HOW THE UNITED STATES CAN DEFEND CRITICAL POSITIONING, NAVIGATION AND TIMING SYSTEMS

Systems that provide positioning, navigation and timing, or PNT, capabilities to U.S. forces and their allies have become indispensable to military operations. The U.S. military and its allies use these systems, including the Global Positioning System and other global navigation satellite systems, or GNSS, to enable critical war-fighting operations. These operations include: navigation, creation of a common operational picture, targeting, communication, weapons guidance and reconnaissance.

At the same time, heavy U.S. reliance on PNT systems has created an attractive target for adversaries who aim to degrade allied capabilities and readiness. Enemies capable of spoofing information — for example, by broadcasting fake GPS signals or repurposing genuine signals for delayed receipt — can sabotage communication lines and potentially turn U.S. military forces against their own allies.

Such attacks are examples of navigation warfare, or NAVWAR — a set of actions intended to fortify friendly use, or disrupt enemy use, of PNT data. The growing prominence of navigation warfare and electronic warfare raise key questions for the United States and its allies going forward, which boil down to this: Is it possible to identify signals that can be trusted, while also detecting and discarding those that are compromised?

A U.S. Army Soldier assigned to ‟Wild Bill” Platoon, 1st Squadron, 7th Cavalry Regiment conducts electronic warfare training during Combined Resolve XV on Feb. 23, 2021 at the Hohenfels Training Area in Germany.

Electronic warfare on PNT systems

One common denominator of these attacks is the GPS signal, a primary source of positioning, navigation and timing data. Because GPS often carries a weak signal (like many other GNSS signals), it makes for an attractive target that is relatively easy to jam. In fact, a simple 1-watt jammer can deny GPS service to a range of 10 kilometers or more. And since jamming requires only a low-power signal, detecting the location of a jammer can be difficult, thereby delaying swift countermeasures. These factors make jamming a simple, inexpensive and effective threat that can be carried out by an unsophisticated adversary.

Spoofing attacks represent another common attack vector for navigation warfare. In a spoofing attack, an adversary substitutes a false signal for true PNT information. This can then fool the target into making mistakes such as targeting errors or moving into undesirable territory.

“Spoofing is very different from jamming. It is much more difficult to implement, but much more pernicious if successful.”
John Fischer, Vice President of Advanced R&D, Orolia

A party attempting to spoof a GNSS signal must track the target and simulate the signal in real time. The false signal must closely match the real one in power, time synchronization and position to fool the receiver into using it. In many cases, an adversary capable of tracking the target effectively would find it simpler to attack using kinetic weapons.

Additionally, spoofing efforts can be foiled by military systems that use the Selective Availability Anti-Spoofing Module (SAASM) or M-code GPS signal, which are protected by encryption. Receivers that employ these technologies have decryption keys that authenticate the signal, making them nearly impossible to spoof. However, these receivers are expensive, and the use of secret decryption keys requires specialized infrastructure and authorization. For these reasons, not all military GNSS receivers use encrypted signals, and those that do not may be vulnerable to spoofing.

Examples of NAVWAR

As military forces around the world have adopted PNT systems, rogue states and nonstate groups have also grown more brazen in deploying navigation warfare.

Among the examples over the last decade:

  • In 2011, North Korea reportedly used GPS jamming to disrupt military exercises being conducted by U.S. and South Korean forces.
  • In 2017, a reported spoofing attack in the Black Sea confused about 20 ships whose automatic identification systems placed them roughly 25 miles from their actual locations.
  • In October 2018, GPS jamming caused 46 drones to plummet out of the sky during a choreographed light show at Victoria Harbor in Hong Kong.
  • A March 2019 report from The Center for Advanced Defense reported in 2019 there had been nearly 10,000 instances of GPS spoofing in areas in and around Russia. These incidents occurred mostly around Ukraine and in particular on the Crimean Peninsula, over which Ukrainian and Russian forces are fighting.

Russia has invested significant resources into various methods of electronic warfare, providing a way to neutralize other nations’ technology and turn what has historically been an advantage into a liability. For example, in 2016, Russia announced that it had installed GPS jammers on cell towers to disrupt cruise missile attacks on its homeland. Previously, the state-owned news agency Sputnik had also reported that Russian military officers
were boasting how their electronic warfare abilities had effectively rendered Western aircraft carriers “useless.”

RECENT POLICY ON PNT PROTECTION

In recent years, the U.S. government has established policy positions and provided detailed guidance to improve the resilience of critical PNT systems.

In February 2020, President Donald Trump signed an executive order, “Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services.” The document recognized attacks on PNT systems as threats to critical infrastructure that can compromise health and public safety. It also ordered the National Institute of Standards and Technology to establish recommendations on cybersecurity for PNT systems comparable to its Cybersecurity Risk Management Framework.

In February 2021, following the direction of the order, the National Institute of Standards and Technology published its “Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services.” The document provides a flexible framework for managing risk when using PNT services. It recognizes that PNT systems are susceptible to disruptions and manipulations (whether natural, human-made, intentional or unintentional) and offers guidance on how users can spot threats to services, equipment and data. The document also includes information to help organizations detect attacks on PNT services such as jamming and spoofing, as well as how to effectively respond to and recover from disruptions to said systems.

In March 2021, the U.S. Army’s Assured Positioning, Navigation and Timing/Space Cross-Functional Team approved the “Navigation Warfare Situational Awareness Abbreviated Capability Development Document (A-CDD).” This document calls for experimentation and rapid prototyping for NAVWAR-SA capabilities for war fighters. The program is intended to provide Army units with the ability to assess PNT systems they are using in real time and provide capabilities beneficial in situations where GPS is degraded or denied.

“This A-CDD will enable us to accelerate critical NAVWAR technology development and streamline the process of expediting an operationally relevant system to our warfighters,” Willie Nelson, director for the APNT/Space CFT, said in a statement. “This capability will enhance our ability to provide real-time situational awareness of PNT reliability to soldiers and commanders on the battlefield, which will enable Long-Range Precision Fires and support freedom of maneuver of large-scale ground combat operations.”

COUNTERMEASURES AGAINST NAVIGATION WARFARE

In response to PNT systems becoming targets for electronic warfare attacks, military forces and the private sector began developing effective defenses against navigation warfare. These include measures to monitor the integrity of PNT signals, improve the resilience of PNT systems, and use artificial intelligence to detect and thwart attempted attacks.

Integrity monitoring

Monitoring the integrity of PNT signals enables users to determine whether they can be trusted. Authenticated signals provide a powerful tool for integrity monitoring. These solutions include:

SAASM: Military GPS receivers use this technology to decrypt precision GPS observations. Military receivers deployed after 2006 were required to use SAASM.

M-Code: This military signal used in the L1 and L2 GPS bands for U.S. operations is provided by GPS Block III satellites that first went into orbit in 2018. M-Code is designed to improve resistance to GPS threats such as jamming and spoofing. Federal law requires military GPS equipment purchased after 2017 to be capable of using M-Code. Because this technology is relatively new, U.S. forces are just beginning to use equipment with this signal on deployments. Some forces of European Union members are also starting to get access to M-Code.

PRS: The Public Regulated Service provides encrypted navigation service for government users and sensitive applications through Galileo, the EU’s satellite-based navigation system.

OSNMA: Open Service Navigation Message Authentication enables the authentication of Galileo signals. This improves the robustness of the signal and ensures the signal has not been modified.

U.S. forces also can assess the integrity of PNT signals by correlating information presented by diverse sensors that have a limited attack surface, such as an atomic clock and inertial measurement units. If all the sensors agree, the integrity of the vulnerable sensors (such as GNSS receivers) is more assured. However, if one sensor disagrees with the others, that sensor may be considered suspect, either for failure or compromise.

Signal-behavior monitoring represents another method of assessing the integrity of PNT systems. By observing PNT signals for behavior such as dropouts, discontinuities, unusual signal fluctuations, data bit changes or other anomalies, this technique can detect a potential failure or false manipulation of the source.

Resilience

Improving the resilience of PNT systems is a primary objective for organizations looking to defend against EW attacks.

Anti-jam antennas and M-Code receivers are two common measures that aid in PNT resilience. Anti-jam solutions use smart technology such as controlled radiation pattern antennas to focus on satellite signals and away from interference. M-Code receivers use a higher-power signal to resist jamming and interference as well as encryption, among other security features, to thwart spoofing attacks.

And by combining different services and techniques, U.S. forces can overcome attacks that diminish one or more of these PNT defenses.

One common combination is the use of an inertial measurement unit with a GNSS receiver to provide navigation resilience along with a precision holdover oscillator for timing resilience. Because these devices are self-contained sensors and do not rely on outside references, they are virtually impervious to jamming and spoofing. However, tiny inaccuracies within these devices accumulate over time, rendering them less accurate than
GNSS, especially over long periods of GNSS denial.

A higher level of integration may add other navigational signals to supplement a PNT solution. For example, new low-Earth orbit satellites provide navigation signals similar to that of a GNSS but with a much stronger signal strength. These satellites are much closer to Earth and therefore more difficult to jam.

Further resilience may be achieved by using radio signals not specifically designed for navigation, such as those for cellphones or digital TV. Measuring the time delay from the transmitter or the angle of arrival of these signals — often called “signals of opportunity” — can be used to determine position. Combinations may include several diverse sensors, such as cameras, lidar (light detection and ranging), radar, and digital-map matching. Many autonomous vehicles use this approach in their piloting systems, combining visual sensing of the environment with knowledge of their surroundings stored in memory.

Artificial intelligence

Mobile systems are evolving to handle more powerful processors, greater memory and more advanced software, but artificial intelligence can also contribute to greater efficiency, particularly with regard to PNT applications.

For example, many commercial GNSS receivers use AI techniques to enable multipath reception in urban environments. AI has also proved effective in vision navigation systems, where it is used to recognize patterns for objects and reference points. In these scenarios, AI can navigate around objects and use them to enable more accurate navigation.

“AI is now being applied to NAVWAR situations by training algorithms to detect the presence of jamming and spoofing, and alerting the system to any threats. As new threats arise, the algorithms are updated so they continue to protect PNT systems.”
John Fischer, Vice President of Advanced R&D, Orolia

By analyzing patterns in information commonly provided by GPS receivers, such as position, velocity and time, algorithms can assess whether data may be suspicious and potentially the result of spoofing. For example, in 2021, the Department of Homeland Security published the PNT Integrity Library and Epsilon Algorithm Suite to protect against the spoofing of GNSS systems. The suite is intended to provide basic spoofing detection capabilities to PNT users without requiring modifications to an existing GPS receiver.

A major advantage of releases like this is that, as new threats arise, AI algorithms can ingest data of attack patterns and learn over time so they become more advanced in protecting PNT systems.

THE FUTURE OF PNT PROTECTION

Electronic warfare has evolved in the past decade, and the U.S. military and civilian leadership have made a greater effort to prioritize the development of defenses that can withstand attacks on U.S. systems.

For example, the National Science and Technology Council has published a national research and development plan for PNT resilience. That plan supports three overarching goals for greater service resilience, including GPS resilience and the development of additional PNT capabilities and services. It also prioritizes 14 research and development objectives to achieve these goals, which include modeling, simulation and testing of
PNT vulnerabilities. The plan calls for improving tools that can detect and mitigate PNT disruptions, and for determining how to securely integrate multiple sources of PNT service. The military also is working to develop PNT defenses. The Army’s annual PNTAX exercise at White Sands Missile Range, New Mexico, has been used to test a variety of technologies, including fire systems and munitions as well as navigation warfare sensor systems and architectures. During the testing, soldiers operated within an environment where access to PNT services is denied. They provided feedback on threats to GNSS systems and countermeasures to address these threats.

“It’s important to get soldiers involved in what’s being developed so it can be made in a way that benefits the soldier,”
Capt. John Sexton, Joint Munitions Command lead for PNTAX 20, U.S. Army

“It’s important to get soldiers involved in what’s being developed so it can be made in a way that benefits the soldier,” Capt. John Sexton, Joint Munitions Command lead for PNTAX 20, said in an Army report. “We need to have an intuitive system that’s easy to understand and operate in a stressful combat situation.”

By employing tools that can better monitor signals integrity, improve systems resilience and harness artificial intelligence for learning attack patterns, the U.S. military is establishing a foundation for protecting its valued PNT capabilities.

By Matt McLaughlin

About C4ISRNET:

C4ISRNET is the premier multimedia destination for defense and government communities to stay connected to technology and network innovations. C4ISRNET is dedicated to the technologies of communications, defense and intelligence IT, unmanned systems and sensors, GEOINT, and cyber. Officials rely on C4ISRNET for information on advanced weapons platforms, sensor systems, command and control centers and more. C4ISRNET can be found at c4isrnet.com and in the Defense News print publication. Defense News is a trusted source for coverage on new defense policies, legislation, market developments, trends, new products, technologies, defense leadership, military budgets, and more.

To receive alerts on the latest market intel from Defense News and C4ISRNET, including whitepapers, ebooks, articles and more, sign up for the Market Intel Newsletter at defensenews.com/newsletters.