Homeland Security’s National Risk Estimate on GPS Disruption: Still a Lot of Unknowns

The U.S. Department of Homeland Security has released an abbreviated fact sheet and a summary report on its evaluation of the risks to U.S. critical infrastructure from GPS disruptions.

The unsurprising “bottom line,” as the public summary put it: “U.S. critical infrastructure sectors are increasingly at risk from a growing dependency on GPS for positioning, navigation, and timing (PNT) services. Such dependencies are not always apparent.”

The U.S. Department of Homeland Security has released an abbreviated fact sheet and a summary report on its evaluation of the risks to U.S. critical infrastructure from GPS disruptions.

The unsurprising “bottom line,” as the public summary put it: “U.S. critical infrastructure sectors are increasingly at risk from a growing dependency on GPS for positioning, navigation, and timing (PNT) services. Such dependencies are not always apparent.”

The National Coordination Office for Space-Based PNT posted the documents on its website this week.

Among the “key judgments” in the public summary:
―GPS is increasingly integrated into sectors’ operations because it is accurate, available, reliable, and provided at no cost to users
―Awareness that GPS-supported applications are integrated in sector operations is somewhat limited, prompting the idea that GPS is a largely invisible utility
―Interdependencies exist between critical infrastructure sectors that use GPS.

Another conclusion: “Detecting, locating, and disabling sources of GPS disruption remain a challenge,” and remain a key, unfulfilled part of the mission that DHS was assigned more than nine years ago by a December 2004 presidential directive on U.S. Space-Based Positioning, Navigation, and Timing Policy.

Lack of funding and political urgency for that mission are the most common reasons given for the languishing effort to develop a GPS interference detection and mitigation capability in the United States.

Based on its investigation, the DHS assessed jamming disruptions to be more likely than spoofing incidents but said that the latter were “judged to be of higher consequence than jamming due to the potential duration of time before users or devices would detect spoofing.”

The latest DHS assessment stemmed from a November 2010 request from the National Executive Committee (ExCom) for Space-Based PNT (a Deputy Secretary-level interagency group that oversees PNT policy management) for a comprehensive risk assessment of the GPS signal. The DHS’s National Protection and Programs Directorate, Office of Infrastructure Protection, Homeland Infrastructure Threat and Risk Analysis Center (NPPD/IP/HITRAC) led the effort and coordinated the development of the “national risk estimate” (NRE) with the ExCom.

A “For Official Use Only” (FOFU) document, the NRE was released in November 2012 to “certain individuals who hold the proper clearance and access approval for the information.” It likely will play a role in a new White House effort reported by Inside GNSS last month to protect national critical infrastructure in which GPS is characterized as a “cross sector dependency” — that is, something essential to many, if not all, sectors of the critical infrastructure.

The NRE examined four critical infrastructure sectors (communications, emergency services, energy, and transportation systems) that derive PNT information from GPS to fulfill their missions. The FOFU document itself includes a classified annex that the DHS Office of Intelligence and Analysis produced “to assess availability of GPS jammers and threat actors’ capability and intent to disrupt GPS signals generally and for the four sectors.”

“[K]ey uncertainties — including the extent to which GPS-based applications are layered into sector operations — will shape future risks to critical infrastructure,” the summary report says.

Other key uncertainties included the vulnerability of GPS to intentional or unintentional disruptions, the extent to which GPS disruptions can be identified and mitigated, and the accuracy, availability, integrity, and continuity of alternative PNT systems available to provide robustness.

As the report acknowledges, the NRE “does not substantially address” individual sources of possible interference, but rather includes some historical case studies as summary examples.

IGM_e-news_subscribe