GPS increasingly runs the entire planet. Supply chains, oceanic shipping, port docking and even our daily movements in cars, on bikes and walking around cities is dependent on a constellation of satellites hovering above us to make all this activity work in synchronicity.
Increasingly though, GPS is under attack. GPS spoofing, where the signals from GPS satellites are spoofed to send false data, can prevent devices from getting an accurate location, or any location at all. One of our TechCrunch contributors, Mark Harris, wrote a great piece in the MIT Technology Review about a recent spate of spoofing incidents in Shanghai, where shipping vessels would suddenly jump around the harbor as different signals got picked up.
In addition to more direct attacks on GPS, the monopoly of the U.S. GPS system is also under increasing strain. China has launched its own satellite system known as Beidou, and other countries like Russia, Japan and India, as well as the European Union, are increasingly attempting to augment America’s system with their own technology.
GPS is one technology of a field known as Positioning, Navigation and Timing services (PNT). GPS is perhaps best known for its ability to pinpoint a device on a map, but it is also crucial in synchronizing clocks, particularly in extremely sensitive operations where milliseconds are crucial.
The increasing economic importance of the technology, along with the increasing risk it faces from bad actors, has forced the Trump administration to act. In a new executive order signed yesterday, the administration created a framework for the Department of Commerce to take the lead in identifying threats to America’s existing PNT system, and also ensures that procurement processes across the government take those threats into account.
This process comes in the form of “PNT profiles,” which the executive order described:
The PNT profiles will enable the public and private sectors to identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated risks to the systems, networks, and assets dependent on PNT services. Once made available, the PNT profiles shall be reviewed every 2 years and, as necessary, updated.
In other words, these profiles are designed to ensure that systems work in concert with each other and are authenticated, so that systems don’t have (obvious) security holes in their design.
That’s a good first step, but unlikely to move the needle in protecting this infrastructure. Booz Allen Hamilton Vice President Kevin Coggins, who runs the firm’s GPS resilience practice, explained to me last year that “In a system where you just blindly integrate these things and you don’t have an architecture that takes security into account … then you are just increasing your threat surface.” PNT profiles could cut down on that surface area for threats.
In a new statement regarding Trump’s executive order, Coggins said that:
As a next step, the federal government should consider cross-industry standards that call for system diversity, spectral diversity, and zero-trust architectures.
System diversity addresses the dependence on a single system, such as GPS – some PNT alternatives have a dependence on GPS, therefore will fail should GPS become disrupted.
Spectral diversity involves using additional frequencies to carry PNT information – such as in systems using eLORAN or multi-GNSS – rather than just having a single frequency that is easy to target.
Finally, zero-trust architectures would enable PNT receivers to validate navigation and timing signals prior to using them – rather than blindly trusting what they are told.
This area of security has also gotten more venture and startup attention. Expect more action from all parties as these emerging threats to the economy are fully taken into account.