GPS World

Tag: cyber threats

  • Can smart grids be protected from PNT cyberattacks?

    Can smart grids be protected from PNT cyberattacks?

    Nino De Falcis
    Nino De Falcis

    By Nino De Falcis, Senior Director of Business Development, ADVA

    Today’s critical network infrastructure is heavily reliant on positioning, navigation and timing (PNT) services. Power grids, financial markets, transportation, data centers, communications — all have become more complex and interconnected, while the threats to the PNT on which they depend have grown in frequency and sophistication. PNT systems are so vulnerable to the activities of cybercriminals that attacks may soon become global in scale and significance, with potential costs of billions of dollars.

    Utilities are a key example of infrastructure at risk. In the past, power networks were passive systems with everything simple and centralized, and with energy flowing in one direction only as AC power was provided to consumers. However, the growth in renewables and distributed energy resources has spurred diversification of the market, and a new paradigm of bidirectional AD and DC energy production and distribution has emerged: the smart grid.

    Timing Challenges

    Today, many smaller producers are generating power from multiple sources. The power grid has become a decentralized system and the flow of energy is now bidirectional. Energy from solar panels (microgrids), for example, can be generated by private individuals and either stored or fed back into the grid. Electric vehicles (EVs) are also becoming more common, and like all other nodes across the smart grid, charging points require precise timestamping of the massive amount of data they generate to balance power demand and supply.

    Precise timing is also key to rerouting power flows away from transmission outages, to locating power line faults, and for synchronizing distributed control and protection systems. Without highly accurate timing and synchronization, power grids are vulnerable to partial outages and even complete blackouts.

    That is why accuracy requirements of data timestamping are tighter than ever. In fact, they are shifting from legacy Network Timing Protocol (NTP) timestamping, which has millisecond accuracy needs, to Precision Timing Protocol (PTP) timestamping, requiring sub-microsecond accuracy. The syncrophaser now demands accuracy better than 1 microsecond.

    For fault location, we’re now at 100 nanoseconds. The micro-phasor measurement unit (PMU) is at less than 1 microsecond and substation LAN communication protocols have to be time-stamped at as low as 100 microseconds for GOOSE IEC 61850 and at 1 microsecond for IEC 61850 sample values. This is a big change from just five years ago when accuracy in all these categories was firmly in the millisecond range, and it’s a high bar that needs to be maintained by next-generation redundant systems, should GPS or ground-based timing become compromised.

    Photo: solarseven/iStock / Getty Images Plus/Getty Images
    Photo: solarseven/iStock / Getty Images Plus/Getty Images

    New Standards

    Guidelines for making PNT infrastructure fully redundant are being pushed by governments across the world. In the United States, regulations are being driven by Executive Order 13905 with the Department of Homeland Security (DHS) providing a framework for how assured PNT (aPNT) should operate. It states that PNT infrastructure must perform three core functions: prevent, respond and recover. Infrastructure must have the ability to prevent atypical PNT errors and corruption of PNT sources. If prevention fails, networks must be able to respond to detected errors or anomalies and then recover from those errors.

    The DHS framework outlines four resiliency levels. Level 1 has only one source providing PNT, while level 4 is a next-generation system leveraging multiple sources to derive and distribute PNT data. At Level 4, systems need to be self-survivable. This means they must function for long periods in the absence of a GPS timing source, or when ground-based timing sources have been otherwise compromised. There is even an IEEE P1952 resilient PNT standard in progress that will use this DHS framework.

    Rising Threats

    There are two categories of threat to PNT: external and internal. External threats include jamming (equipment that can block GPS is available off the shelf for as little as $20) and spoofing, which is the act of transmitting false GPS signals that trick receivers into calculating an erroneous position. Sophisticated cyberattacks can be in the form of either of these and spoofing (especially synchronous) is the most complex to detect.

    The two main internal PNT threats come from attacks on NTP and PTP network timing as well as active GPS receivers connected to the network.

    Legacy power grids have traditionally used NTP to distribute timing to substations, including IRIG, and this has already shown itself to be vulnerable to attack because it can be hacked by a process called NTP amplification.

    Today, power grids are increasingly migrating to PTP because it provides the sub-microsecond accuracy needed for modern applications. PTP also has not yet been hacked, but that does not mean it soon will not be. If an attack did occur on ill-prepared critical infrastructure, the results could be catastrophic.

    Secure Smart Grid Timing Components

    There are two components in the smart grid: telecom connectivity to transport data, and grid protection that has different level generation grid control, transmission and management. On the telecom side, there is the edge telecom network and sometimes there are data centers. There are either core or edge data centers and these are also equipped with very good timing. A key concept in the data center is time as a service and GPS backup as a service when GPS goes down. The smart grid can also leverage this service as it gives even more robust protection and security against threats to PNT. See Diagram 1.

    Diagram 1. A key concept in the data center is time as a service. (Image: ADVA)
    Diagram 1. A key concept in the data center is time as a service. (Image: ADVA)

    A Resilient and Assured PNT Solution

    As with other aspects of cybersecurity strategy, smart grids must employ a zero-trust framework of PNT sources. This approach never assumes that any one PNT source can be trusted. Instead, it uses a multi-source approach, verifying sources and comparing them to each other in real time to get the most accurate timing possible.
    To prevent and mitigate interruptions to GPS, smart grid operators should deploy a resilient and assured PNT solution. This means it’s based around three integrated technologies: multi-layer detection, multi-source backup and multi-level fault-tolerant mitigation.

    Multi-layer detection is performed through timing devices – either single or redundant – that have jamming and spoofing detection and monitoring capabilities. GNSS devices are also capable of comparing sources such as network PTP timing and they can be equipped with standalone, GNSS-backup clocks that leverage rubidium or cesium oscillators to obtain the most reliable timing information from other timing sources in the network.

    Multi-source backup comes in the form of a cesium or rubidium oscillator that can provide extended holdover. Backup can be further bolstered with other sources such as eLORAN, NIST and LEO.

    A neural network management system is an intelligent platform that ties everything together, from self-actionable recovery and assurance software to alerting users of issues in the network-wide timing infrastructure. It provides visibility and control of all aspects of prevention, mitigation and backup. The management system gives detailed operational data on the smart grid, showing the locations of the faults, the types of faults, and how PTP backup assurance is performing. Through capabilities powered by artificial intelligence and machine learning, the management and control system provides the end-to-end control, visibility, and trusted, assured PNT. It has all the intelligence to reveal threats and also take action against them, quickly recovering the network’s timing distribution capability, while keeping the network timing self-survivable. See Diagram 2.

    Diagram 2. Defending against PNT cyberthreats requires integrating multiple PNT technologies. (Diagram: ADVA)
    Diagram 2. Defending against PNT cyberthreats requires integrating multiple PNT technologies. (Image: ADVA)

    Mitigating Cyberattacks with a Defense-in-Depth Approach

    So, let us imagine there is a major attack on a smart grid. A jamming device has been used to block GPS reception on an edge grandmaster being used at a substation, while at the core of the network an ePRTC’s ability to receive GNSS signals has also been compromised. GPS is no longer viable as a source for timing in the smart grid.

    The intelligent software monitoring and management system is the first line of defense, detecting and alerting operators to the two or more attacks on GPS: one at the core of the network and one at the substation. The network timing capability of the whole smart grid has been compromised.

    Upstream from the substation, the core enhanced PRTC (ePRTC) has become an unreliable source of timing. However, it is equipped with a cesium clock that steps in to propagate trusted PNT backup into the substation and throughout the rest of the network. The cesium clock has no antenna, no RH signal, and is a stratum 1 clock that can propagate highly accurate timing (accurate to 1 microsecond over four months) throughout the network. It has now become the trusted source of timing until GPS can be re-established.

    Photo: Thossaphol/iStock/Getty Images Plus/Getty Images
    Photo: Thossaphol/iStock/Getty Images Plus/Getty Images

    Time for Multi-Source Protection

    The most crucial element of PNT is timing. Without timing there is no positioning or navigation — it is the enabler of both — and so the distribution of accurate timing must be our top concern when we build systems.

    For smart grids and all other critical infrastructure dependent on PNT to function, the cornerstone for secure and self-survivable timing networks is the concept of zero-trust. A multi-source approach to building timing networks will allow operators of critical infrastructure to leverage a combination of intelligent management software and timing devices equipped with adequate PTP holdover to respond to all threats to PNT.

    To see a real-world example of this approach in action, check out the DOE DarkNet program.

  • Focus Telecom’s GPS Resilient Kit protects against timing threats

    Focus Telecom’s GPS Resilient Kit protects against timing threats

    Photo: Focus Telecom
    Photo: Focus Telecom

    Focus Telecom has installed its GPS Resilient Kit (GRK) cyber protection system in the national time systems of the State of Israel at the National Physics Laboratory in Jerusalem.

    “A cyber protection system like the one installed in the National Laboratory, as well as many other systems we have developed to protect critical infrastructure, enable our customers to deal with the growing global threat and ensure the function of GPS-based systems, on which their business activity is based — even under jamming and spoofing attacks of various kinds,” said Shlomi Mazor, vice president of sales, Focus Telecom.

    The company has developed a holistic model made up of several layers that can protect a GPS-based organization, according to the company.

    Focus Telecom has been a leader in the field of synchronization and atomic clocks since 1995, and serves as Israel’s national timekeeper.

    The company’s technology can detect an attack on an organization’s time sources, neutralize the threat of intrusion into the organization, provide alternative time from a secure highly accurate source, and protect internal organizational time distribution through a fiber-optic protection system through which time protocols are transmitted. It provides alerts for spoofing or jamming attacks as they happen.

    Focus Telecom provides solutions in several layers, including secure NTP/PTP time servers, grandmaster atomic clocks, and radio frequency firewalls. These are protected by an active protection system that can detect and neutralize disruptions before they reach timing servers, and by additional technological solutions that provide effective protection against threats.

    Focus Telecom cites recent jamming and spoofing incidents as highlighting the need for protection. For instance, pilots reported  disruptions of GPS signals in June 2019, making it difficult to access Ben Gurion Airport. These disruptions resumed in January 2022 and pose a renewed challenge to pilots.

    In a May 2021 incident, farmers on the northern border and in the Gaza Envelope reported disruptions affecting the GPS-based guidance system installed in tractors used for sowing and harvesting.

    Focus Telecom’s systems are successfully integrated into the Israel Defense Forces, defense industries, financial institutions, communications companies, and Israel’s transportation, electricity and water infrastructure.

    Learn more about cyber threats on the company’s website.

  • Russia’s attack raises vulnerability concerns

    Russia’s attack raises vulnerability concerns

    Matteo Luccio

    Russia’s brutal aggression on Ukraine changed the world in a few days. Devastation and displacement in Europe already are on a scale unseen since World War II, and the risk of a catastrophe greater by orders of magnitude has not been as high since the Cuban Missile Crisis of 1962, the year I was born. Given the long production timeline of a monthly magazine, I will not venture a guess as to what the headlines will be on the day you read this.

    The Russian assault has sharply raised concerns about GNSS vulnerabilities. In a March 17 bulletin, the European Union Aviation Safety Agency (EASA) warned of a GNSS outage leading to the degradation of navigation and surveillance. Reports analyzed by EASA indicate that since Feb. 24, GNSS spoofing and jamming has intensified in the Baltic Sea, neighboring states, Eastern Finland, the Black Sea and the Eastern Mediterranean. “The effects of GNSS jamming and/or possible spoofing,” the bulletin stated, “were observed by aircraft in various phases of their flights, in certain cases leading to re-routing or even to change the destination due to the inability to perform a safe landing procedure.”

    Russia already has aided in the proliferation of handheld GPS jammers, the deployment of road-mobile jammers, and even development and testing of space-based jammers. Now, it could turn its substantial cyberspace hacking capability against the ground-control segments of GPS and Galileo.

    When Russia tested an anti-satellite weapon on Nov. 15, 2021, the Kremlin claimed on state television that this capability “means that if NATO crosses our red line, it risks losing all 32 of its GPS satellites at once.” This threat was particularly dangerous because GPS satellites carry, as a secondary payload, the U.S. nuclear detonation detection system.

    At a panel discussion about resilient GPS that I moderated at the International Wireless Communications Expo in Las Vegas on March 24, Diana Furchtgott-Roth, an adjunct professor at George Washington University and former deputy assistant secretary for Research and Technology at the U.S. Department of Transportation (DOT), titled her presentation “Russia Proves America Needs Backup GPS.” She cited the National Defense Authorization Act of 2017, the National Defense Authorization Act of 2018, and the National Timing Resilience and Security Act of 2018, which instructed DOT to provide a complement and backup for civilian GPS. The legislation required the Secretary of Transportation to put in place a backup system for GPS by the end of 2020, subject to congressional appropriations. However, she pointed out, these funds have not yet materialized.

    Multiple technologies can and should be used to complement GPS. Several of them are mature and commercially available, including signals from low Earth orbit satellites and terrestrial broadcast stations.

    Meanwhile, the United States should accelerate the launch schedule for GPS III satellites already produced. They provide better accuracy, anti-jamming capabilities, and opportunities for civilian connectivity that could offer critical assistance to its European allies.

    Matteo Luccio | Editor-in-Chief
    [email protected]

  • UrsaNav trials eLoran as GNSS backup with ADVA grandmaster clock

    UrsaNav trials eLoran as GNSS backup with ADVA grandmaster clock

    Successful eLoran field trial using ADVA’s OSA 5420 Series demonstrates same accuracy and stability as GPS with much-improved resilience

    UrsaNav and ADVA have conducted an enhanced long-range navigation (eLoran) field trial using UrsaNav’s eLoran receiver and ADVA’s Oscilloquartz grandmaster clock technology. The successful demonstration shows that eLoran offers a robust and reliable backup for GPS and other GNSS, and could be used to provide an assured position, navigation and timing (PNT) service.

    The trial follows U.S. PNT Executive Order 13905 aimed at strengthening national resilience through PNT services, including protecting critical infrastructure such as electrical power grid and communication networks from rising cyber threats. By harnessing ADVA’s flexible OSA 5420 series, designed with assured PNT (A-PNT) technology, UrsaNav has shown that eLoran can provide a new layer of protection and significantly boost timing resilience and security.

    “The success of this field trial demonstrates how eLoran, as part of ADVA’s assured PNT solution, can serve as a crucial backup for GPS,” said Charles Schue, CEO, UrsaNav. “We have shown how our technology enables ADVA’s grandmaster clock to receive UTC timing from the eLoran system for a period of several days with the same accuracy and stability as GPS. Of course, this capability is extensible to other GNSS as well. eLoran is far less vulnerable to unintentional jamming and spoofing disruptions or intentional attacks, thereby delivering nanosecond precision with even more resilience.”

    “By partnering with ADVA, we’ve been able to show that our eLoran receiver interoperates with the best network timing toolkit available,” Schue said. “The OSA 5420 Series is a great product — highly efficient and easy to operate. Together with ADVA, we’re paving the way for tomorrow’s more robust assured PNT synchronization architecture. Now that UrsaNav has demonstrated the power of our OSA 5420 Series to utilize eLoran in the event of outages, we have another very important tool to ensure the quality and availability of time-sensitive services.”

    UrsaNav’s latest trial used the OSA 5420 series grandmaster clock with built-in GNSS receiver. Timing stability from GPS was measured for several days. This was then replaced with eLoran for the same period with no loss of stability.

    The test was conducted indoors where GNSS signals are not usually available, potentially extending the availability of precise UTC timing to many more environments.

    “Commercially available GNSS jammers and spoofers are easy and cheap for attackers to acquire,” explained Nir Laufer, VP, product line management, Oscilloquartz, ADVA. “That’s part of the reason why we’re seeing a growing number of incidents across the world of blocked or misleading signals. If power utilities, enterprises, service providers and governments continue to rely on GNSS alone, it’s only a matter of time before the consequences become very serious. That’s why we’re committed to tackling GNSS vulnerabilities with advanced technologies like our ePRTC offering, cesium atomic clocks and our optical timing channel solution. Now that UrsaNav has demonstrated the power of our OSA 5420 series to utilize eLoran in the event of outages, we have another very important tool to ensure the quality and availability of time-sensitive services.”

    A demo showed how ADVA’s synchronization technology enables protection for critical infrastructure that needs ultra-reliable aPNT solutions. (Photo: Business Wire)
    The demo showed how ADVA’s synchronization technology enables protection for critical infrastructure that needs ultra-reliable aPNT solutions. (Photo: Business Wire)

  • Raytheon’s GPS OCX passes cybersecurity tests

    System prevented broadcast of corrupt navigation, timing data.

    Image: Raytheon
    The GPS Operational Control System’s launch and checkout system will control launch and early orbit operations and the on-orbit checkout of all GPS III satellites. (Image: Raytheon)

    Raytheon Company’s GPS Next-Generation Operational Control System, known as GPS OCX, has completed several cybersecurity vulnerability assessments that tested the system’s ability to defend against both internal and external cyber threats, the company said.

    GPS OCX, based at Schriever Air Force Base in Colorado Springs, Colorado, prevented the broadcast of corrupt navigation and timing data in all tests, bolstering the program’s readiness for the GPS III launch in December, the company added.

    “We’ve built a layered defense and implemented all information assurance requirements for the program into this system,” said Dave Wajsgras, president of Raytheon Intelligence, Information and Services. “We’re cognizant that the cyber threat will always change, so we’ve built GPS OCX to evolve and to make sure it’s always operating at this level of protection.”

    GPS OCX is the enhanced ground control segment of a U.S. Air Force-led effort to modernize America’s GPS system. The program has implemented 100 percent of the Department of Defense’s 8500.2 Defense in Depth information assurance standards without waivers, giving it the highest level of cybersecurity protections of any DoD space system.

    The first tests took place April 2-13, and were led by a contracted “blue team” that aimed to breach the system from within its information assurance boundary.

    The second round of tests took place May 16-20, and were led by an Air Force “red team” of cyber-penetration testers who tried to breach the system’s IA boundary from outside. The system worked as designed, validating it is secure.

    The assessments took place on the launch and checkout system, GPS OCX Block 0, which was delivered to the U.S. Air Force in 2017 as a fully cyber-secure satellite ground system.

  • Cyber Warfare: Report from the 30th Space Symposium

    Report from the 30th Annual Space Symposium, May 19-22, Broadmoor Resort, Colorado Springs, Colorado

    For the past five years, the first day of the National Space Symposium — now known simply as the Space Symposium, the largest symposium of its kind in the world — has started with an entire day dedicated to discussions of the cyber domain as it pertains to the DoD and civilian industry. The annual event highlights presentations from the major civilian cyber players and the senior cyber commander for the DoD, military services and government agencies. Several of the now-senior military officers worked for or with me as junior officers at some point in the past, and while that is an age-related humbling experience, it also makes me proud of them at the same time.

    One major talking point, among many, is crystal clear: the U.S. government and civilian enterprises alike understand that cyber security is a critical mission and that cyber warfare, especially from a nation-state point of view, is a credible and viable threat to every government and civilian program and and to everyone today.

    Major General Kevin McLaughlin, currently the commander of 24th Air Force and AFCYBER, the major command that takes cyber warfare to heart as a major mission, is one of those young officers in my past that make me proud today. Kevin was the luncheon speaker, and he put the Air Force role for cyber warfare in perspective as well as explaining how the Air Force role is integral to the overall Defense Cyber Enterprise. This integration role may seem like a small matter, but General McLaughlin’s explanation of Air Force and DoD cyber and IA (Information Assurance) synergy is critical to the success of his organization and mission.

    This is critical because throughout my Air Force career and even today I constantly encounter commanders that are quick — too quick in my book — to explain, usually with great passion, why their particular mission(s) are critically important and “unique” to the Air Force writ large enterprise. Unfortunately, history shows us that “unique” organizations within services do not always fare well in budget scenarios, especially seques-castration budgets.

    In my humble but experienced opinion, the senior officers commanding these “unique” organizations, be they cyber or otherwise, would fare far better if they conformed to Air Force budget requirements and still conducted their day-to-day unique missions just like a fighter pilot and fighter sortie. By that I mean you never know what you will encounter on a fighter sortie. You never know what the enemy will throw at you but you can rest assured that any plan, no matter how well conceived, will not survive initial contact with the enemy. The plan always changes and will hopefully be successful, but only because of flexibility, which has been described as the key to air power, and certainly not because of the “plan.”

    So, I was assured when Gen. McLaughlin described “A Day in the Life of a Cyber Warrior” just as I would a fighter sortie. Prepare for the known threat and expect the unexpected. Be innovative and flexible, and you may win the battle and live to fight another day, because make no mistake about it, cyber warfare is a life-and-death struggle.

    Fortunately, there do seem to be solutions that work, and a key point that was made numerous times by various speakers is that the small, small, usually local cyber warrior company is often times much more successful than the security behemoths that tend to get bogged down in their own administrative minutia. One of the companies mentioned was NDP, a small cyber and IA company in Boulder, Colorado, known for its work slaying the cyber dragons attacking the well-known SBIRS (Space Based Infrared System) program. The story goes that NDP, with only 50 employees, took on major global SBIRS cyber and IA issues and made it look simple. It is always the real experts that make it look simple. The chairman of one of panels really put it in perspective when he opined, “Would you really want Raytheon or Boeing providing anti-virus software for your home computer? Probably not! No slight to the mega companies intended, but I would go with the local, flexible and responsive small company, like NDP, every time.”

    Thankfully, a lot of what I heard this year, as opposed to years past, conforms to the scenario I just described. Bad cyber actors (villains), local or nation state, are anticipated, and while the white-hat cyber warriors win more times than they lose, it is clear there is currently no panacea for cyber and IA threats — just hard work, diligence and flexibility to hopefully win the conflict.