Network security has long been a priority in the digital era, but until recently the brunt of activity has focused on hardening and protecting land-based infrastructure, since this carries the bulk of data communications. But satellite technology is responsible for more than just digital commerce – it plays a critical role in national and international security, weather monitoring, scientific research and a host of other important functions.

One set of critical vulnerabilities in satellite communications are the signals that govern positioning, navigation and timing (PNT). Failure to properly secure these transmissions could not only disrupt satellite networks but wreak havoc on a host of dependent systems as well. Only recently, however, has this vulnerability taken on greater urgency in commercial and regulatory circles, given the way satellite communications have become so interwoven with the global data ecosystem.

Government action

Last year, the US Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, issued a notification to all critical infrastructure owners and operators highlighting the vulnerabilities that impact PNT functionality. Of particular concern was the fact that the Global Positioning System (GPS) was the primary source of PNT data, and in many cases the only source. This presents a single point of failure that, if compromised either intentionally or unintentionally, could disrupt key information flows around the world. Equally troubling is the fact that recent technological developments have made it easier to broadcast fraudulent GPS signals.

In response, the agency is working with the National Institute of Standards and Technology to establish PNT profiles in support of a new Conformance Framework for GPS receivers. This will help harden PNT infrastructure and enhance the security of data streams by introducing standards-based technologies that can be more easily deployed across distributed architectures. This will take some time, of course, given the many technological issues and commercial interests involved.

The risk posed by a compromised PNT system extends way beyond mere data networks. Nathan DiPillo, a critical infrastructure analyst with the California State Threat Assessment Center, recently highlighted the number of dire consequences if PNT were to go down. Aircraft would be grounded, for one, water and electrical plants would curtail output, if not shut down altogether, and emergency services would be hampered significantly. All of these services rely on the accurate relay of PNT as they manage millions of digital transactions each day. Many of these functions are based on civil GPS, which is unencrypted and requires no proof-of-origin or authentication.

No service can be secured 100%, which is why developing an effective backup solution is critical.

As a matter of national security, we only need to look at the Russia-Ukraine war to see the need for a more resilient PNT system, says Geospatial World’s Nibedita Mohanta. Multiple organizations had already documented thousands of incidences of GPS spoofing and interference by Russia dating back to 2019, but the lead-up to the invasion saw a rise in activity directed at Ukraine – what one monitoring firm described as the “integration of electronic warfare tactics into Russian military operations to further degrade Ukraine’s ability for self-defense.” With diminished access to GPS, the Ukraine military’s ability to resist the invasion, which so far has cost more than 4,000 lives and has displaced millions, was degraded.

No service can be secured 100%, of course, which is why developing an effective backup solution is critical. ADVA’s new GPS-backup-as-a-service (GBaaS), for instance, allows service providers to better resist GPS and GNSS cyberattacks by enabling rapid and accurate restoration of data in the event of an outage. The system is based on the aPNT+™ platform that incorporates multi-band GNSS receivers and intelligent management software to provide a service-based approach to greater resiliency and higher network assurance. As well, the system is linked to a dispersed network of autonomous cesium atomic clocks and network backup timing feeds to maintain highly accurate timing of GNSS signals over lengthy time periods. 

In business, they say timing is everything. In the digital world, precise, continual timing can mean the difference between life and death. PNT vulnerability is finally getting the attention it deserves – and not a moment too soon.