Image: Shutterstock

What’s new: A guide for airports from the Aviation Cyber Initiative (DHS/DOD/DOT) about how to prevent and prepare for GPS disruptions.

Why it’s important: Disruptions at an airport can be more impactful and delay more flights than disruptions to aircraft.

• Most interference with aviation we have seen to date, such as the 2022 events in Denver and Dallas, has been to aircraft in flight, not the airports. This is because GPS signals and those that interfere are line-of-sight. The airports were mostly shielded by terrain and structures from the (presumably) unintentional interference. Aircraft in flight are able to use terrestrial aids to navigation like VORs, DMEs, and ILS’ when GPS is not available.
• As this best practices document points out, there are innumerable airport systems that use and depend on GPS signals. If these aren’t working, airport operations are degraded or come to a halt. This can have a big impact on flight operations.

What else to know:  The operational and economic impact of disruptions to airports was discussed in London Economic’s analysis of the Denver and Dallas incidents.

BEST PRACTICES

FOR AIRPORT GPS DISRUPTION RESILIENCY

INTRODUCTION

The Global Positioning System (GPS) provides critical information for position, navigation, and timing (PNT) to the entire aviation industry and ecosystem. Airport operators play a key role in the aviation ecosystem and should routinely consider cybersecurity resiliency best practices to minimize the impacts from GPS-related disruptions to their operations. GPS disruptions of PNT can affect airport operated systems, airport tenant systems, critical infrastructure systems, and near airport entity systems. The consequences of GPS disruptions may impact safety, efficiency, security, and regulatory compliance.

This document summarizes the best practices for Airport GPS disruption resiliency. It is intended for use by airport operators to minimize operational impacts from GPS disruptions and resultant airport cyber, system, and network affects. This Best Practices Guide is expected to assist an airport operator in implementing GPS cybersecurity resilient processes and procedures that will reduce the impact of GPS disruption. These best practices should leverage and be incorporated into existing plans (e.g., the Airport Emergency Plan (AEP); Business Continuity Plans (BCP) for the airport authority, air carriers, and airport tenants; information technology (IT) system-specific Incident Response Plans (IRPs); IT Disaster Recovery Plans (DRPs); and IT Contingency Plans).

It is important to recognize that GPS disruptions can threaten communications, multiple modes of transportation, emergency response for police and fire, delivery of utility services (power, water, natural gas), inventory and warehousing systems, and financial transactions. Airports are both critical infrastructure and dependent on the services of other critical infrastructure, so making them more resilient in the face of GPS disruptions is in the best interests of private industry and State/Local/Tribal/Territorial (SLTT) and Federal entities involved in responding to and recovering from a GPS disruption

READ MORE