Blog Editor’s Note: An excellent article that reflects an important shift in the way people are thinking about this problem. We have recently been talking to very senior officials at the Department of Defense, Department of Homeland Security, and the White House.  All agree with this article. Let’s see what they do about it.

Security and SatNav Experts Agree: GPS Is a Cybersecurity Issue

The new Cybersecurity Solarium Commission should consider addressing GPS vulnerabilities as it develops a strategy to protect the U.S. against attacks on its computer systems and infrastructure, experts agreed.

Inspired by an analysis that guided officials during the Cold War, the U.S. is about to launch a yearlong assessment of its cybersecurity situation with the goal of devising a long-term strategy

Sixty-five years ago Project Solariumrecommended containment as the best game plan for dealing with the Soviet Union. It’s newly approved namesake, the Cybersecurity Solarium Commission, will soon gather top federal officials, members of Congress and subject matter experts to determine how best to protect “the crucial advantages of the United States in cyberspace against the attempts of adversaries to erode such advantages.”

“Eisenhower in the early 1950s recognized that we were well into the nuclear era and yet we didn’t have an offensive strategy or a defensive strategy,” said Sen. Ben Sasse, R-Nebraska, who authored the Solarium measure. “We didn’t have a long-term human capital strategy. We’re in the same place, actually (a) worse position, in cyber now—26 years into the cyber era and no definable doctrine.”

The question now is how the Cybersecurity Solarium will approach its task and what it might take on. Though the new Solarium was approved as part of the fiscal year 2019 National Defense Authorization Act (NDAA) it’s mandate is not strictly military. The fact sheet issued by Sasse’s office says the group will work to protect the U.S. political system and innovation base as well as its national security industrial sector. Those sectors depend directly or indirectly on the timing data supplied by the GPS signal.

Though not itself considered critical infrastructure the GPS system was deemed by the Department of Homeland Security to be a “cross-sector dependency” for 13 of the nation’s 16 critical infrastructure sectors. The three remaining sectors also had some dependence.

For a long time, however, folks did not did not agree that GPS vulnerabilities should be addressed as a cyber issue, said Dana Goward, president and executive director, Resilient Navigation & Timing Foundation. “However in the past several years the people that we’ve been talking to in the government, especially in the Department of Defense, have agreed that rather than being considered electronic warfare—or in addition to being considered electronic warfare—GPS disruption should also be considered a cyber issue.”

That shift may be due to the growing realization that GPS provides more than just location and navigation capability. It also provides consistent, global, extremely accurate time.

Timing Is Everything
A lot of the U.S. security industrial sector and the American innovation base rely on data centers, many of them in disparate parts of the world but networked together and synchronized by GPS-supplied time.

Read More