Thought leaders recently gathered to discuss the growing threats to GPS, the most pressing challenges the industry faces and the best way forward. Here, we’ve put together a comprehensive view of all the critical issues tackled during the PNT Leadership Summit, a venue where the industry’s brightest minds could bring up their concerns, frustrations and recommend solutions.
Forty miles from the nation’s Capital, a closed-door convening of operators, engineers, program leaders and policy architects from both sides of the Atlantic arrived at a shared conclusion: The United States must stop defending a single PNT source and begin stewarding a resilient architecture. That shift—from reliance to resilience—demands governance that certifies trust, authentication embedded within both data and devices, and layered modalities proven to coexist in the real world. It also calls for coordinated integration steps that operators can advance now.
The inaugural PNT Leadership Summit, co-hosted by Inside GNSS+ and the Resilient Navigation and Timing Foundation, gave industry thought leaders an opportunity to openly discuss the many challenges facing PNT and how to best address them—urgently. This is the PNT Leadership Summit’s record in full: what participants agreed upon, what operators require and how strategic posture becomes operational practice.
Setting the Scene: When Confidence Slips, Systems Stall
It did not look like catastrophe. It looked like drift—at scale.
On an ordinary weekday over Europe, dispatchers watched confidence margins ripple across air routes. No airport went dark; instead, trust eroded—quietly, then widely. Crews re-briefed arrivals, spacing widened, alternates were opened.
In the Baltics, autonomous rubber-tired gantries at the Port of Gdańsk—core assets in a multi-billion dollar modernization—dropped out of precision modes in bursts that operators associated with activity out of Kaliningrad. Offshore, a wind-farm contractor halted survey and cable-lay work because five-centimeter tolerances dissolved into guesswork. These were not headline “outages.” They were worse for business: degraded confidence. In time-synchronized, safety critical industries, degraded confidence is outage.
“Availability is not the bar anymore,” an airline systems engineer told the room during the summit. “Trusted availability is.”
The summit returned to the same fulcrum: Single-source certainty has collapsed. Threats are cheap, clever and deniable. Dependencies have deepened into automation and synchronization. Stewardship is fragmented. The remedy is not to declare GPS “broken,” but to stop asking a single modality to carry national trust alone. The United States must move from defending a signal to assuring a system—a layered architecture blending protected and modernized GNSS, authenticated messages, terrestrial timing, inertial continuity, low Earth orbit (LEO) signals, and operator-visible monitoring.
This architecture already exists in pieces. The task is to knit it into practice—quickly enough that ports, airlines, rail operators, telecoms, emergency services and national security customers can run on confidence they can demonstrate, not merely assume.
Why Now: The Transition from Dependence to Resilience
For decades, GPS was both capability and assumption. The comfort of ubiquity displaced the discipline of resilience. Researchers at the summit noted European interference events—well-known and long-standing—have increased in both frequency and duration, with degradations reaching up to 10 dB and showing patterns consistent with sustained jamming and intermittent spoofing activity. Whether accidental or deliberate, the operational effect was the same: confidence dropped, and the costs cascaded into scheduling, safety buffers and throughput.
A port automation executive put it plainly: “We either make layered assurance boring and baseline, or we keep treating risk as a surprise.”
Across multiple sessions during the summit, practitioners reframed the problem. The nation is not defending signals; it is defending a dependency. That dependency runs through aviation separation minimums, rail signaling, port logistics, grid operations, wireline and wireless synchronization, public safety dispatch, financial sector time-stamping, and even basic intermodal
logistics. You don’t solve it by hardening a single source; you reduce the operational damage from jamming and spoofing by embedding diversity beneath trust.
During the summit, seven strategic pillars emerged that can serve as guidance as we move from a single-modality system to an assured architecture with multiple layers of resilience.
STRATEGIC PILLAR 1: Recognizing the Inflection Point
Summit participants discussed the three forces that have converged to put an end to single-modality comfort:
1. Threat accessibility has collapsed. It no longer takes a national lab to trigger operational disruption: jammers are inexpensive, spoofing tools are portable, and on-orbit anomalies propagate through the same timing chains that sustain modern infrastructure. Yet, the burden of proof in live operations remains uncomfortably high. Before classifying an event as interference, operators must rule out equipment faults, atmospheric effects or coincidence—an analysis requiring multi-sensor data and time they rarely have. Declaring a jamming or spoofing incident carries operational and political consequences, so confirmation thresholds remain higher than the pace of impact. The result is a paradox: Disruption is easy to cause, but difficult to prove quickly enough to act on.
2. Dependency has deepened. Precision and synchronization are no longer enhancements; they are the substrate of modern operations. Throughput, safety and efficiency across sectors now depend on continuous, trusted time and position. The models behind these systems presume stability—and when that stability falters, delays, buffers and uncertainty ripple through everything built upon it.
3. Stewardship has fragmented. The responsibility to sustain confidence has diffused across agencies, sectors and vendors—each accountable for its own slice of performance, but not for the coherence of the whole. Aviation, maritime, telecom, energy and defense each buy to their own standards, test to their own tolerances, and report to their own regulators. The result is a patchwork of compliant subsystems that do not add up to an assured architecture. When governance is scattered, trust becomes everyone’s assumption and no one’s assignment.
The inflection point is not rhetorical. It is operational. A breakdown in availability is no longer required to create national risk; a breakdown in trust is sufficient. In real fleets, real towers and real control rooms, trust is the throttle.
“If confidence dips, we slow,” a tower manager said. “Slow is safer. Slow is also expensive.”
STRATEGIC PILLAR 2: Governance as the Foundation of Resilience
The summit’s most surprising agreement was not technical. It was institutional. The gap is less about invention and more about locus. When responsibility is scattered, risk is inherited rather than reduced. Participants converged around a governance spine with three parts:
1. A Clearinghouse that certifies trust, not brands. The Department of Transportation’s (DOT) complementary PNT action plan lays out a pragmatic arc: stakeholder engagement; specifications and standards; instrumented field test ranges (rapid → continuity → gap-fill); and a federal PNT Services Clearinghouse that lets agencies and critical infrastructure buyers procure fitness-for-purpose solutions against actual operating profiles and threat models.
The first tranche of rapid testing covered mature satellite- and ground-based offerings. A follow-on tranche adds modalities such as ELORAN and additional timing systems. Measures of effectiveness are sharpened with each run. Results feed the Clearinghouse first as a government resource; industry visibility will grow as standards and formats harden.
A government program lead summarized the intent:
“Normalize claims into comparable evidence. Tie standards to tested behaviors. Give buyers a map.”
2. Centralized test and certification that travels. Participants argued for a certification regime that is mission-tiered rather than monolithic: certify to the threat model, the use case, and the failure consequences—not to the most exacting edge case. Standards bodies like the Society of Automotive Engineers (SAE) and others are already active; the ask is to couple standards work to test ranges and a government-facing database so procurement offices can act on schedules that make sense.
An industry veteran put it in old-school terms:
“Underwriters Laboratories changed product safety by testing to standards, not slogans. Do that for PNT.”
3. A portfolio-based governance and an escalation path—not a czar. This point required deliberate clarification during the summit. The group agreed: A “PNT czar” is a quick-fix temptation that historically fails. It centralizes symbolic responsibility without structural authority, invites bureaucratic resistance, and creates a sense among senior leaders that the problem has been “assigned” rather than addressed. But a governance home—an accountable locus—is essential.
A collaborative leader with authority, funding and an interagency mandate is necessary to:
• maintain the portfolio of complementary PNT systems,
• adjudicate interagency conflicts,
• escalate through the National Space Council or National Security Council when needed, and
• synchronize standards, funding and release cadence across departments.
The resolution is simple: Avoid the czar model, but establish a empowered stewardship—multi-agency, portfolio-based, and backed by budget signals that endure.
Policy Reality
Inside the Executive Branch, the real levers are familiar: NSpC, NSC, OSTP, OMB, and cross-council groups that blend security, commerce and infrastructure. The advice from those who have worked inside these bodies was blunt: arrive with a plan, certification evidence, and a budget number that signals seriousness.
On Capitol Hill, churn and committee fragmentation dilute long-term memory. Vehicles like the NDAA can carry language, but only if the ask is unified, costed and tied to mission need. The National Timing Resilience and Security Act is a cautionary tale: mandates without champions, authority and funding fade into reports.
Governance, in other words, is the foundation. Everything else depends on getting it right here.
STRATEGIC PILLAR 3: Architecture Over Capability
A backup you cannot compose operationally is theater. The architecture view treats diverse sources as composable trust, not ornamental redundancy.
Authenticate the Data
Europe’s Open Service Navigation Message Authentication (OSNMA) is now operational for Galileo’s open service. The next step—Signal Authentication Service (SAS) on E6—aims to extend authenticated signaling further. One EC engineer cautioned that receiver makers must implement authentication correctly: “Do it poorly and you’ve bought false security. You’ll feel safer but won’t be.”
Harden GPS Receivers Via Data Rails
Summit participants pointed to Europe’s authentication service as a model. A comparable service for GPS, they argued, could raise robustness, accuracy and spoof resistance even for civil receivers. Such authenticated data rails form the connective tissue of an architectural approach—linking satellites, networks and receivers through verifiable trust. The U.S.’s National Space-based Positioning, Navigation and Timing Advisory Board has been advocating for such a system for years. In 2023 they even produced a white paper “GPS High Accuracy and Robustness Service (HARS),” outlining how it could be done using exisiting government data and resources. The obstacle is the needed data and resources exist across several government departments. Without an effective advocate, breaking the stovepipes has been impossible.The call from the room was clear: “Someone in government needs to stand it up and make it happen.”
Diversity as Architecture, Not Redundancy
LEO PNT improves signal strength through geometry and refresh; terrestrial time delivers provenance and independence; inertial continuity bridges gaps; signals of opportunity (SOOP) complicate jammers’ lives; cross-links and optical links raise integrity and monitoring. All of them protect it by making it less of a desirable target while protecting users by ensuring loss (or doubt) in any one source does not collapse the system.
“Continuity arises from plurality, not reinforcement,” a national-lab engineer said. “If the architecture does its job, no single path carries trust alone.”
STRATEGIC PILLAR 4: Integration as Invention
The bottleneck is not ingenuity. It is integration—and much of what matters can move now. Summitt participants called to:
• Set L5 healthy and move through aviation certification. Multiple voices labeled L5 a near-term priority for both performance and resilience. Aviation wants a clean path to operational use.
• Unrestrict nulling/multi-element antennas. A 19-element array that can dull multiple jammers is not science fiction. Several attendees urged removing remaining civil constraints so high-exposure sectors can field proven anti-jam techniques legally and at scale.
• Finish and field the Operational Control Segment (Next Generation GPS Control System), known as OCX. Program leaders described formal test phases under way. The goal is a seamless command-and-control cutover with better integrity behaviors and modern cybersecurity—so end-users notice nothing except improved assurance.
• Stand up an augmentation server. One architect priced a backbone network—feeding sovereign ephemeris—at roughly $25 million to stand up and $15 million per year to operate. That’s compared to $400 million for a single satellite block and about $6 billion for a control segment. For a fraction of the cost of a next-generation satellite, a modest terrestrial backbone could deliver years of measurable resilience and interoperability.
• Adopt software defined receivers (SDR)—with discipline. Software-defined architectures plus satellite cross-links make the system more updateable, monitorable and integrity-aware. They also require governance guardrails—version control, conformance testing, provenance for updates—so agility does not become chaos.
A participant from the user community offered the cultural nudge the program world needed: “Behave like the cellular industry—major releases on a cadence. No more learned helplessness.”
STRATEGIC PILLAR 5: Adoption as Infrastructure
Resilience is real where operations live. Three adoption vectors dominated the discussion:
1. Build the common operating picture. DOT elements, Space Force teams and the FAA are knitting data and tools—National PNT Architecture Synchronization (NPAS), the GNSS Operational Awareness Tool (GOAT), academic toolchains like SkAI—toward a picture operators can actually use. A retired official urged the group to “call the GOAT team—keep it moving toward a public-facing view.” The idea is simple: Give ports, railroads, airlines, and telcos visibility into the environment they operate in—interference seen, anomalies flagged, confidence quantified—so they can adjust before incident reviews.
2. Map your dependencies; rehearse your response. Critical National Infrastructure (CNI) owners were told to build connectivity maps showing exactly where and how GNSS/PNT enters systems, and then to write mitigation playbooks for each failure mode: jam, spoof, degrade, ambiguous confidence, loss of authentication, and so on. Color-code by severity and time-to-response. Then run fire drills—tabletop and live—annually.
3. Sector exemplars (the difference between theory and practice)
• Aviation is framing continuity and authentication as safety properties: If confidence dips below well-understood thresholds, the system responds automatically.
• Ports/maritime are shifting from vessel-only augmentation to port-scale assurance, treating timing as throughput infrastructure. Yard management systems, quay cranes and autonomous vehicles all need synchronized trust.
• Rail/surface operators are pairing inertial with terrestrial timing to stabilize signaling and automation during RF anomalies.
• Telecom is formalizing multi-sourced time and provenance in contracts, audits and change-control practices. In several cases, time Service Level Agreements (SLAs) are being written in language that chief risk officers can live with.
“Expectation—not mandate—is what converts resilience into default behavior,” a port CTO said. “But nothing changes until the cost of fragility is visible.”
STRATEGIC PILLAR 6: Making Resilience Routine
Pillar 6 is where governance becomes practice—the point at which layered assurance stops being innovative and starts being expected. If Pillar 2 builds the spine, Pillar 6 establishes the behaviors that run along it.
• Certification that travels. A government-facing Clearinghouse, fed by instrumented ranges and linked to consensus standards, provides portable, comparable evaluations. Procurement officers can specify mission-tiered requirements and reference actual performance, not marketing claims. This reduces bespoke one-offs and shortens time to field.
• Tailored requirements. Stop forcing every system to meet the highest-consequence use case.
• Timing distribution for the grid
• Sub-meter positioning for ports
• Centimeter-class precision for aviation or robotics
Each has different threat models and failure consequences. Mission-tiered certification acknowledges this and lowers barriers to adoption.
• Public-private collaboration that accelerates scale. Venture-backed firms and new entrants need clear on-ramps—evaluation tiers, reciprocal testing windows, and export-control relief where appropriate—to turn innovation into infrastructure.
• Insurance and risk pools. Insurers and reinsurers remain largely unaware of PNT fragility because losses have not been priced. Engagement with Lloyd’s and others—paired with operator attestations (dependency maps, drill logs, provenance checks)—can shift behavior faster than statute. If a port can prove layered continuity and rehearsed response, its premiums, covenants and board expectations change.
Normalization happens when:
• Certification is portable
• Provenance is contractual
• Integrity is measurable
• Dependencies and drills are expected
This is where continuity stops being exceptional and becomes the baseline.
A broadcast executive in the room volunteered airtime for public education and incident reporting. “Awareness follows consequence,” he said. “Let’s show the public what resilience looks like before the teachable moment.”
STRATEGIC PILLAR 7: Securing Long-Term Resilience
Pillar 7 is about durability—ensuring resilience can’t be unwound without re-creating systemic risk. Governance builds the structure; normalization creates the habit; institutionalization embeds both into policy, budgets and operational identity.
1. Sustain governance through long-term budget commitments.
Governance establishes responsibility, authority and structure. Long-term resilience requires stable, multi-year funding so the governance functions created in Pillar 2—testing, certification, monitoring and integration—remain viable across budget cycles. Recurring appropriations prevent core resilience mechanisms from eroding or reverting to discretionary status.
2. Maintain plurality as policy.
Plurality—independent and diverse sources of timing, position, authentication and monitoring—must be maintained as an ongoing policy requirement. This prevents the system from drifting back to single-modality dependence as programs change or budgets tighten.
3. Align resilience with legislative and regulatory windows.
Several resilience actions depend on timing. Effective institutionalization requires aligning PNT initiatives with specific legislative or regulatory windows, such as air-traffic-control modernization or sector rulemaking cycles, so that durable language and requirements can be incorporated when those windows open.
4. Apply international models where relevant.
Other nations provide working examples of how institutional resilience can be maintained. The UK’s National PNT Office, national timing center, multi-year performance targets, vendor-interrogation tools, and structured Prepare→Act →Recover framework demonstrate practical approaches for embedding resilience in operations and governance.
International Lessons
Brexit forced the UK to reset. Out of Galileo and the European Geostationary Navigation Overlay Service (EGNOS), they stood up an in-government National PNT Office, partnered with the Royal Institute of Navigation, and funded a national timing center—“hundreds of millions,” one official said—with a three-year horizon to sub-five-meter performance. They coupled policy with working tools:
• A three-phase Prepare → Act → Recover best-practices guide with a strong bias toward testing in “Prepare.”
• A 10-point questionnaire CNI buyers can use to interrogate vendors’ resilience claims—what’s your authenticated path, your inertial continuity story, your timing provenance, your failure modes?
• Workshops that build muscle memory: mapping dependencies, running drills, writing playbooks, and—crucially—sharing mistakes after incidents so others improve.
The tone was never triumphalist. It was practical. “We’ll bring the training,” the UK team said. “You bring the process owners and a whiteboard.”
Modernization, Authentication and Partnership
No one argued to “out Galileo.” The argument was for assurance and partnerships. Participants want to:
• Use Galileo’s global monitoring to authenticate GPS L1 C/A data—technical readiness near 2027, subject to coordination.
• Define and budget a Resilient GPS (RGPS) concept that includes modern civil signals and yields early benefits even as requirements mature. Today, there is no dedicated RGPS line; tomorrow there should be a plan that starts small, proves value, and expands in annual releases.
• Keep L5 on a glidepath to “healthy” and move through aviation certification steps.
• Harden the user segment without delay—multi-element antennas, practical anti-jam measures, authentication support in receivers—legally available to civil sectors that need them most.
An architect made the analogy many found helpful: “Think of GPS as the core stack. Authentication, terrestrial time, LEO geometry, inertial continuity—these are the libraries you link. The outcome isn’t a prettier core; it’s a system where no single import can crash the program.”
Terrestrial, LEO and Time: Widening the Trust Base
The most encouraging technical trend was the breadth of credible contributors to trust:
• ELORAN has moved from panel talk to projects. Miniaturized receivers were demoed in Singapore; a standardization push for aviation and maritime is under way; transportable systems are being invited to ranges for testing.
• LEO PNT efforts emphasized inner-satellite and optical links as enablers of timing and ephemeris robustness. Allied partners—Canada, Austria, Australia—are treating LEO not as a novelty but as a backbone element for integrity.
• National timing cells bring timing provenance into the same sentence as safety and throughput. In the UK case, sustained funding and a three-year target forced clarity: who operates it, who certifies it, how it’s measured in daily service, and how it fails safe.
These contributions are not about showcasing superiority; they are about minimizing shared modes of failure. By diversifying geometry, timing and authentication paths, we make adversaries’ work harder and our own systems more sustainable.
Transition to Execution: Build → Normalize → Institutionalize
The PNT Leadership Summit closed with an implementation arc designed to be simple yet difficult to derail: Build what already works, normalize it into expectation and institutionalize it so it can’t be unwound without re-creating systemic risk.
PHASE 1—Build
• Flip L5 to healthy status and push through the aviation steps.
• Remove civil constraints on nulling/multi-element antennas in high-exposure sectors; publish guidance on configurations and legal use.
• Stand up the augmentation server (the inexpensive backbone that feeds sovereign ephemeris and “safe use” rails for foreign GNSS).
• Advance GOAT/NPAS toward a public common operating picture that operators can actually action.
• Start authentication at scale (use OSNMA where available; prepare receivers and operations for E6 SAS).
PHASE 2—Normalize
• Launch the central test and certification facility; publish mission-tiered certification tracks that align to sector safety cases and threat models.
• Require dependency maps and annual fire-drills in regulated CNI (ports, telecom, aviation first), with reporting that insurers and auditors can rely on.
• Bake provenance and integrity SLAs into public procurement and regulated-vendor contracts; make “multi-sourced time” and “authenticated position” measurable.
• Align insurer and lender covenants to reward layered deployments and penalize opaque dependencies and untested plans.
PHASE 3—Institutionalize
• Create (or designate) a federal stewardship structure—portfolio-based, with budget and acquisition authority—to sustain architectural resilience across domains.
This is not a “czar” model; it requires coordinated, long-term leadership backed by senior officials and durable funding to ensure resilience remains a standing national requirement.
Closing Synthesis: Resilience Becomes Imperative
The PNT Leadership Summit did not diminish GPS; it clarified its position as essential but insufficient. The system the nation depends on is broader than any single signal or constellation. Confidence will grow only when trust is distributed, authentication is routine, time is verified, continuity is assured, testing is standardized, guidance is clear, and funding is stable. The community is not satisfied with the current state, nor should it be. Yet the alignment of views expressed throughout the summit reflects a rare moment of clarity. Resilience has shifted from concern to obligation. The task now is to deliver it—deliberately, transparently and with long-term responsibility.
