airport’s GPS-based system that helps aircraft take off and land.

“If one trucker with a scurrilous but relatively benign attempt to deceive his employer can bring down Newark Airport, imagine what a larger-scale attack could do,” Hobby said.

Fixing GPS is not easy because it involves “expensive, space-borne equipment,” Hobby said. But efforts are being made.

The European Union has embarked on a program to shore up GPS, but it’s seven years behind and $1 billion over budget, Hobby said.

The most promising plan is to restore and enhance a ground-based system once used by aviation and maritime operations. LORAN, which stands for Long Range Navigation, was radio-based and dates back to World War II. It was in use until 2010 when it was shut down and replaced with GPS services. Hobby said efforts are underway to restore the system with more modern technology. It is being rebranded as eLoran.

“eLoran is virtually immune to the weakness of GPS,” Hobby said.

Funding for the eLoran project has been approved by the U.S. House but has failed in the Senate three times. Among the backers of the bill at U.S. Sen. Ted Cruz, R-Texas, and U.S. Sen. Edward Markey, D-Mass.

“Wouldn’t you like to be a fly on the wall at those meetings?” Hobby said.

Dan Wallach, a professor of computer science at Rice University who attended the symposium, suggested it might be possible to have the many cell phone towers around the country provide a GPS backup.

“There’s nothing to say we can’t have every cellular base station doing the same thing, giving useful redundancy beyond GPS,” Wallach said via email. “To some extent, E911 already does this, and many companies and research groups are actively studying how to do this indoors with WiFi.”

Dwight Silverman is the technology editor for the Houston Chronicle and the grillmaster for the TechBurger tech news site. Follow him on Twitter and Facebook.

Link to Article in Houston Chronicle