Homeland Security Studies Risks to GPS, Prompts Spoof-Proof Receiver Proposal

Although a Department of Homeland Security (DHS) report on the risks posed by GPS disruptions has yet to be released, the analysis has inspired a proposal to create receivers capable of self-diagnosing spoofing attempts.

“The receiver is the first line of defense,” Logan Scott, president of LS Consulting, told members of the National Space-based Positioning, Navigation, and Timing (PNT) Advisory Board this week.

Although a Department of Homeland Security (DHS) report on the risks posed by GPS disruptions has yet to be released, the analysis has inspired a proposal to create receivers capable of self-diagnosing spoofing attempts.

“The receiver is the first line of defense,” Logan Scott, president of LS Consulting, told members of the National Space-based Positioning, Navigation, and Timing (PNT) Advisory Board this week.

Although DHS considers spoofing to be less likely to happen than jamming, the agency believes the potential disruption to users is greater — in part because spoofing could continue undetected for longer, Brandon Wales, director of the Homeland Infrastructure Threat & Risk Analysis Center told the PNT Advisory Board today (November 10, 2011).

Jamming and spoofing are getting worse, said Scott, who noted that a recent study found an average of 117 jamming and spoofing incidents every day at Taiwan’s Kaohsiung International Airport. A team of researchers from Sweden’s Luleå University of Technology and National Cheng Kung University, Taiwan, reported on the incidents in a paper presented at September’s Institute of Navigation conference in Portland.

Many receivers, however, can be made spoof-resistant with a simple software upgrade, Scott said.

“Most receivers have a lot of the [necessary] parts in place,” Scott told Inside GNSS. They already measure the signal characteristics that would help determine if there was interference. The software upgrade can be treated like computer “virus protection,” he said, and should include a way to verify that the software is legitimate.

Spoofing could endanger users and could also be used nefariously to do things like mask a smuggling operation, Scott pointed out. He proposes that manufacturers incorporate spoof detection into their devices as a way to differentiate themselves from their competition. Voluntary standards could be set for consumers to go by when making a purchase.

An independent laboratory, similar to the Underwriters Laboratories Inc., could test equipment to determine which receivers met the standards, suggested Brad Parkinson, PNT Advisory Board vice-chairman. The board will study the idea as part of a larger consideration of issues surrounding receiver standards.
Ultimately smart receivers could be used to help determine what kind of spoofing or jamming device is involved and gather data to identify it, Logan told Inside GNSS.

Smart devices and other technology could eventually be tapped by DHS to protect GPS. In addition to the risk analysis, DHS is already studying the policies and procedures needed to implement mitigation measures, said Wales.

It became clear during the risk analysis that few understood the depth to which GPS is integrated into the nation’s critical systems, he added.

“You’ve got a highly accurate, very robust system, that has proven to be highly reliable, embedded in a lot of systems that people are not fully aware of,” Wales told the PNT Advisory Board Thursday.

DHS looked at the way different sectors use GPS and how those uses may change over time — including the impact of systems being developed by other nations. The agency assessed the disruption risk to four sectors: communications, emergency services, energy and transportation.

Other areas, specifically high-precision farming were included, although they were incorporated into the larger sectors, such as transportation, he said, adding that all of the effects of an outage might not have been covered in the DHS review.

For instance, an assessment of risks to the banking and financial sectors was dropped from the report, Wales said, because the agency determined that financial institutions had independent, non-GPS clocks that could be used to time stock trading and other financial transactions should the sector suffer a GPS outage.

GPS has become a “shadow utility,” said Wales, with satellite navigation signals so well integrated into various systems that a major challenge of the study was finding the right industry experts.

“Most people did not have a full appreciation of how they were using GPS,” he said. “To find a person inside some of the industries that knew . . . how GPS was integrated into their networks sometimes took 20 or 30 different phone calls.”

The study, underway for over a year and formally entitled the “National Risk Estimate: Risks to United States Critical Infrastructure from Global Positioning System Disruptions,” is being prepared by DHS’s National Protection and Programs Directorate. The research is now complete and a draft of the report is under review.

The final report should be finished up by January of next year, said Wales, and an unclassified version should become available.

IGM_e-news_subscribe