Image: Shutterstock
What’s New: Interesting discussion at President’s PNT Advisory Board yesterday (video here) about the potential risks and benefits of using GLONASS and BeiDou signals.
Why It’s Important:
- Current FCC regulations prohibit use of non-GPS GNSS signals in the U.S. without FCC approval.
- To get approval, nations providing those signals must apply to and be approved by the FCC.
- Only Galileo has applied and gained FCC approval for use of some of their signals in the U.S.
- That means, technically, users in the U.S. whose devices are accessing China’s BeiDou, or Russia’s GLONASS, some signals from Europe’s Galileo, or Japan’s QZSS (which can be used in Guam and Hawaii) are breaking the law. That’s a lot of people breaking the law!
- Generally, the more systems and satellites used, the more accurate the result and the more resilient the user.
- Device manufacturers want to make devices that can be used in the U.S. and around the world. Not one kind of hardware and software for the U.S. and one kind for elsewhere.
- Some folks have questions about the security of GLONASS and BeiDou chips and signals.
What Else to Know: Here is one school of thought/logic chain that is appealing to us:
- All GNSS signals, including GPS can be compromised. So, from a cyber-security perspective, there is no difference between use of any of the signals.
- We have heard it suggested that if Russia or China wanted to use GNSS signals to the US harm, they are more likely to use faked GPS signals rather than their own.
- Since the signals are all equally vulnerable to being used as a malicious vector, the PNT cybersecurity focus needs to be on receivers.
- That means this is a receiver supply chain security issue, rather than a source-of-signals issue.
- CASE STUDY A colleague of ours did some sponsored work on this in their lab back in 2014. They used a receiver that had been previously compromised with “some nearly undetectable firmware” that would enable it to slowly accumulate bits and pieces of a computer virus sent along with spoofed GPS signals. Over time, the virus was assembled and displayed a “You have been hacked!” message on the targeted web application.
- The FCC is currently investigating use of non-approved GNSS signals in the U.S. We have no indication as to whether this will include an examination of their own policies and regulations.
AT THE SAME TIME: We agree with those who say the U.S. government should seriously examine the security implications of using GLONASS, BeiDou, and other non-FCC approved signals, make a determination, and then make that determination public.
Here is the abstract of a paper on this topic that our colleague Tom Powell will be presenting at ION’s June Joint Navigation Conference in Cincinnati.
Fear and Loathing in Medium Earth Orbit
Thomas D. Powell, The Aerospace Corporation
Date/Time: Tuesday, Jun. 4, 4:05 p.m.
The use of non-GPS GNSS has been widely adopted for civilian and consumer applications, offering significant improvements in availability and accuracy over standalone GPS. Multi-GNSS offers the same potential benefits to military applications. Knowing that US and allied warfighters can and will derive PNT information using non-GPS GNSS signals – removing GPS as a single point failure for military PNT – may also serve as a deterrent against attacks on GPS space or ground segments.
The use of non-GPS GNSS signals for military operations raises the question of whether signals from these systems, including and especially those from Russia’s GLONASS and China’s BeiDou system can be “trusted.” And while use of non-GPS GNSS for combat operations, particularly targeting and delivery of precision munitions, raises the stakes beyond any civilian application, calls for “trust” of other GNSS signals or systems are largely based on political arguments, not specific technical threats.
Providing truly resilient multi-source PNT to US and allied warfighters requires moving beyond political and emotional reactions to using an “adversary” GNSS system to re-framing military use of foreign GNSS in terms of technical risk. This entails defining specific technical faults or anomalies that could occur to a non-GPS GNSS signal, and analyzing these anomalies via standard risk management concepts of Likelihood and Consequences – (e.g. the “5×5 Risk Matrix”).
While the likelihood component comprises half of a GNSS signal anomaly risk assessment, the consequences (impacts to a multi-GNSS receiver PVT solution) of a non-GPS GNSS signal anomaly can be evaluated using modeling and simulation analysis techniques.
Towards that end, this study defined a candidate (non-exhaustive) set of GNSS signal anomalies, simulated those anomalies with computer-based and/or RF signal constellation simulators, and examined their impacts to common civilian and military receiver PVT algorithms, including any built-in AS or other signal integrity logic.
Note that this analysis covers only signals transmitted by GNSS satellites under active control of a foreign GNSS service provider. Any GNSS signal can be subject to spoofing attacks, but this type of “third party” attack should be separated from the question of “trust” in the underlying GNSS service, including GPS.
Results will show the inherent ability of GNSS receivers to autonomously detect and, where possible, mitigate GNSS signal anomalies, providing an initial empirical basis for assessing the risk of using non-GPS GNSS for military operations.