Critical infrastructure must not depend on GNSS timing

Recent events have reminded us of the vulnerability of GNSS systems and related positioning, navigation and timing services. Time to look at the risk this creates for the business continuity of critical infrastructure.
Ulrich Kohn
Satellite in space

In November 2021, a Russian missile destroyed a satellite in orbit. This led to fears about the risk that space debris would pose to astronauts working on ISS as well as the danger to other satellites. Considering Russia’s current aggression towards the Ukraine, the relevance of this act needs to be re-evaluated. And the Russians aren’t the only threat to satellites and their services.

There are a wide range of satellite-based services for communication purposes, including weather forecasting, positioning, navigation and timing (PNT) and many others. Some of these services are essential for critical infrastructure to operate. Communication networks, power utilities, transportation and manufacturing rely on precise time to synchronize their operational processes, accurately locate failures or assure the sequence of transitions. In many cases, their timing and synchronization requirements are satisfied by Global Navigation Satellite System (GNSS) receivers that obtain highly precise time information from satellites. 

But if GNSS systems are put out of service, the impact on businesses and societies can be enormous, both on a national and international scale. The ability to destroy a single satellite in space needs to be understood as the ability to put a GNSS constellation out of service. This is an extremely severe threat, and all measures should be taken to mitigate this risk. 

Attacking a GNSS constellation would be an ultimate measure in a very severe conflict, and it could knock out PNT services for many years. Other attack scenarios would not lead to complete destruction but to temporary disturbances. Jamming and spoofing attacks against GNSS receivers can be carried out in a limited area, such as a single industrial site, or a section of a mobile network. Nevertheless, the impact could still be devastating. There have already been reports about this kind of electronic warfare in Ukraine.

IT and OT teams need to understand how synchronization is delivered, monitored and backed-up in case of disturbances.
Tackling GNSS dependency

So how can we do it? Precise time can be supplied in different ways. In addition to satellites, there are also terrestrial microwave and fixed networks. Alternatively, a collocated clock can be used. 

Many applications have high accuracy requirements, which cannot be met by reasonably priced clocks due to insufficient stability. Microwave broadcast systems are available for distribution of timing. But these cannot compensate delay differences from transmitter to receiver, and so are also not very suitable for the delivery of highly precise synchronization. 

In many regions, fiber networks are available. These provide the very promising way to ensure robust and precise timing for critical infrastructure. With bidirectional connectivity from a clock to a time client, the delay of synchronization information between sender and receiver can be compensated. Precision Time Protocol (PTP) is a well-established technology for packet networks. PTP in combination with optical timing channels for DWDM provides a highly robust solution for terrestrial synchronization networks, delivering time from redundant core clocks utilizing cesium atomic clock technology.

Robust terrestrial backup

The need for resilient PNT services was made apparent by last year’s demonstration of the vulnerability of satellites to terrestrially launched missiles. Now, with the war in Ukraine, this need is clearer than ever before. In the past, we’ve seen many countries encouraging or requiring critical infrastructure to make their PNT services robust. The focus of these initiatives and regulations has been on regional disturbances of GNSS systems through jamming and spoofing attacks. Now though, the unpleasant and disturbing events in Ukraine have forced us to consider where we would be if there were long-lasting outages in one or even all GNSS constellations.

What action can IT and OT teams take? They should start by performing a thorough analysis of their network in order to identify any synchronization requirements. They need to understand how synchronization is delivered, monitored and backed-up in case of disturbances. If GNSS receivers are in service then the impact of prolonged outages must be investigated and addressed. We believe that a terrestrial GNSS backup is an urgent requirement to mitigate the risk of long-lasting outages of satellite constellations. 

In short, the threat landscape has been disrupted by the recent attack on Ukraine. Vulnerabilities of IT and OT networks due to GNSS outages must be looked at with fresh eyes, especially in regard to critical infrastructure. Thankfully, terrestrial timing networks offer a promising alternative. But the risk is significant, the threat is urgent, and the time to act is now.

Related articles