A plane carrying the European Commission President Ursula von der Leyen was targeted by GPS jamming while attempting to land at Plovdiv International Airport in Bulgaria on Aug. 31, according to a European Commission spokesperson.
Bulgarian authorities suspect Russia was responsible for the interference, European Commission Deputy Chief Spokesperson Arianna Podestà told CNN.
The Kremlin has denied the allegation. Spokesperson Dmitry Peskov told The Financial Times, which first reported the story, that the information was incorrect.
The plane landed safely despite the GPS disruption, with pilots reportedly using paper maps to navigate, according to a source familiar with the situation.
Von der Leyen was traveling as part of a seven-country tour of the European Union’s frontline states to rally support for Ukraine. The incident occurred as her charter flight approached the southern Bulgarian airport during her diplomatic mission to reinforce the bloc’s commitment to defending against Russian aggression.
Podestà told CNN that the incident highlighted the urgency of von der Leyen’s current trip to frontline member states, where she has witnessed daily threats from Russia and its proxies. The spokesperson noted it remained unclear whether attackers specifically targeted the flight or if it was caught in broader GPS interference operations.
Expert Insights:Searching for Resilience
This latest incident comes amid a dramatic surge in GPS jamming and spoofing attacks across the region since Russia’s invasion of Ukraine, creating an increasingly challenging environment for critical navigation systems.
European Commission President Ursula von der Leyen’s current tour through Poland, Bulgaria, Finland, Estonia, Lithuania, Latvia and Romania takes her directly through many of the continent’s GPS disruption hot spots. These nations have experienced some of the most severe interference with GNSS, making the timing of her defense-focused diplomatic mission particularly significant.
According to GPS World Editorial Advisory Board Member Mitch Narins, the current crisis represents the culmination of concerns that have been raised for more than twenty years. “Concerns and warnings regarding interference to GNSS have been raised for over two decades,” Narins explains. “Despite these concerns, attempts to install and upgrade alternative or complementary PNT systems on the ground and in aircraft have failed and resulted solely in increased investment in satellites and their signals, all of which are extremely low-power by design and vulnerable to interference.”
“Regrettably, the substantial financial resources required to fund these satellite projects have pushed for discontinuance of resilient ground-based alternatives and to consider them ‘cost offsets,’” he notes. The economic incentives have favored satellite constellation expansion over diversification, despite the vulnerabilities of space-based systems.
When it comes to alternative options, Narins explains, “For the cost of building and launching a single GNSS medium-Earth orbit (MEO) satellite, one could fund the replacement or installation and operation of many resilient ground-based systems for many years.”
The current approach to PNT systems represents a departure from fundamental systems engineering principles, according to Narins. “When initiating a customer need analysis, a systems engineer does not begin with the solution and work backwards,” he emphasizes.
Instead, the focus should be on meeting actual requirements: PNT systems must “always” provide the accuracy, availability, integrity and continuity of services necessary to support safety, security and economic well-being across thousands of use cases spanning every critical infrastructure sector.
“Therefore, resilience must be a critical part of a PNT system’s performance if it is to be considered a potential solution,” Narins said. Rather than pursuing interoperability between GNSS constellations — which still leaves users dependent on inherently weak satellite signals — the industry should have prioritized diverse solutions from the outset.
He added, “This is not a simple problem with a single, simple solution, but it is time to start thinking about resilience first and leaving the identification of solutions to a proper system engineering process.”
New Ways to Counter EW Threats
The dangerous GPS jamming of the plane carrying carrying European Commission President Ursula von der Leyen can be alleviated with advanced technology, according to Michael Biercuk, CEO of Q-CTRL, developers of quantum-based navigation systems:
“The incident regarding the European Commission President’s plane has raised GPS denial from inconvenience to a strategic security threat. This is why we’ve focused our quantum tech development efforts on building resilient quantum navigation systems truly immune to jamming and spoofing. This technology is not science fiction – it has been validated in flight to outperform the best existing GPS backups by up to 100X. Through our partnerships with Airbus, Lockheed Martin, and others we’re ready to help build resilience for European transport, defense and commerce.”
Chris Shaw, CEO and co-founder of Advanced Navigation also spoke on the incident, commenting “The answers to the GPS crisis are already here,” said Chris Shaw, CEO and co-founder of Advanced Navigation, which specializes in anti-electronic warfare navigation technology. “The problem isn’t innovation, it’s stagnation. GPS alone can no longer be treated as a reliable source of truth. What’s needed is a resilient architecture — inertial-centered and fused with multiple sensors — that keeps systems operating even when signals are denied or manipulated.
“The reality is that adversaries are moving at the speed of code, while government procurement still runs at the speed of bureaucracy. That gap is a national security risk. Unless governments adopt a new model of rapid integration and real-time collaboration with industry, they will continue to be outpaced.
“This isn’t optional. Survivability in GPS-contested environments depends on prompt deployment of inertial navigation. The companies pushing this forward aren’t just keeping up, they’re rewriting the playbook — and the cost of delay is measured in mission failure and compromised sovereignty.
“Ukraine has shown what’s possible. By demanding real-time software updates and rapid hardware upgrades in close collaboration with industry, its forces are reshaping autonomy, navigation, drone swarms and integrated defense systems at an unprecedented pace — allowing them to outpace adversaries.
“So why aren’t we applying this model more broadly beyond the battlefield? The solutions exist, with inertial navigation at the core. The real question is whether we’ll act before the cost of delay becomes irreversible.”
The GPS Collapse isn’t fiction — it’s a warning of what happens when action is delayed.
The Estonian news portal Delfi reports that a covert Russian military installation in the Królewiec region, just east of Poland’s border, is believed to be responsible for GPS interference affecting the Baltic states and the Gulf of Finland.
According to confidential sources, the facility’s primary mission is to monitor satellites and NATO communications, with the goal of undermining allied intelligence operations. Documents obtained by Delfi indicate that the base, located in Pioniersk, is part of Russia’s “Tobol” electronic warfare network.
The Tobol system is described as a network of surveillance, defense and command sites designed both to shield Russian satellite communications and navigation systems from NATO attacks and to disrupt NATO intelligence. The Królewiec facility, which focuses on satellite monitoring, was officially established in 2009 by the Russian Ministry of Defence. Similar installations are located across Russia, including near Moscow, Penza, Cheboksary and in Ulan-Ude, Siberia.
The Finnish newspaper Ilta-Sanomat, reports that Russia has been developing navigation jamming technology since the 1980s, initially as a counter to GPS-guided weapons. Those capabilities have since expanded in response to Western military equipment supplied to Ukraine.
Since the start of Russia’s full-scale invasion of Ukraine in 2022, incidents of GPS interference have increased in countries bordering Russia. Aviation and maritime navigation have been particularly affected, with pilots and ship crews reporting inaccurate or lost positioning data.
A closer look at potentially spoofed aircraft in the Middle East on Dec. 5, 2024. The map indicates that roughly 244 flights were potentially spoofed in Jordan and the surrounding areas. The level of spoofing is indicated by the color of the hexagons — the redder the hexagon, the more jamming was observed. (Photo courtesy of SkAI Data Services)
Electronic warfare techniques, such as GPS spoofing and jamming, are on the rise. With the increasing prevalence of this sophisticated form of warfare, industry experts must be aware of the threats and find ways to manage them to protect daily operations and civilians. It is important to contribute to the conversation about strategies to mitigate these risks.
SkAI Data Services has answered the call by creating a live GPS Spoofing and Jamming Tracker Map. The map — available at spoofing.skai-data-services.com — utilizes live ADS-B data from the OpenSky Network to identify and display potentially spoofed aircraft in real time and where GPS jamming activity was observed within the past few hours. SkAI Data Services developed the algorithms with the support of the Zurich University of Applied Sciences — Centre for Aviation.
The blue markers represent the positions of aircraft just before they were spoofed. Users can hover over the lines to view information about the affected flights or over the hexagons to access insights on the level of interference. (Photo courtesy of SkAI Data Services)
The map displays clusters that indicate areas where spoofed GPS positions of aircraft have been detected. The numbers within each cluster show how many flights were spoofed at that specific location.
The blue markers represent the positions of aircraft just before they were spoofed. The lines connect these real positions to their corresponding spoofed locations. The map also displays areas of potential GPS jamming or radio frequency interference, indicated by colored hexagons. The redder the hexagon, the more jamming was observed. While not all pre-spoofed locations can be detected, increasing the window duration will reveal more lines.
Similar to gpsjam.org, SkAI Data Services uses the reported navigation integrity category (NIC) to identify these zones. Users can hover over the hexagons to see the number of aircraft reporting good NIC (greater than 7), average NIC (between 5 and 7) and bad NIC (less than 5). SkAI Data Services also offers custom API endpoints to integrate jamming and spoofing data into third-party products.
The U.S. Space Force’s Space Systems Command (SSC) has awarded a $1.9 million contract to Slingshot Aerospace to enhance its GPS jamming and spoofing detection capabilities. This contract, Positioning, Navigation and Timing – Secure Electronic Navigation Threat Intelligence and Location (PNT-SENTINEL), aims to improve the company’s existing technology by incorporating advanced artificial intelligence and predictive analytics.
The PNT-SENTINEL program builds upon Slingshot’s previous work under the Data Exploitation and Enhanced Processing (DEEP) contract, awarded in October 2021. The technology developed through DEEP currently assists the U.S. Space Force in detecting GPS jamming and ground-based interference sources related to ongoing conflicts, potential future conflict zones and counterterrorism efforts.
GPS spoofing and jamming pose significant threats to both military operations and civilian infrastructure. Such interference can impact a wide range of operations, including satellite systems, ground and air operations and critical services such as commercial airline operations and vehicle navigation. The global reliance on GNSS has increased the importance of protecting these signals from interference.
Slingshot’s technology utilizes a mesh network of thousands of satellites to create a near-real-time picture of GPS jamming occurrences worldwide. This space-based approach offers a more comprehensive view of global jamming conditions compared to traditional ground-based detection systems.
As part of the contract, Slingshot will integrate its AI model, Agatha, into the PNT-SENTINEL system. This integration aims to enhance the technology’s ability to detect and differentiate between unintentional interference and deliberate jamming or spoofing attempts. The improved system will also implement pattern recognition algorithms to identify active jamming events and predict how situations may evolve.
The contract also includes provisions for expanding the system’s capabilities to monitor interference across multiple GNSS sources, not just GPS. This multi-GNSS processing will allow for a more complete, real-time view of jamming activities by incorporating data from allied nations’ spacecraft.
The PNT-SENTINEL system is designed to be interoperable with existing military systems, enabling near-real-time information dissemination to support rapid decision-making in national security operations. These enhancements aim to provide warfighters with a strategic advantage in GPS-contested environments.
On Dec. 12, 2024, the European Union decided to include Bulgaria and Romania in the Schengen visa-free zone. On the same day, Bulgaria’s capital, Sofia, began experiencing interference with GPS signals. The interference, as reflected in aviation ADS-B systems and reported on GPSJam.org, continued through the new year and is ongoing as of this writing.
While these two events may be entirely unrelated, Vladimir Putin has a history of using GPS jamming and spoofing to show his displeasure with his neighbors growing closer to the West.
On Dec. 15, 2023, Poland activated a U.S. Aegis anti-missile system near its border with Kaliningrad, Russia. On the same day, Russia began jamming and spoofing GPS signals in northern Poland and parts of the Baltic. That interference persists to this day.
The interference in Sofia may be contributing to a prolonged Bulgarian political crisis. Politicians there have been struggling to form a new government since elections in October. Dec. 10 saw the beginning of a new attempt. Interference with GPS can undermine overall confidence in government systems and institutions — another of Putin’s goals for neighbors with whom he is displeased.
Another, though less likely, impact may be on Bulgaria’s electrical service. On Dec. 25, 2024, 20,000 households in western Bulgaria (Sofia is in the far west) lost electrical power and the outage continued for days. Many grid operators use GPS timing to help manage their systems. While press reports put the outages down to heavy snow and fallen trees, increased difficulty managing the grid might also be a factor.
Bulgaria’s GPS interference appears to be coming from somewhere in Sofia, not from Russian territory, as is the case in the Baltic. Yet Russia may still be involved, at least in a supporting role.
Orolia developed the Skydel GSG-8, a PNT test solution in its GSG family of simulators, to deliver GNSS signal testing and sensor simulation performance in an easy to use, upgradable and scalable platform. (Photo: Orolia)
We discussed complementary PNT with Erik Oehler, marketing director at Orolia.
What are some of the most promising approaches to complementary PNT and how does simulation technology help?
5G is the most promising for the future. I believe the benefits in infrastructure, speed, precision, reliability, and the industry incentives 5G offer are superior to GNSS. Alternative signals of opportunity and new commercial satellite-based providers are always valuable as extra layers of resilience. However, PNT from 5G is not quite ready yet. There will be a transition period during which systems use GNSS and these signals of opportunity simultaneously, so simulation enables receivers of any complementary signal to be tested in the same environments and with the same potential threats faced by primary constellation signals.
How does Orolia fit in that mix?
Orolia has the most atomic clocks in orbit, including those aboard the Galileo constellation. We integrate anti-jam antennas and build Interference Detection and Mitigation (IDM) into our products. We partner with companies that offer alternative signals, such as STL from Satelles. Our SecureSync NTP and PTP time servers live in the world’s biggest data centers and support encrypted signals, such as M and Y code for our militaries. We innovate with industry leaders such as Meta on building a better PCIe Time Card. We offer edge time servers with the ability to automatically add Hoptroff’s Traceable Time as a Service. If 5G PNT becomes a standard, we are already providing industry leaders such as Anritsu with solutions for acceptance testing on a major carrier’s backbone. With our pending acquisition by Safran and access to a world-leading portfolio of INS components, we are one of the most qualified companies in the world to solve nearly any PNT challenge.
What kinds of complementary PNT are most useful in addressing specifically the challenges posed by jamming and spoofing, and how does simulation help?
In two technical notes published by NIST, they recognize STL as one of four recommended solutions for PNT resilience and the only one being both independent of GNSS and capable of sub-microsecond accuracy. Being closer to Earth, it is a stronger signal, making it 1,000 times less susceptible to jamming. Additionally, because it is encrypted it is inherently immune to spoofing. The aforementioned Hoptroff TTaS is time delivered over VPN, removing the outside environment component completely. For positioning and navigation, the integration of an IMU provides a contiguous PNT solution even during periods of GNSS denial, analogous to how an atomic clock provides precise time holdover during these denial periods. Combined with anti-jam antenna technology and IDM software, a robust PNT solution is always available.
Simulation helps by (1) identifying the vulnerabilities your PNT system might have (or could have in the future to evolving threats) and (2) verifying the total integrated resilient system. Our GSG-8 Advanced GNSS Simulator supports hundreds of GNSS full spectrum signals, custom signals, and hardware-in-the-loop testing of integrated IMUs at up to 1000 Hz iteration rate. Our Skydel Wavefront and Anechoic simulators can verify the most complex GNSS anti-jam antenna systems.
ViaLite’s RF-over-fiber systems can carry GPS/GNSS timing signals over long distances with very low signal degradation. However, the same cannot be said of GPS signals before they reach the GPS/GNSS antenna, as these weak radio waves are highly susceptible to jamming or spoofing.
Timing-critical infrastructures in areas such as defense and cyber security can now be protected from this kind of attack by installing one of ViaLite’s new GPS Protection Packages. The packages integrate either the GPS Resilient Kit or OtoSphere Protection Module products from Focus Telecom for jamming protection.
The GPS Resilient Kit has two GPS antennas, which enables the direction of the attack to be pinpointed. At its heart is the small OtoSphere Protection Module, which has a unique interference filtering algorithm that combines the patterns from the two omnidirectional antennas.
The module can analyze the direction from which the interference is coming and feed it into its algorithm, directing a null towards the unwanted signal to reject and reduce disruptions.
Using OtoSphere, GPS receivers are up to 50 times more resilient to jamming attacks on positioning, navigation and timing (PNT) systems compared with having no protection. The GPS receiver is able to continue working normally throughout the attack.
“ViaLite customers typically need the highest grade of reliability and service, particularly for critical infrastructure timing applications,” said Richard Jacklin, ViaLite sales director. “With the increase in jamming threats, both land-based and maritime, these Focus Telecom anti-jamming products are a perfect complement to our range of GPS/GNSS signal distribution solutions.”
The Protection Packages can be integrated into new installations or retrofitted to existing ViaLite systems. The GPS Resilient Kit and OtoSphere are already IP-rated, so they can be simply added to outdoor installations. Alternatively, for a full package solution, the OtoSphere module can be integrated into the ViaLite ODE-MINI outdoor enclosure.
The packages are suitable for use in critical infrastructure sectors such as defense, satcoms, utilities, cellular communications, broadcast, data centers and transportation.
Other Focus Telecom products, introduced by ViaLite, include the GPSensor for monitoring GPS frequencies and reporting intentional and unintentional attacks, and the GPS RF Switch which protects PNT systems from vulnerabilities by isolating them from the RF signals coming from the antenna.
The NTS-3 experimental satellite will be launched in 2023, according to reports from C4ISRNET and Space News. The United States military will use the satellite for positioning, navigation and timing (PNT) as a supplement to GPS.
The satellite was originally set to launch in 2022.
The Air Force Research Laboratory (AFRL) plans to use the additional time to reduce risks and conduct more ground testing.
Navigation Technology Satellite 3 will help guide future GPS satellites, a priority area for the military as the technology has become easier to spoof and jam. Among other features, NTS-3 will have steerable beams for regional coverage and a software-defined payload that can be reprogrammed on orbit.
AFRL discussed the delay in a media roundtable held Wednesday, reports C4ISRNET. AFRL Commander Brig. Gen. Heather Pringle said that shift was out of the lab’s control since the satellite will launch as a rideshare with a U.S. Space Force payload, and that launch had been pushed back.
AFRL plans to experiment with the satellite in geosynchronous orbit for one year, testing PNT signals and architectures as well as ground-based command and control systems and software-defined radios. Following testing, NTS-3 will transition to the U.S. Space Force and integrate into the service’s other PNT capabilities.
An international survey and analysis on GNSS interference detection and localization systems reveal the path forward for transportation and other critical infrastructure.
By José Luis Madrid-Cobos and Ana Bodero-Alonso, ENAIRE
Ignacio Fernández-Hernández and Eric Châtre, EC
Andriy Konovaltsev, DLR, and Christopher Hegarty, MITRE
An ENAIRE GNSS RFI monitor close to the Madrid-Barajas Airport in Madrid, Spain. (Photo: ENAIRE)
The received power of GPS and Galileo navigation signals at the antenna output of a user receiver is typically extremely small, from approximately –165 up to –150 dBW, which makes them inherently vulnerable to radio-frequency interference (RFI) caused by the emissions of other radio systems. This interference is often unintentional, such as from malfunctioning or spurious emission from a transmitter in the vicinity of the GNSS receiver.
However, we have seen numerous reports about the deliberate jamming of GNSS signals. The most frequent examples of such interference reports are caused by so-called personal privacy devices (PPDs) — low-power GNSS jammers used to locally disable the operation of GNSS receivers. Although the use of PPDs is illegal, they can be easily acquired on the internet. A $10 jammer with 100 mW of transmitter power is enough to degrade performance or disrupt GNSS receivers in a range of 10–100 meters. In the past decade, more complex and powerful jammers have also become available, along with spoofers — devices that create GNSS-like signals that fool receivers to provide false location or time solutions. A $100 software-defined radio bought online can be used as a spoofer.
ENAIRE (the Spanish air navigation service provider) conducted an international survey and associated analysis of GNSS RFI detection and localization systems. The survey was part of the EU–U.S. Working Group C Sept. 2017–Sept. 2019 Work Plan, with contributions of the European Commission (DG DEFIS), the German Aerospace Center (DLR), the U.S. Federal Aviation Administration (FAA), Eurocontrol, the MITRE Corporation and Stanford University. Working Group C promotes cooperation between the U.S. and EU on design and development of the next generation of civil satellite-based navigation and timing systems. The survey was conducted within the Resilience Subgroup focused on counteractions required in view of growing concerns over jamming and spoofing threats.
Manufacturers and Users
The survey was provided in two versions: one targeted to manufacturers and another to the users of interference detection systems. The two surveys were implemented online July 12–Oct. 26, 2018. There were 23 responses: 11 from manufacturers and 12 from users (see Acknowledgments below for companies that participated). Regarding the manufacturers’ responses, the nine surveyed companies represent about 50% of the market of RFI monitoring products available in 2018.
RFI Equipment Used
We present here the aggregated results of the RFI equipment manufactured and used by the participating entities.
Frequency Bands and Signals. The L1/E1 band is covered by all of the manufacturers’ and users’ surveyed products. L5/E5a and other bands are monitored in only 42% of the cases, or even less. Most RFI systems demodulate or analyze the GPS L1 C/A signal. Only 8% and 17% of users analyze GPS L5 and Galileo E5a, respectively.
Capabilities. 55% of the industry, and 25% of the users’ surveyed products, provide RFI localization capabilities, while 45% of the industry, and only 33% of the users’ surveyed products, detect some type of spoofing.
Power and Antenna Gain. Most of the systems achieve a sensitivity better than or equal to –120 dBm, meeting the International Civil Aviation Organization requirement for GPS and SBAS L1 airborne receivers to withstand interference (–120.5 dBm CW, in-band) after steady-state navigation has been established. The gain of antennas used in RFI detection systems ranges from 2 dBi up to 45 dBi.
Real-Time Bandwidth. The maximum real-time monitored bandwidth of the surveyed products ranges from 16 MHz up to 60 MHz in L1. Most of the products monitor a 20-MHz bandwidth (similar to the GPS L1 C/A reference bandwidth for pre-GPS III satellites, which is 20.46 MHz).
Spectrum Refresh Time. The time needed by the RFI detector to capture and process a plot of the RF spectrum in a specific band to look for interference signals ranges from 1 microsecond to 2 seconds.
Jamming Detection Techniques. The most widespread jamming detection technique is RF power monitoring (45% industry, 92% users), followed by digital beamforming (CRPAs), carrier-to-noise-density ratio (C/N0) monitoring and spectral analysis/transforms (see Figure 1). Note that RF power monitoring and automatic gain control (AGC) monitoring are in essence the same detection technique: AGC voltage levels — after calibration with a reference RF generator — can be converted into RF input power levels.
Figure 1a. Jamming detection techniques used by industry. (Chart: RFI survey)
Figure 1b. Jamming detection techniques of users. (Chart: RFI survey)
Spoofing Detection Techniques. The most widespread spoofing detection techniques are PVTF consistency monitoring (industry products, 27%) and correlation peak monitoring (users, 25%), followed by digital beamforming (CRPAs), C/N0 monitoring and spectral analysis/transforms (see Figure 2).
Figure 2a. Spoofing detection techniques used by industry. (Chart: RFI survey)
Figure 2b. Spoofing detection techniques of users.(Chart: RFI survey)
Localization. The most widespread RFI localization technique is direction/angle of arrival (DOA/AOA): 55% in industry products and 25% in users’ systems. AOA techniques used are correlative interferometer (phase-difference), Watson-Watt (amplitude-difference) and array signal processing. The AOA accuracy of surveyed products ranges from ±3° to ±10°.
Event Recording. For an interference event, most products record the time stamp, received power, central frequency, frequency spectrum, the spectrogram (frequency versus time plot) and the jammer type. Only 8% of surveyed users perform spoofing event recording (see Figure 3). 92% of users record RFI/spoofing events; half also report them to their national spectrum administration. Users have from one to 11 jammer detectors. Only four users have been registered with spoofing detectors, each using one.
Figure 3a. RFI events recording/database used by industry. Jammer classifications: Class I — continuous wave signal; Class II — chirp signal with one saw-tooth function; Class III — chirp signal with multi saw-tooth functions; Class IV — chirp signal with frequency bursts. (Chart: RFI survey)
Figure 3b. RFI events recording/database of users. Jammer classifications: Class I — continuous wave signal; Class II — chirp signal with one saw-tooth function; Class III — chirp signal with multi saw-tooth functions; Class IV — chirp signal with frequency bursts. (Chart: RFI survey)
Event Sharing. 75% of surveyed users are willing to collaborate in the creation of an international RFI and spoofing events common database, but the remaining 25% explicitly do not want to share their databases.
Future RFI Monitoring Equipment
Based on the analysis of the aggregated results from the survey, we identified some recommendations for improving RFI monitoring:
L5/E5a band. To be ready for introduction of the L5/E5a band into aviation operational use (expected by 2025), it is suggested that aviation organizations increase efforts to monitor and analyze the RFI situation in the L5/E5a band.
Spoofing detection. National organizations in charge of critical infrastructures should increase their efforts to detect spoofing (at least at the same level as jamming detection). Multi-constellation and dual-frequency spoofing detection should be promoted (not only L1/E1 spoofing).
GNSS RFI monitoring with enough bandwidth: The maximum real-time monitored bandwidth of the surveyed products ranges from 16 MHz to 60 MHz, while most of the products monitor only a 20-MHz bandwidth. The receiver reference bandwidth for E1 is 24.552 MHz, while for L1 GPS III it is 30.69 MHz. U.S.-EU GNSS RFI detection systems for critical infrastructures should be designed to monitor at least 31 MHz of bandwidth in the L1/E1 band, with 50 MHz recommended to cope with typical –3 dB bandwidth of pre-low-noise-amplifier (LNA) GNSS L1/E1 receiver filter. The same rule should be applied to other GNSS bands. Even more bandwidth for monitoring could be needed to cope with rare interferers, such as a high-power source, whether intentional or unintentional, radiating in near-band L1/E1 but not in the passband frequencies, bypassing the rejection of the receiver’s filters and degrading the GNSS signal reception.
Air Navigation
In the EU, performance-based navigation (PBN) will become the norm in all flight phases, and GNSS (with or without SBAS) will be the main position source, by June 2030. A similar scenario is being developed in the U.S. Conventional procedures and ground-based navigation aids will be used only in contingency situations. GNSS RFI can degrade the current GBAS CAT I (GAST-C) service in airports and could jeopardize safe operation of upcoming GBAS CAT II-III (GAST-D) service. GNSS also is the key enabler for ADS-B.
Therefore, it is critical for air transportation to improve its capability to detect radio frequency interference to GNSS and mitigate its harmful effects, both on the ground and in the air.
Ground Detection and Localization. These systems should be installed at and around all airports. ENAIRE has recently deployed an AOA RFI detection and localization system around the Madrid airport called DYLEMA. It consists of nine AOA RFI and spoofing detectors, two spoofing-only detectors, an IP communication network and a GNSS monitoring center operated 24/7. From this center, ENAIRE will report RFI events to the Spanish spectrum agency. Similar systems will be deployed in other large Spanish airports in the next years. In small airports, ENAIRE is deploying single-unit RFI detectors (one detector per airport, currently without the AOA feature). These systems are complemented by handheld and airborne spectrum analyzers equipped with directional antennas and RFI AOA features, used if an RFI event of high power or duration takes place.
Airborne Detection and Localization. Several initiatives are under study or initial design for airborne detection and localization systems, using current avionics receivers with no hardware modification or new hardware such as additional antennas in the aircraft. Future airborne RFI detection systems should include indoor coverage to detect jammers and spoofers in the airplane itself. EUROCONTROL is leading one of these initiatives using ADS-B. Given a reliable ADS-B data feed with suitable coverage information, a search algorithm could scan for outages. If the data is dense enough, it is possible to locate the source, even if the GNSS airborne antenna is omnidirectional with no AOA features. Another commercial initiative, GATEMAN, uses new GNSS antennas and components to provide AOA detection and localization features.
UAV-Embedded Detection and Localization. Detection and localization systems embedded in UAVs are not widely commercially available, but they will be useful to complement fixed or ground RFI monitoring systems, especially to detect fast moving mobile jammers and spoofers. A jammer moving at high speed could be found by a fixed detector, trigger the UAV take-off (collocated with the detector or close to it), and start tracking the target. If equipped with a camera, it could identify the vehicle carrying the jammer or spoofer. Such a system has to function in GNSS-denied scenarios, and needs to use sensors other than GNSS. Stanford University has recently developed a prototype of such a system.
Other Sectors
Shipping. RFI detection systems should be installed at and around harbors, where positioning requirements are the most stringent. Mobile AOA detectors can be installed in vessels. A DLR experiment integrated its GALANT GNSS RFI detector on a ship sailing from Spain to South Korea and back.
Railroads. Detection and localization systems should be installed at train stations and main railway junctions or switches. It is possible to install mobile detectors in trains to detect jammers inside the train apart from outdoor coverage to detect jammers outside the train.
Roads. Most PPD jammers in use are on roadways. Jammers not only jeopardize aviation and timing systems; they can jeopardize the safety of the coming autonomous road vehicles. We strongly recommend that police and road surveillance systems include jammers and spoofers as a daily target, to detect, localize and punish their users.
Supporting proposals include installing fixed detectors at tollbooths, road gantries or other points near roads; and using mobile detectors — for example, on police vehicles for locating a car that carries a jammer. Public transport services with enough vehicles (such as taxis or busses) could also detect RFI.
Smartphone Platforms. Initiatives are using smartphone crowdsourcing platforms to detect interference based on C/N0 or AGC measurements. At this time, only prototype apps for Android phones are available. The Apple iOS does not allow access to GNSS raw data. Android applications can include localization capabilities based on Time Difference Of Arrival (TDOA) or Power Difference Of Arrival (PDOA). Having a detection system in a mass-market product would create millions of detectors around the world. Reward programs by national or local administrations would encourage use of the app. User consent to obtain the data will be needed.
Space-Based Detection. Space-based detection is feasible to find medium- to high-power jammers and spoofers. Several projects have performed simulations, such as the ground to space threat simulator from Qascom and Spirent Communications. In this project, simulations achieved an error of less than 1.5 km using a medium-Earth-orbit (MEO) satellite as the RFI sensor and a 20-dBm static jammer on Earth, with 15 minutes of observation time. Also, an experimental program from the International Space Station has demonstrated that RFI can be detected from low Earth orbit.
The main issue of such detection systems is the cost to deploy all the satellites needed to have a global coverage with a low response time (2 hours or less to detect RFI). The performance of a space-based RFI system is better when using a LEO constellation (as, compared to an MEO system, it detects RFI with a lower transmitted power). One such system by HawkEye 360 was deployed in 2019. The company plans to operate a fleet of 30 satellites in LEO orbit, enabling it to gather new signals from any point on the planet within 30 to 45 minutes.
General Recommendations
Increased Effort Needed. Public administrations and transport service providers should increase their efforts to deploy GNSS RFI detection and localization systems. In parallel, governments should punish individuals or organizations using jammers or other types of illegal transmitters or emissions. Jamming and spoofing is illegal in the EU and the U.S. An increased RFI monitoring effort should be coordinated at the national or regional level to find synergies and avoid duplications.
Planned Interference. Government agencies, including national radiofrequency spectrum agencies, should coordinate nationally and internationally with air, rail, road, maritime and other critical infrastructure entities before any planned intentional interference is conducted, such as military exercises or protection of special events from potential terrorist attack. This coordination includes an analysis of the estimated area and airspace volume affected by the RFI, the associated notification to the GNSS users before and during the RFI radiation period (such as a NOTAM, Notice to Airmen), as well as the indication to use established alternative procedures (non-GNSS).
A Common Database. The creation of an international common database of GNSS RFI events could boost the fight against GNSS RFI. A specific action could define a standard of the RFI data format to be registered and shared in an international database, including a possible RFI classification (also defined and agreed to as part of the standard). One initiative related to the creation of an international GNSS RFI threats database was proposed by the EU-funded STRIKE 3 project in 2017.
Acknowledgments
The work presented in this report has been performed under the U.S.-EU Agreement on GPS-Galileo Cooperation, Working Group C, Resiliency Subgroup. The authors thank the participants of the Working Group and the Resiliency Subgroup — in particular, Eurocontrol and the FAA for distribution of the survey in the EU and the U.S., respectively. The authors also thank the organizations that participated in the survey: Spirent Communications, GMV, Centum Solutions, THALES, IDS AirNav, Chronos Technology, Innovationszentrum für Telekommunikationstechnik (IZT), Collins Aerospace, German Aerospace Center (DLR), Netherlands Aerospace Centre (NLR), Deutsche Flugsicherung (DFS), Direction des Services de la Navigation Aérienne (DSNA), Polish Air Navigation Services Agency (PANSA), Belgocontrol, ENAV and ENAIRE.
José Luis Madrid-Cobos is the technical manager of GNSS interference detection and localization systems at ENAIRE, the Air Navigation Service Provider in Spain. Ana Bodero-Alonso is the head of the Satellite Navigation Department at ENAIRE. Ignacio Fernández-Hernández is responsible for Galileo high accuracy and authentication at the European Commission. Eric Châtre is the head of the GNSS Exploitation and Evolutions Sector at the European Commission. Andriy Konovaltsev is a research assistant at Institute of Communications and Navigation of the German Aerospace Center (DLR). Christopher Hegarty is a technical fellow with The MITRE Corporation.
America’s space assets are in danger from an array of kinetic, non-kinetic, electronic and cyber threats. These are wielded by nation states, primarily China, Russia, Iran and North Korea, though there are other countries as well as non-state actors.
On March 30, the Center for Strategic and International Studies (CSIS) Space Threat Assessment 2020 released a catalog that highlights the ways essential space-based services Americans rely upon can be degraded or eliminated. But it doesn’t do much to “assess threats.”
That said, it is still an impressive, useful and informative document. Some of what it doesn’t say can be inferred, and it provides a clear conclusion for policy makers and others.
Threat assessments are typically undertaken to:
Identify potential dangers,
Evaluate their credibility,
Weigh potential impact, and
Estimate the probability of the threat turning into an incident
This CSIS report generally stops after accomplishing the first two tasks.
Nonetheless, it is very instructive in a several ways.
Interference with Space Systems
First, it is packed with examples of how America’s adversaries have armed themselves, and stories about interference with space-based systems. Whether it is information about China training troops to use direct-ascent weapons, or reports about Russia’s mass GPS spoofing, the report’s matrix of threat categories is well supported by examples of real-world events.
Second, while the report doesn’t overtly rank threats and adversaries, it is possible to infer some generalities by the attention the report devotes to each. Among potential adversaries, China was mentioned the most by far — 429 times. It was followed by Russia (275), Iran (206), India (141), and North Korea (132).
This word cloud from CSIS Space Threat Assessment 2020 shows that China received by far the most mentions, followed by Russia. (Image: RNT Foundation)
Jamming and spoofing
Jamming and spoofing seem to be the most credible threats and were mentioned 188 times, with ASAT and direct-ascent closely following with 179 mentions. This particular word count might not be reflective, though, as the report contains many more examples of real-world jamming and spoofing than ASAT and direct-ascent.
And of all the types of satellites that could be threatened, GPS/GNSS was the clear leader at 98 mentions, with communications and surveillance coming in at 42 and three, respectively.
In all fairness, at only 80 pages, it’s not possible for Space Threat Assessment 2020 to be an exhaustive analysis. And doing more would likely require making it classified. Then this exceptionally educational reference would not be nearly as available for the policy making audience that sorely needs it.
And it does provide an excellent bottom line for those making macro-level decisions about space policy and budgets going forward. From the report’s “What to Watch” section:
Electronic counterspace weapons continue to proliferate at a rapid pace in both how they are used and who is using them. Satellite jamming and spoofing devices are becoming part of the every-day arsenal for countries that want to operate in the gray zone — i.e., below the threshold of overt conflict. The jamming and spoofing of satellites has become somewhat common, and without strong repercussions these adverse activities could gradually become normalized…
One should expect that the rate of satellite jamming and spoofing incidents will only increase as these capabilities continue to proliferate and become more sophisticated in the coming years.
In March, the U.S. government received an unusual inquiry about GPS disruptions. It was from a user in Iran reporting what appeared to be “circle spoofing” — a phenomenon that had only previously been observed in China.
“Some of GPS devices received fake signal and show the fake valid location. Yesterday I test a device, it can get signal and give real position. After 10 minutes the device show moving around a big circle in tehran by 35 km/h speed. I can’t fix this problem by restarting the device.
“The GPS module time is correct but the location is not. I attach Excel file of data and map of the track. I can’t get any response from Communications Regulatory Authority (CRA) of The I.R. of Iran. Do you know about this?”
Here is one of the images provided by the reporting source:
GPS spoofing device in operation at Iran’s Army Command and Staff College. (Screenshot courtesy of Dana Goward)
A little internet research showed that the spoofing was taking place at or near Iran’s “AJA University of Command and Staff,” formerly called the “War University.” It is the staff college for Iran’s Army.
Reports to the U.S. government about GPS disruption are normally listed on the U.S. Coast Guard’s Navigation Center website. This one has not been posted. Coast Guard officials said that it is because the report was received by another agency and did not contain sufficient information. Attempts by Coast Guard personnel to contact the reporting source for more information to enable the report to be posted were unsuccessful.
GPS spoofing is often easiest to detect in maritime areas. Ship automatic identification system (AIS) transmissions include location data and are detected by satellite. The data is then aggregated and used by various companies for a number of applications. Viewing ship location reports over time has revealed thousands of ship receivers spoofed to airports in Russia, and hundreds spoofed into circles (presumably around the spoofing device) in China.
Clearly, though, any system that aggregates and displays GPS location data can help detect wide area spoofing activity.
Strava is a mobile app for runners and cyclists. The company aggregates location data and displays it on a heat map to highlight athletes’ favorite routes.
The Strava heat map for Tehran shows that circle spoofing has also been employed in at least one other location. The below screenshot shows GPS-enabled fitness trackers circling a government complex that houses offices for several defense and technology-related organizations.
This heat map shows GPS spoofing at a government complex in Tehran,which houses the Ministry of Defense, Communication Regulatory Authority, Telecommunications Infrastructure Company, and Ministry of Telecommunications and Technology. (Screenshot: courtesy of Dana Goward)
Iran was the first nation to publicly announce it had the ability to spoof GPS signals and seems to have used it to great advantage.
In 2011, a CIA drone that had been operating across the border in Afghanistan landed at an Iranian airfield. Iran’s government claimed that its forces had sent false signals to the drone’s GPS receiver in order to capture it.
At first, U.S. government officials said that this kind of spoofing was not possible. Several months later, Prof. Todd Humphreys demonstrated how it could be done to a drone at the University of Texas football stadium.
U.S. officials then admitted that spoofing was possible, but said it wasn’t what happened to the CIA drone. At the same time, they offered no alternate explanation of how the drone was captured.
In 2016 Iranian forces captured two U.S. Navy boats that had strayed into Iran’s territorial waters. This was just after President Obama had succeeded in pressing that nation to give up nuclear weapons research, and was on the same day as Obama’s last State of the Union address. There was little reason for the U.S. Navy boats to have veered so far off course, and it was clear that the Iranian Navy was waiting for them.
Many speculated that Iran had spoofed GPS signals to lure the U.S. Navy boats into Iranian waters. U.S. officials have denied that this was the cause of the incident, but have not publicly offered an alternate explanation other than “mis-navigation.”
During heightened tensions in the Persian Gulf in 2019, Iran shot down a U.S. surveillance drone and President Trump seemed ready to launch a retaliatory strike. This was called off at the last minute. According to some reports, the strike was canceled because of the likelihood the drone was in Iranian airspace at the time.
At about the same time British intelligence was warning merchant vessels in the area that Iran was attempting to use GPS spoofing to lure them into Iranian waters as a pretext for seizing the ships.
While the Middle East has been a hotbed of jamming and conventional spoofing for years, these recent circle-spoofing incidents are the first of the kind we know of in the region. It may well be that Iranian forces have recently received equipment from China and are experimenting with it. They could also be using it to deter GPS guided drones and disrupt other surveillance systems in the vicinity of sensitive government facilities.
Precise timing grandmaster with gateway clock and high-performance boundary clock enhances 5G mobile network phase protection
To help 5G mobile providers, cable operators and utility providers ensure phase delivery, protection and synchronization even when GNSS is offline, jammed or spoofed, Microchip Technology Inc. has released software version 2.1 for its TimeProvider 4100 precision timing grandmaster.
TimeProvider 4100 is a 1588 grandmaster including support for the latest ITU-T G.8275.1 and G.8275.2 1588 phase profiles, complemented by extensive port fan-out for PTP, Network Time Protocol (NTP), SyncE, and E1/T1.
Software release 2.1 builds on earlier versions by adding key software enhancements providing a virtual Primary Reference Time Clock (vPRTC). Virtual PRTC provides the ability to design a redundant precise time distribution architecture for phase protection over an optical network.
Until recently the main source of precise time has been GPS and other constellations that comprise GNSS. Deployment of GNSS, however, can be costly for service providers given the costs associated with upgrading to GNSS-capable receivers and antennae as well as increasing densification of end points.
As a result, telecom, cable and utility operators deploying vPRTC benefit from solutions where GNSS dependency is reduced or eliminated. Following are key features of the new vPRTC functionality:
Leverages the existing optical network, avoiding high-cost dark fiber expenses
Uses a dedicated lambda to transport time precisely and securely
Provides a high-performance, redundant source of time through enhanced PRTC (ITU-T G.8272.1)
Allows bidirectional, precise time flows (east and west)
Chains together high-precision, multi-domain, high-performance boundary clocks that meet today’s standards (T-BC Class D, as defined by ITU-T G.8273.2)
Microchip’s vPRTC multi-domain architecture is a cost-effective solution providing a high-performance, redundant, sub-5 nanosecond distribution of precise time over regional and national networks.
In addition, Release 2.1 introduces Network Time Protocol daemon (NTPd) with Message Digest (MD5) security algorithm.
TimeProvider 4100 2.1 meets PRTC-B performance standards (per ITU-T G.8272) and supports 1G and 10G, NTP and PTP in a single form-factor system. TimeProvider 4100 2.1 is available now for both new and already deployed systems.
