What’s New: A summary of various cyber attack vectors using GPS/GNSS by long-time RNTF member Chronos.
Why It’s Important:
- There has been a long standing debate in government as to whether PNT disruption is an electronic warfare or cyber problem. This matters because the answer determines who is responsible and what pot of money is used to address the problem.
- If people think of it as a cyber problem they are more likely to consider and protect themselves from all threat vectors.
- It is a cyber problem!
GNSS Security Attack Vectors in National Critical Infrastructure
The four main Global Navigation Satellite System (GNSS) constellations (GPS, GALILEO, GLONASS, BEIDOU) provide more than just navigation or positioning. They provide stable & accurate frequency, phase & time references for all manner of systems that underpin modern life. These include telecom networks, power & utility networks, financial services institutions, and radio/TV broadcast to name but a few. Many of these applications form part of a nation’s Critical National Infrastructure (CNI).
Due to the low power level and spread-spectrum nature of the radio signals transmitted by all the GNSS constellations, it is trivial to interfere with the operation of a GNSS receiver by jamming the radio signal with a higher power noise source local to the antenna. This disrupts the operation of the receiver as it cannot receive any satellite signals while it is being jammed. Jamming signals may be intentional or completely accidental.
The commoditisation of software-defined radios (SDRs) and the advent of freely available open-source software means that ‘spoofing’ (creating a false copy of the radio signal to fool the receiver in decoding and locking onto a completely fake source of time and position) a GNSS signal is easier than ever.
The attack surface continues to grow as the number of GNSS timing systems deployed to support national critical infrastructure increases. It’s useful to consider what attack vectors might be used against such systems and how we can mitigate these security risks.