For years, both the Executive and Congress have expressed concerns over PNT vulnerabilities and clamored for solutions. Yet little has changed. Three important reports emerged at the tail end of the old regime. As new leadership takes the helm, in which direction will it take the PNT enterprise?
As far back as 1996, when Executive Order (EO) 13010 stood up The President’s Commission on Critical Infrastructure Protection, folks started taking notice that exclusive reliance on GPS for U.S. transportation creates undue risk.
Two years later, Presidential Decision Directive 63 ordered the Department of Transportation (DOT), in collaboration with the Department of Defense (DOD), to evaluate GPS in relation to national transportation and civilian systems. (Note: It was not until late 2004, in National Security Presidential Directive (PD) 39, that the mantle was officially handed to DOT for GPS policy. PD 39 also made DOT co-chair with DOD of the National Space Based Positioning, Navigation, and Timing Executive Committee).
After conducting that mandated review, DOT issued its “Vulnerability Assessment of the Transportation Infrastructure Relying on The Global Positioning System” in 2001,providing a 10-year forecast of GPS-related needs, augmentations, and alternative navigation systems. After noting significant concerns about potential local and wide-ranging catastrophic GPS denial attacks, the DOT ultimately recommended GPS backups, integrity monitoring and the creation of a roadmap to steer such efforts.
Fast forward to January 2021. In its latest report, “Complementary PNT and GPS Backup Technologies Demonstration Report” (“DOT Report”), the DOT states, “Since 2001, neither the vulnerabilities of, nor the dependence on, PNT service from GPS have decreased significantly for the public sector.”
And yet the threat has exponentially increased. Besides space debris and the challenges posed by aging infrastructure, the two other most concerning threats to GPS include jamming and spoofing. For example, in 2017, a likely state-sponsored GPS spoofing attack occurred in the Black Sea when more than 20 ships erroneously reported their GPS positions as being inland at an airport. In that same maritime area, two years later, some of the 40,000 troops from 29 participating North Atlantic Treaty Organization countries experienced GPS jamming during military drills. States are not the only sources of potential interference; teenagers can act in that regard as well. Kids figured out how to spoof the Pokémon GO app by simply using chips in their phones. Spoofing has become even more democratized with the advent of low-cost software-defined radios containing publicly available GPS simulation software.
Laying Down the Law
In light of these threats and vulnerabilities, Congress has shown a keen interest in PNT resiliency. In Public Law 114–328, Section §1618, the Fiscal Year 2017 National Defense Authorization Act (FY17 NDAA), it required the Secretaries of DOD, DOT and DHS Secretary of Defense to jointly study GPS backups and complementary PNT for national security and critical infrastructure. The following year, in the FY18 NDAA (Public Law 115–91 §1606), it directed these same players to jointly develop, and outbrief, a plan based on the results of the study.
Additionally, the 2018 Frank LoBiondo Coast Guard Authorization Act of 2018 (Public Law 115–282 §514) included the National Timing Resilience and Security Act of 2018 (NTRSA). The NTRSA required that, “Subject to the availability of appropriations, the Secretary of Transportation shall provide for the establishment, sustainment, and operation of a land-based, resilient, and reliable alternative timing system” within two years, with a nominal 20-year operational life. It also contained an implementation reporting requirement.
Congress ultimately appropriated $10 million to conduct the demonstration appropriated in the FY 2018 Omnibus Appropriations (P.L. 115-141).
Navigating the Policies
As Congress was laying down the law, the Trump administration was also taking a proactive PNT stance.
In February 2020, President Trump issued EO 13905, “Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services.” The gist: create and implement “PNT Profiles.” According to the EO, these Profiles would “enable the public and private sectors to identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated risks to the systems, networks, and assets dependent on PNT services.” The President pinned the rose on the Secretary of Commerce to work with the heads of Sector Specific Agencies (a term used for the lead agencies for specific components of critical infrastructure) and the private sector to create these PNT Profiles.
As the administration prepared to disembark, it issued a few other important and relevant policies. The December 9, 2020, National Space Policy included maintaining and enhancing space-based PNT systems and global GNSS as one of several foundational activities. It provided 8 goals:
• Continuous and GPS worldwide access–for peaceful civil uses and Government-provided augmentations, free of direct user fees
• Compatible, interoperable and transparent civil GPS–Engage with international GNSS providers to enable U.S. market access
• Operate and maintain GPS constellation–for civil and national security needs
• Improve & adopt GPS federal & commercial space cybersecurity
• Continue using allied and other trusted international PNT services–in conjunction with GPS in a manner that ensures the resilience of PNT services and is consistent with applicable law;
• Invest in domestic capabilities & support international activities–to detect, analyze, mitigate, and increase resilience to harmful interference to GNSS
• Identify and promote multiple and diverse complementary PNT systems or approaches–for critical infrastructure and mission-essential functions; and
• Promote the responsible use of U.S. space-based PNT services and capabilities–in civil and commercial sectors at the Federal, State, and local levels, including the utilization of multiple and diverse complementary PNT systems or approaches for national critical functions.
On January 15, 2021, the President signed Space Policy Directive-7, superseding NSPD-39. The focus: U.S. leadership in space and authentication for signals and data. See previous Inside GNSS coverage at https://insidegnss.com/white-house-memo-directs-cabinet-to-protect-toughen-and-augment-gps-with-alternative-pnt/.
Ships Have Sailed—And Continue To Do So
As a result of these various laws and directives, federal agencies have been busy addressing PNT. On paper.
DOD released an unclassified version of its “2018 PNT Strategy,” warning of DOD’s overdependence on GPS and recommending an integrated multi-source PNT capabilities approach for situational awareness, information synchronization, and command and control for the Joint Forces.
In 2019, the DOT collaboratively established the “Federal Radionavigation Plan (FRP)” as the official source of PNT policy and planning for the federal government. Among other things, it addresses PNT augmentation, mitigation measures and architecture evolution.
The Department of Homeland Security (DHS), in an undated (but likely 2020) report, “Improving the Operation and Development of Global Positioning system (GPS) Equipment Used by Critical Infrastructure,” identified 22 specific installation and operation recommendations for end users, manufacturers and researchers to enhance the ability of GNSS receivers and associated equipment to defend against a range of interference, jamming, and spoofing attacks.
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) also authored an April 2020 Report on Positioning, Navigation, and Timing (PNT) Backup and Complementary Capabilities to the Global Positioning System (GPS). Based on several key findings, DHS made 4 recommendations:
1. Temporary GPS disruptions: End users should be responsible for mitigating temporary GPS disruptions; the federal government can facilitate this mitigation for various critical infrastructure sectors, but should not be solely responsible for it.
2. PNT Diversity and Segmentation: The Federal Government should encourage adoption of multiple PNT sources, thus expanding the availability of PNT services based on market drivers.
3. System Design: PNT provisioning systems, assets, and services must be designed with inherent security and resilience features (operate through interference and to identify and respond to anomalous inputs)
4. Pursue Innovation that Emphasizes Transition and Adoption: Incorporating PNT signal diversity into the PNT ecosystem should be pursued with an emphasis on R&D that prioritizes successful transition and adoption into existing GPS receivers
Bringing these efforts to full circle, in January 2021, the DOT issued its “Complementary PNT and GPS Backup Technologies Demonstration Report” in response to the FY18 NDAA directive to gather information on PNT backups. The demo team included staff from DOT’s Office of Science, Technology and Research (OST-R), its Volpe Center, the NASA Langley Research Center, and the U.S. Coast Guard plus contractors from The MITRE Corporation, Zeta Associates Inc., KBR, and Changeis, Inc. The team produced 4 findings and 2 recommendations. The bottom line: the best strategy for achieving resilient PNT service is to pursue multiple technologies to promote diversity in the PNT functions that support transportation and other critical infrastructure sectors.
That same month, the agency issued its Report to Congress on the NTRSA Roadmap to Implementation. While admittedly falling short of an implementation plan, the report describes DOT’s roadmap to a plan (a plan for plan) consisting of various round tables and the demonstration project described above.
Add to the pile the National Science and Technology Council (NSTC) January 2021 National R&D Plan for PNT Resilience. It supports 3 PNT resilience goals and nests 14 R&D objectives within them as follows:
1. Characterize and Model PNT services and their use
• Characterize PNT system requirements
• Improve test capabilities and test protocols for assessing equipment and services
• Conduct modeling, simulation, and testing to assess vulnerabilities
• Develop tools to identify appropriate sources of PNT service based on functional requirements
2. Improve and Expand PNT capabilities
• Improve PNT holdover capabilities
• Develop and improve external sources of additional PNT services
• Establish calibration and traceability techniques
• Improve and expand disruption detection tools and mitigation methods
• Prototype and demonstrate new PNT services
3. Integrate and Deploy resilient PNT
• Determine concepts and techniques for securely integrating multiple sources of PNT service
• Common hardware platforms
• Develop resilient PNT system architectures
• Investigate operating internal sources as primary sources of PNT service
• Develop cybersecurity standards, best practices, and other guidance.
The final parting shot from the Trump team on this topic was the January 2021 report titled Renewing America’s Proud Legacy of Leadership in Space Activities of the National Space Council and United States Space Enterprise. Appendix I (page 39) contains a good roll-up of all the administration’s space activities, including those impacting space-based PNT.
The New Captain
President Joe Biden took office on January 20, 2021 and shortly thereafter started mustering his crew. On February 2, Congress confirmed former South Bend, Ind., Mayor Pete Buttigieg as Secretary of DOT; Professor Robert Hampshire from the University of Michigan’s Gerald R. Ford School of Public Policy was appointed DOT Principal Deputy Assistant Secretary for Research and Technology. Some observers think that, based on his resume, publications and policy engagement focus, Hampshire’s appointment forecasts a continuation of Trump-era PNT policies.
The good ship USS GPS Protection seems to be full steam ahead. Less than a month into the new administration, and after public comment and agency review, Commerce’s National Institute of Standards and Technology (NIST) published the final “Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing (PNT) Services.” (NISTIR 8323). Recall that the PNT Profiles concept was the lynchpin of Trump’s EO 13905. “The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services…intended to… serve as a foundation for the development of sector-specific guidance.” It contains pages of user-friendly charts and is accompanied by a “Quick Guide.”
“The Profile has perhaps the most comprehensive list of PNT cybersecurity references compiled into a single document so far,” said Jim McCarthy, Senior Security Engineer, NIST National Cybersecurity Center of Excellence. “They can serve as examples for anyone trying to tailor the profile’s approach to their own system.”
Still on Course
Why would we expect any other course? Administrations come and go, but the ship remains steady as she goes because of the hard-working federal civil service corps that continues to move government forward. And so, too, is the case for GPS/GNSS resilience.
Much work remains to be done, but it appears there is smooth policy sailing ahead, at any rate.