PNT: The Cybersecurity Issue You're Not Paying Enough Attention To

Print

Time and place

Two concepts we all understand with vast ranges of accuracy. For instance, I could tell you that I visited my parents house last week. A time (last week) and a place (their house). That’s not a lot of detail, but it might be all you need. To be even more accurate, I could say I visited their house in the next county last Saturday. Now you know a little more. And if I wanted you to stop reading this article, I would tell you, to the second, what time we took a bite of dinner and the GPS coordinates of the table. Now you know way too much, and I might be lying, but it’s hard not to trust that level of detail when provided. It’s nearly irrefutable if I have proof.

That proof of accuracy of those two factors, time and place, are solved by positioning navigation and timing (PNT) technologies, and are at the heart of the most critical infrastructure in the developed world. Their pulse, often derived from GNSS constellations like GPS and Galileo, are a unanimously agreed-upon standard across the globe that governs our defenses, our finances, our telecommunications, our agriculture, our law, our data, and much more. Consider any of these factors individually and the very thought of its disruption, if not collapse, should make it clear how high the stakes are and that this is a risk which must be minimized.

Meanwhile, the risk isn’t budging. Space junk collisions, solar flares, and malicious actors are only a few of the lottery balls of varying severity we’ve been relatively lucky with for over 40 years, considering the sum of potential threats.

The lack of clear and present threats has disincentivized investment in Resilient PNT on Cybersecurity checklists. Only 33% of respondents to our Resilient PNT self-assessment said GNSS jamming and spoofing threats were covered in their cybersecurity policy.

While we have been quite lucky in our GPS resilience so far and in the severity of disruptions, this doesn’t mean it’s impossible. The STRIKE3 project, a 3-year endeavor by the European GSA identified 73,000 Jamming Events across just 50 monitoring sites throughout the globe.

Still, most organizations put very little thought into a thorough plan for the protection and disaster recovery of their PNT data, often doing enough for compliance, with little-to-no measurement of the cost and risk of outage. A 2019 Report from NIST and RTI entitled “Economic Benefits of the Global Positioning System” estimates that GPS is responsible for $1.4 trillion in economic growth in the United States since 1983 and a disruption would cost the US economy $1 billion per day.

 

What should you do about it?

  1. Assess what you know about your environment by taking our short 5-minute R.E.S.I. Report Card. It’s completely free, customized to your responses, and the only such assessment available in the industry. You won’t be contacted by sales unless you request to be.
  2. Assess common threats in your industry. We’ll include some for your industry in your report.
  3. Assess strengthening options at each potential point of compromise by learning about alternative PNT sources, measures to protect against intentional or environmental jamming and spoofing, and ways to make your PNT Resilient. We’ll include some options for these as well.
  4. If you don’t know already, ask your IT or Cybersecurity team what your disaster plan in the case of a GPS outage is.

If this hasn’t compelled you to take steps to find out if your organization’s PNT is resilient, this TED-Ed video from Dr. Moriba Jah might convince you.

 

[embedyt] https://www.youtube.com/watch?v=jVzbs81bDy0&width=450&height=253[/embedyt]