The UK Royal Institute of Navigation has released a special report on GNSS-interference and its impact on the maritime sector.
Impacts of GNSS Interference on Maritime Safety is a special report by the RIN Maritime GNSS Interference Working Group on the impacts of GNSS Interference. Survey data was compiled from more than 100 sector experts and 300 vessel captains, supported by interviews with dozens of people involved in the operations and supply chain of vessels that regularly encounter GNSS interference.
GNSS interference refers to anything that disrupts a ship’s satellite-based positioning signals, usually caused by jamming and spoofing.
In 2025, at least two collisions and groundings were reported in mainstream media linked to GNSS interference in regions such as the Baltics, Straits of Hormuz and the Red Sea. With hundreds of vessels being affected daily, the RIN report details for the first time the scale of the problem on modern digital vessels, where GNSS jamming and spoofing present a significant cybersecurity vulnerability and urgent risks to maritime safety.
Survey data exposes the vulnerability of critically important systems such as Global Maritime Distress and Safety Systems (GMDSS) and other SOLAS-mandated equipment that rely on satellite positioning and timing.
“The report has highlighted serious safety concerns and has underlined the fact that these issues are rooted in significant cybersecurity vulnerabilities, and are not just disruptions to navigation,” said Ramsey Faragher, director of the RIN.
Operating within regions of known GNSS interference carries serious safety-of-life and liability implications, as key systems are expected to fail or malfunction with high probability in these conditions. The report also highlights unnecessary dependencies between GNSS receivers and a range of onboard electronics — including radar, radios (VHF/MF/HF), Navtex, speed logs, ship clocks and satellite communications — many of which do not require GNSS data for their primary function, creating avoidable points of failure and compounding operational risk.
“The issue of GNSS interference must be taken seriously. It cannot be overcome by traditional navigation techniques when GNSS receivers are ‘baked in’ to modern ships’ critical systems, including safety systems,” said Ivana-Maria Carrioni-Burnett, maritime captain and chair of the RIN Maritime Navigation Group. “These are no longer isolated incidents and pose a real risk to life: people, property and the environment. We must do more to safeguard our seas today and the shipping of tomorrow.”
“Despite measures to improve resistance to jamming, spoofing and other harassment measures, the threat is real and growing,” said Retired Commodore James Taylor OBE and fellow of the RIN advises. “And this threat is not only to positioning and navigation; it is to every part of every transport and navigation means and to every part of national infrastructure where timing is derived from space-based timing signals.”
The Royal Institute of Navigation will continue to work with report partners (GLA, IALA, Nautical Institute and others) and regulatory bodies to provide expert guidance to mitigate these issues, and to establish industry-wide adoption of solutions to this problem. RIN thanks National PNT Office for its support.
From left to right: Sylvain Loddo, director of the Galileo ground segment program at ESA, Ennio Guarino, head of the EGNOS and Galileo programs at ESA, Lionel Salmon, director of cybersecurity for information systems at Thales, and Alexandra Porez, director of cybersecurity for satellite systems at Thales. (Image: Thales)
Thales and the European Space Agency (ESA) will be working together on the cybersecurity aspects of the Galileo Second Generation (G2G) program.
Under the partnership, Thales’ scalable and flexible architecture, and security equipment will enable the G2G program to strengthen its ability to detect and respond to new cyberthreats. The end-to-end solution Thales proposed will contribute to the development of greater security and resilience of satellites.
In addition, Thales Alenia Space has partnered with the ESA to design and build the G2G ground mission segment, as well as support system engineering and technical assistance activities. The company also will provide six of the 12 satellites of the constellation.
The second-generation ground mission segment is designed to generate and connect the navigation services to the Galileo satellites and to keep the satellites synchronized with a common time reference. The first version will arrive in time for the launch of the first second-generation satellites and for the validation of the system’s in-orbit capabilities. The second version will be responsible for the missions of both the first- and second-generation Galileo satellites.
The new ground mission system, which includes several major technological innovations, will provide more than four billion users worldwide with improved performance in terms of positioning, navigation and synchronization.
Viavi Solutions has unveiled the PNT-6200 Series Assured Reference for resilient positioning, navigation and timing (PNT). Viavi acquired Jackson Labs Technologies in November 2022.
The PNT-6200 Series Assured Reference provides resiliency and robust cybersecurity for critical infrastructure.
The compact system can supplement or replace GPS signals based on connectivity to the broadcast range of timing sources in the market including other GNSS satellites, and commercial satellite, terrestrial, wireline, and atomic clock services. The PNT-6200 Series will draw the timing signal from the most reliable source and use it as a replacement for the GPS input, enabling continuous operation.
The PNT-6200 Series will be showcased at Mobile World Congress in Barcelona, Feb. 27-March 2.
AUVSI’s effort is designed to expand the number of vetted uncrewed aircraft systems (UAS) that meet congressional and federal agency drone security requirements.
DIU accelerates commercial technology for national security. Its Blue UAS program launched in 2021 is aimed at prototyping and scaling capable and secure commercial UAS technology for the Department of Defense (DOD).
“The goal of this new pilot initiative is to extend relevant cyber credentialing across the U.S. industrial base, proactively, streamlining and accelerating capabilities available to the DOD and the rest of the U.S. government,” said Brian Wynne, AUVSI president and CEO. “We are grateful for DIU’s partnership and look forward to working with them to make the U.S. drone industry more resilient and secure.”
AUVSI efforts will streamline the vetting process and expand potential small UAS entrants to the government through its Trusted Cyber Program. The industry-led cyber compliance effort will work with a suite of cybersecurity firms to provide technical cyber assessments. DIU, DOD and other government organizations can then conduct additional vetting if needed.
The Blue UAS program has helped establish a cybersecurity baseline and coordinate government efforts to streamline the approval process for commercially available NDAA-compliant drones. Thirteen drones are scheduled to be added to the Blue UAS Cleared List, but demand for additional cleared drones with new capabilities has outpaced DIU’s ability to scale this critical program, because of limited funding and manpower. Because of its unique position in the market, AUVSI and its Trusted Cyber Program will provide this cybersecurity certification pathway to the commercial industry in close coordination with DIU.
“Commercial-off-the-shelf UAS are increasingly relied upon by federal agencies as critical tools to conduct diverse operations,” said David Michelson, DIU program manager for Blue UAS. “Partnerships with industry that make it easier for federal users to access commercial technology will help achieve the program’s goals.”
The U.S. Department of Transportation’s Federal Aviation Administration (FAA) has announced $4.4 million in drone research, education and training grants to seven universities.
Research will focus on three areas:
electromagnetic compatibility
detect-and-avoid classifications
cybersecurity oversight.
“This funding and our ongoing partnerships with these universities will allow the FAA to safely integrate the airspace that has a growing number of diverse aircraft users,” said FAA Acting Administrator Billy Nolen.
The research initiatives and grant awardees include:
Evaluate Unmanned Aircraft Systems (UAS) Electromagnetic Compatibility
This research will assess the risks, identify drone design vulnerabilities, identify material and procedural mitigations, and propose guidance for safer electromagnetic compatibility with emitted and static fields.
University of North Dakota, $325,042
University of Kansas, $325,000
Drexel University, $325,830
Investigate Detect-and-Avoid Track Classification and Filtering
This research will provide proposed metrics, guidance and test methods to assess the effects of false or misleading information on detect-and-avoid capabilities. The findings will support beyond-visual-line-of-sight operations.
The Ohio State University, $732,441
Embry-Riddle Aeronautical University, $371,000
Mississippi State University, $330,000
University of North Dakota, $80,000
Illustrate the Need for UAS Cybersecurity Oversight and Risk Management
This research will address UAS cybersecurity oversight and risk management as it pertains to the National Airspace System and other FAA systems.
The ASSURE Center of Excellence is one of six that the FAA has established to help advance technology and educate the next generation of aviation professionals. Research conducted through ASSURE is focused on helping the drone market safely grow and integrate into the nation’s airspace.
More than 800,000 recreational and commercial drones are in the active drone fleet, and that number is expected to grow.
A PNT expert suggested that my piece titled “Opposite and Complementary: eLoran is part of the solution to GNSS vulnerability” in our November 2021 issue could be augmented with information not currently available on the proposed eLoran capability. This expert also questioned my statement that eLoran “does not have any common failure modes with GNSS” and pointed to potential common threats such as from cyberattacks, physical attacks, and space weather.
Matteo Luccio
I welcome such feedback on the contents of these pages — and agree that in this case some hard questions are warranted. So, in the interest of further exploring the use of eLoran, I pose some questions, hoping that its advocates will provide answers. I know that at least some of them will not shy away from this challenge.
Please note that I wish to keep the discussion on positioning, not the easier question of timing, because that was the primary focus of my article. I also wish to address long-term outages (weeks or months), which would have a greater impact on the United States.
Some of these questions have been addressed, at least in part, in various studies and proposals, most of them now more than a decade old. So, it would be helpful to update those answers and consolidate them in the pages of this magazine.
1. Accuracy specifics. While my November article stated that eLoran would have a two-dimensional accuracy of “better than 20 meters, and in many cases, better than 10 meters,” is that RMS, 95%, or some other statistic?
2. Performance standard. GPS provides a commitment to users in a published performance standard. What specific measures of positioning accuracy, integrity and continuity would you recommend the proposed eLoran system be committed to provide (using the architecture described in the answer to Question 6)?
3. Coverage. Would you recommend this eLoran positioning performance hold for the entire United States (including Alaska, Hawaii, Puerto Rico and other territories), only for the “lower 48” states, or only parts of these 48 states?
4. Current users. By number of users, the predominant common current civil uses of GNSS for positioning are consumer devices (mostly cellphones). By contribution to the U.S. economy, the predominant uses are high-precision applications. For what fraction of these uses would eLoran positioning be adequate? Could an eLoran receiver and antenna fit in today’s consumer devices?
5. Future uses. Emerging civil uses of GPS for positioning include autonomous ground and air vehicles, navigation to space and in space, and lane-accurate car navigation. Which of these could be served by eLoran?
6. Architecture. To maintain accuracy during a prolonged GPS outage, eLoran would require reference stations to calibrate time-varying propagation errors, as well as a certain number of transmitters for good nationwide geometry and for redundancy, ensuring service even if a transmitter is attacked or is taken off-line for maintenance. What architecture would you recommend to achieve this?
7. Infrastructure cost. What would be the cost of installing the required transmitters, power supplies, reference stations, communication links and control system for the architecture described in the answer to Question 6? Can you reference a recent and independent estimate? To a ballpark figure, what cost fixed-price contract would you accept to implement it? Similarly, what would be the annual costs for operating and maintaining this infrastructure?
8. Impact. eLoran transmitters are large and high-power. Providing positioning across the United States could require building some of them from scratch or significantly reconstructing old Loran sites. What issues — such as environmental, aviation safety and security — would this raise, and how would you recommend they be addressed?
9. Receivers. Assuming all the above were achieved, it would accomplish nothing unless eLoran receivers were widely purchased, installed and used. How much would that cost? Who would pay? Should we assume that “if we build it, they will come”?
10. Alternatives. Given the widespread development of other positioning technologies over the past decade, much has changed since the earlier recommendations for eLoran. How do we know that eLoran is the right investment — or even a needed part of the solution or needed system in a system of systems — for the future of U.S. PNT?
Common threats to GNSS and eLoran could include the following:
1. Cyber attacks. Given that GPS’s OCX is said to be the most cybersecure system built by the U.S. Department of Defense, how would eLoran’s control system be even more cybersecure than OCX, to avoid a common cyber-vulnerability?
2. Physical attacks. Given concerns about possible physical attacks on GPS satellites, which move at multiple km/sec 20,000 km from Earth, would it not be easier to physically attack eLoran transmitters, which are stationary, terrestrial, in remote locations, and hundreds of feet tall and require massive power sources?
3. Space weather. GPS is potentially vulnerable to severe space weather that could damage satellites or temporarily hinder signal propagation from space to Earth. However, severe space weather could also damage the power grid upon which megawatt eLoran transmitters rely. How would eLoran service be protected from the effects of severe space weather, such as a Carrington Event?
Send me your thoughts at the e-mail address below, with “eLoran” in the subject line.
In June 2019, Regulus Cyber’s experts successfully spoofed the GPS-based navigation system of a Tesla Model 3 vehicle. This experiment provided an important warning for all companies using GNSS location and timing: these technologies, on which they depend, are highly vulnerable to spoofing attacks. In the two years since the experiment, companies and governments have continued to research the potential harm that can be caused by spoofing attacks and are learning more about how to defend themselves from them.
The Tesla experiment was groundbreaking because it was the first time that a level 2.5 autonomous vehicle was exposed to a sophisticated GPS spoofing attack and its behavior recorded.
We chose Tesla’s Model 3 because it had the most sophisticated advanced driver assistance system (ADAS) at the time, called Navigate on Autopilot (abbreviated NOA or Autopilot), which uses GPS to make several driving decisions. However, this experiment exposed several cybersecurity issues potentially affecting all vehicles relying on GPS as part of their sensor fusion for autonomous decision making.
NOA makes lane changes and takes interchange exits once a destination is determined, without requiring any confirmation by the driver. Its several other features include autonomous deceleration and acceleration according to the speed limit, autonomous lane changing, and adaptive cruise control.
These features use a variety of sensors, including cameras, radar, speedometers and more. The researchers wanted to test the extent to which the Model 3 relied on its GNSS receiver to make these driving decisions and how it behaved when receiving contradicting information from its GNSS receiver and its other sensors.
The researchers used hardware and software purchased online to mimic the tools potential hackers would use. The experiment involved two software-defined radio (SDR) devices purchased online, one to spoof GPS and one to jam all other constellations, connected to an external antenna to simulate an external attack. The software used to simulate the GPS signal was downloaded from an online source, available for free.
The test included three scenarios the researchers assumed would involve usage of GNSS, each one using a different spoofing pattern:
Scenario 1. Exiting the highway at the wrong location
Scenario 2. Enforcing an incorrect speed limit
Scenario 3. Turning into incoming traffic
A Tesla Model 3 was remotely hacked in a test of a GPS spoofing attack. (Photo: Regulus Cyber)
Scenario 1: Exiting the Highway at the Wrong Location
The car was driving normally at a constant speed of 95 KPH with NOA enabled. The destination determined for this ride was a town nearby and the car designated a certain interchange as the destination for an autonomous exit maneuver. The experiment began 2.5 km before the vehicle reached that interchange; however, the researchers’ fake GPS signal resulted in coordinates of a location on the same highway but only 150 m before the exit.
As soon as its GNSS receiver was spoofed, the car assumed that it had reached the correct exit and began to maneuver to the right, activating the blinker, slowing down, turning the wheel, and crossing a dotted white line to its right side, exiting to an emergency pit-stop, confusing it with the exit 2.5 km ahead.
To be clear, this would not have happened at any location along the highway, because sensor fusion with the radar and the camera enables the car to avoid physical obstacles and ensures that it does not cross a solid white line that makes a turn illegal.
The spoofing attack succeeded, in that it enabled the attacker to remotely manipulate the car’s sensor fusion and make it exit the highway at the wrong location.
Scenario 2: Enforcing an Incorrect Speed Limit
The car was driving to a random city far away on a highway, at a constant speed of 90 KPH, which was 10 KPH below the highway’s speed limit, with NOA enabled. The researchers generated a fake GPS signal, with the coordinates of a nearby town road that has a speed limit of 33 KPH. Shortly thereafter, the vehicle assumed the speed limit had just changed to 33 KPH and instantly began decelerating. Each time the driver attempted to accelerate using the gas pedal, as soon as he lifted his foot off the pedal the car engaged in heavy braking to quickly decelerate back to 33 KPH.
To be clear, this would not have happened if NOA had been turned off. The cruise mode can be disabled by either using the touch screen or by pressing the brakes, which would allow the driver to regain full manual control over the vehicle’s speed.
Again, the spoofing attack succeeded, in that it allowed the attacker to remotely manipulate the car’s speed and made it enforce a speed limit much lower than the actual one on the highway.
Scenario 3: Turning into Incoming Traffic
The car was being driven manually on a two-lane road with one lane in each direction, the type of road on which NOA cannot be used. The researchers generated a fake GPS signal, with coordinates of a nearby three-lane highway, with all lanes in the same direction. Furthermore, the spoofed location was 150 m from a designated exit that the vehicle’s navigation system was programmed to take, requiring a left turn.
Shortly after the car’s GNSS receiver was spoofed, the vehicle assumed it was on a highway and engaged NOA. Next, it triggered the exit maneuver, which began with activating the left blinker, followed by turning the wheel to the left. The driver had to quickly grab the wheel and manually drive the car back to its lane to avoid a collision with oncoming traffic.
To be clear, this kind of scenario would not be possible without the driver enabling the NOA. Once a Tesla driver enables NOA, it automatically turns on once the vehicle is on the highway with a set destination. This is why the researchers assumed that NOA would be turned on by default, and as long as NOA is activated, the vehicle is susceptible to the attacks mentioned in the experiment.
Once again, the spoofing attack was successful in that it enabled the attacker to remotely steer the vehicle into the opposing lane, placing it on a direct collision course with oncoming traffic. Out of the three scenarios described, this one proved that GNSS spoofing can endanger lives.
The hardware used for the GPS spoofing test. (Photo: Regulus Cyber)
GPS Cybersecurity for Automotive Applications
The NOA system in the Tesla Model 3, being an ADAS, allows drivers to rely on the car and its sensors for basic driving functions. Therefore, it enables drivers to briefly take their hands off the wheel and reduces the number of actions they are required to take. Nevertheless, drivers are still required to be fully attentive to the road so that they can take control of the vehicle at any time.
However, since this spoofing attack had such a sudden and instant impact on the car’s driving behavior, a driver who is not fully attentive and aware would not be prepared to quickly take control and prevent an accident. By the time the driver notices that something is wrong and reacts, it might be too late to prevent an accident. Already drivers have been found sleeping at the wheel, driving under the influence of alcohol, and doing other inappropriate tasks with NOA engaged.
Furthermore, this situation assumes a level 2.5 autonomous vehicle as was tested. But what happens in level 3 vehicles, in which driver engagement is limited, or level 4 and 5, in which driver response is non-existent? This research provides us with a glimpse into the crucial importance of sensor cybersecurity and particularly of GNSS cybersecurity.
The Tesla hack experiment and its results were eye-opening for the autonomous vehicles sector – the danger is real and rising as more and more vehicles are depending on GNSS technology as part of their sensors for assisted or automated driving. Up to 97% of new vehicles since 2019 incorporate GNSS receivers and most if not all are still vulnerable to the same spoofing attacks presented in this research.
In January 2021, the UN’s World Forum for Harmonization of Vehicle Regulations (WP.29) issued Regulation No. 155, which sets guidelines for cybersecurity in the automotive industry with the goal of addressing every possible cyber threat that it might encounter. Annex 5 of the regulation defines cyber attacks and states that in order to get approvals in the future vehicle manufacturers will need to provide solid evidence that their vehicles are sufficiently protected against them.
Among the cyber threats mentioned in the Annex is spoofing of data received by the vehicle — both sybil spoofing attacks and spoofing of messages. The Annex also lists the appropriate protection that vehicle manufacturers should implement and states that vehicle manufacturers will be required to provide evidence of the effectiveness of the mitigation measures they choose. These upcoming regulatory requirements can make the difference between life and death in situations caused by GNSS spoofing and ensure that only reliable and resilient positioning is used within vehicles, both today and in the future.
Please note: Tesla released a statement saying that it is “taking steps to introduce safeguards in the future which we believe will make our products more secure against these kinds of attacks.” Regulus Cyber researchers did not perform any further experiments with Tesla Model 3 since this research was published two years ago.
See the Tesla GPS spoofing experiment from the driver’s point of view:
“Crime is common. Logic is rare. Therefore, it is upon the logic rather than upon the crime that you should dwell.”
“Data! Data! Data!” He cried impatiently. “I can’t make bricks without clay.”
— Sherlock Holmes, “The Adventure of the Copper Beeches,” Sir Arthur Conan Doyle
Watson is to Holmes what information is to intelligence. Watson could listen to the client story, observe the situation, and recite to Holmes all the relevant facts, but he lacked the ability to string together the seemingly random pieces of information into a coherent chain of events leading to the correct hypothesis. A computer can become a Watson, but it takes a human to be Sherlock; however, a human misguided by cognitive biases will end up as Inspector Lestrade, always coming to the wrong conclusion.
When it comes to data, the analogy of drinking from a fire hose is an understatement. Consider that a digital image can be terabytes in size and every day millions of images are taken. Facebook generates 4 petabytes of data daily, and each day there are 500 million tweets and 306 billion emails. Additionally, there are 20 billion connected devices. Combined, the world creates 2.5 quintillion bytes of data every day. If a grain of sand represents a byte of data, then every three days more data is created than there are grains of sand on the Earth, and it is only increasing.
Somewhere in all that data are signals. Real-time threat intelligence systems are looking for those signals before the next huge event occurs. It is a high-stakes hunt for Leviathan, except that Leviathan is only a packet of sand traveling at lightspeed through a cloud obscured by dust.
Nellis Air Force Base takes part in Red Flag 15-2 at its Combined Operations Center in 2015. (Photo: Senior Airman Thomas Spangler/U.S. Air Force.)
Interpreting a Signal
The massive volume, variety and velocity of continuously flowing data far surpasses the ability of humans to process. It exceeds the bandwidth most systems can handle. And it quickly overwhelms the capacity to store, manage and act on the information in a timely and cost-effective manner. Resources are not infinite. The best model to handle an overwhelming amount of data is the human brain. Humans are biological sensors. Every moment of every second of our lives, our bodies are receiving an endless stream of stimuli from internal and external sources. Most of this stimuli registers at an unconscious level, and as long as the stimuli is normal and expected, it goes unnoticed by the conscious mind. If, however, any discomfort is experienced, the conscious mind is notified. Then that becomes the focus until normalized. Externally, the same applies to computer data systems. Normal conditions are ignored, but if there is something unusual, such as a loud constant noise, or a colder than normal temperature, it draws all the processing attention.
In the realm of intelligence that is basically how things function. Algorithms are written to learn the normal patterns of life and to identify specific events, words, names, etc. As long as data is within normal parameters, it gets little attention, but as soon as an anomaly exceeds a threshold or something triggers the algorithm, it will immediately be brought to the attention of the intel center. An example can be viewed on the Global Incident Map dashboard. I encourage you to sign up for a free 72-hour membership. If you want to see what real news looks like, this would be a sampling. The number of real incidents that happen across the country and around the world that you never hear about, many of them hair-raising and all of them open source, add to the few stories the media has been able to tell about cyber attacks. Scroll down the page. There are many filters, but I recommend turning them all off to see the full extent of information. Clicking on an incident will drill down into the actual source so you can read about it more thoroughly.
Below is the U.S. Army’s real-time critical incident dashboard called the Joint Analytic Real-Time Virtual Information Sharing System (JARVISS). It tracks and monitors activity near U.S. Army installations and standalone assets of interest around the world.
Another dashboard for cyberattacks is Check Point, which shows just how aggressive cyberthreats are throughout world. Here, you can see the patterns of coordinated attacks. A war is underway. The soldiers are cyberwarriors. No country is safe. View the Live Cyber Threat Map.
JARVISS is designed to target criminal activity and provide natural disaster information in and around Army installations and stand-alone facilities, as well as COVID-19 threats. (Image: Steve Gardner/U.S. Army}
Fast Analysis in Real Time
Monitoring this information, analysts look for connections. If a plane veers off its flight path, the local operations center is notified. An automatic query shows if any critical-infrastructure assets or other important structures and facilities are in the area. The analyst can immediately find out the type of aircraft, the call sign, who the plane is registered to and who filed the flight plan. Weather radar can be overlaid to see if that is a possible reason for the deviation. Incident reports can be displayed in real time within the area of interest, along with social media feeds and other sources of communication. Traffic patterns can be displayed.
The important question that needs to be answered is whether this is a potential threat. Is there a connection to anything going on anywhere else? A dossier is developed on the person who filed the flight plan, the one who is assumed to be the pilot and the person or organization to which the plane is registered. All of this is being done in a matter of minutes, while the airplane either returns to its flight path or continues its diversion. The air traffic control tower is contacted to share information on the aircraft and its deviation. If the tower does not have an answer, it will radio the pilot for an answer. The passenger and crew manifest also are analyzed. All the data that can be pulled together — including the remaining fuel burn and the aircraft performance limitations — are analyzed.
Patterns emerge from the data. These patterns lead backwards to a cause and forward toward the end result. Finding those clues in the data requires a team of specialists from six primary intelligence disciplines.
An imagery intelligence analyst brings in the live-streams and remote sensing.
A human intelligence analyst seeks motivating factors and ways to deescalate the situation.
A measurements and signatures intelligence specialist defines the operating limitations and the mechanics and science particular to the scenario.
An open-source intelligence analyst accesses and queries open-source data sets to provide clues.
A signals intelligence specialist focuses on the communications and electronic signatures.
A geospatial intelligence analyst brings it all together and provides spatial context through the map the team uses that shows the events unfold in real time.
These analysts and sometimes many others will collect all these pieces of information and turn them into intelligence that decision-makers can use to take action. That is the purpose of intelligence; as CIA veteran Richard Heuer stated, “Intelligence seeks to illuminate the unknown.”
Fortunately, most alerts turn out to be false positives, but every one of them is treated as if it were “the one.” These false positives turn out to be excellent, real-world exercises that hone the skills of the team and wire the brain for speed. These events can last mere minutes or several hours. It’s an adrenaline rush.
To explore live streaming data feeds, Esri has a growing volume of data in its ArcGIS Living Atlas.
“My mind rebels at stagnation. Give me problems, give me work, give me the most abstruse cryptogram, or the most intricate analysis, and I am in my own proper atmosphere…”
— Sherlock Holmes, “The Sign of the Four,” Sir Arthur Conan Doyle
William Tewelow works for the Federal Aviation Administration. He is a graduate of a management fellowship program. While on special assignment to the U.S. Department of Transportation William led the project to crowdsource the National Address Database for the White House Open Data Partnership. He is a Geographic Information Systems Professional (GISP) and a Maryland Scholar STEMnet Speaker. He has a degree in Geographic Information Technology and Intelligence Studies from American Military University and is currently earning a degree in Organizational Leadership. William retired from the U.S. Navy after serving 23 years as a Geospatial and Imagery Intelligence Specialist, a Naval Aviator, a Meteorologist, and a Tactical Oceanographer. He was among the first in the nation to earn a Geospatial Specialist Certification from the U.S. Department of Labor while working at NASA Stennis Space Center in Mississippi. He is married, enjoys traveling, solving problems, playing with data, and fascinated by new technology and historical context. His favorite quote is, “A man’s mind changed by a new idea can never go back to its original dimension.” ~ Oliver Wendell Holmes
PNT services, such as GPS, are a national critical function that enable many applications within the critical infrastructure sectors. However, “The increasing reliance on GPS for military, civil and commercial applications makes the system vulnerable,” according to Space Policy Directive-7 (SPD-7), issued Jan. 15. “GPS users must plan for potential signal loss and take reasonable steps to verify or authenticate the integrity of the received GPS data and ranging signal, especially in applications where even small degradations can result in loss of life.”
The PNT Integrity Library and Epsilon Algorithm Suite address this issue by providing users a method to verify the integrity of the received GPS data. “We are excited to release these resources to the PNT community to improve resiliency against potential GPS signal loss,” said DHS S&T PNT Program Manager Brannan Villee.
“Since GPS signals can be jammed or spoofed, critical infrastructure systems should not be designed with the assumption that GPS data will always be available or will always be accurate,” said Jim Platt, chief of Strategic Defense Initiatives at the Cybersecurity and Information Security Agency (CISA) National Risk Management Center. “Application of these tools will provide increased security against GPS disruptions. However, DHS also recommends a holistic defense strategy that considers the integrity of the PNT data from its reception through its use in the supported system.”
The PNT Integrity Library and Epsilon Algorithm Suite are open source and available free of charge. To view more details, visit the DHS S&T PNT Program.
NIST’s new cybersecurity profile is designed to help mitigate risks to systems that use PNT data, including finance, transportation, energy and other critical infrastructure. While its scope does not include ground- or space-based PNT source signal generators and providers (such as satellites), the profile still covers a wide swath of technologies. (Image: B. Hayes/NIST)
The National Institute of Standards and Technology (NIST) has drafted guidelines for applying its Cybersecurity Framework to critical technologies such as GPS that use positioning, navigation and timing (PNT) data. Part of a larger NIST effort to safeguard systems that rely on PNT data, these cybersecurity guidelines accompany NIST efforts to provide and test a resilient timekeeping signal that is independent of GPS.
Formally titled the “Cybersecurity Profile for the Responsible Use of Positioning, Navigation and Timing (PNT) Services (NISTIR 8323),” the new guidelines are designed to help mitigate cybersecurity risks that endanger systems important to national and economic security, including those that underpin modern finance, transportation, energy and additional economic sectors.
The draft profile is part of NIST’s response to the Feb. 12, 2020, Executive Order on PNT. In early 2020, NIST sought public input regarding the general use of PNT data. The PNT profile will join the growing list of profiles created to help apply the NIST Cybersecurity Framework to particular economic sectors, such as manufacturing, the power grid and the maritime industry. The scope of the profile includes any system, network or other asset that uses PNT services, including systems that receive and rebroadcast PNT data.
While its scope does not include ground- or space-based source PNT signal generators and providers (such as satellites), the profile still covers a wide swath of technologies. Partly for this reason, NIST’s Jim McCarthy said that it is intended to be a foundational set of guidelines that PNT users can customize.
“The profile is meant to help a broad set of users address their cybersecurity needs,” said McCarthy, one of the draft’s authors. “Rather than focus on a single economic sector, we designed it to apply to all users of PNT. Agencies and companies can tailor it to their needs based on their particular cybersecurity risk and other sector-specific factors.”
As directed by the Executive Order, the profile can help organizations accomplish four tasks:
identify systems that use PNT data, and/or that propagate this data based on a source signal
identify PNT data sources, such as a GPS signal
detect disturbance to and manipulation of systems that use PNT services
manage the risks that come with responsible use of these PNT services
“Our premise is that there are organizations that may not realize they are using PNT data, or know how they are using it,” McCarthy said. “Part of our goal is to help them make these connections so they can protect their operations more effectively.”
The Executive Order also delegates to the Department of Commerce the critical task of providing a source of Coordinated Universal Time (UTC) that is independent of GPS. To this end, NIST also recently conducted initial tests of a special calibration service for companies, utilities or other organizations that wish to receive NIST’s version of the global time standard, UTC(NIST), through commercial fiber-optic cable.
The service aims to provide a time reference directly traceable to UTC(NIST) with an accuracy of 1 microsecond — good enough for telecom networks, the power grid and financial markets, and thereby boosting the resilience of accurate time distribution and the infrastructure sectors and subsectors that use timing services.
The initial link is a collaboration between NIST and OPNT, a commercial time-service provider based in Amsterdam, the Netherlands. While the work was led by researchers at NIST’s Boulder, Colorado, campus, the dedicated optical fiber connects the reference time scale at NIST headquarters in Gaithersburg, Maryland, to a facility in McLean, Virginia, that will ultimately serve as the hub for East Coast distribution of timing data.
OPNT has extended the initial fiber link to Atlanta, Georgia, about 800 kilometers from McLean. Preliminary data suggest that this link will be able to support the requirements of the Executive Order.
While connected cars provide wonderful advantages, their integration with cloud connectivity come with a heightened risk for cyber attacks.
Commentary by Alexander Meisel
When it comes to connected cars, automakers are innovating fast. Consumers are experiencing increasing amounts of futuristic features, be they passenger connectivity, automated speed regulation or autonomous driving capabilities.
However, these innovations and their integration with cloud connectivity come with a heightened risk for cyber attacks. A recent study conducted by U.K. self-driving hub organization Zenzic found that becoming cyber-resilient will be the biggest technical obstacle to successfully deploy self-driving cars on roads by 2030. This mountain will be a big one to surmount, and it’s only growing in size: The auto industry has seen a 94% year-over-year increase in hacks since 2016.
How can automakers prioritize security while keeping up with the demand for innovation in today’s connected cars?
Carmakers must consider security from day one
To make sure that security is built into the very foundations of a car, automakers must make it a priority from the first day of design. This focus is lacking amongst carmakers at the moment. In fact, 19% respondents to one survey said they don’t do enough security testing in the design phase, and only 28% said that they do a lot of the testing during the design stage.
Automakers can use design principles to build in security from the outset. For example, the principle of complete mediation allows for enhanced security as it ensures that a software stem “requires access checks to an object each time a subject requests access.” This means that attackers are only invited to exploit a system on one single occasion due to checks on subjects’ permissions.
Carmakers can also ensure that they are not sacrificing security by considering its importance when purchasing components from separate suppliers. These components must be specific enough to enable security in the system, but generic enough to allow for innovation.
Automakers must make cybersecurity a priority from the first day of design.
Here, companies can leverage the software engineering principle of interface segregation. This means that a shrunken, clear interface should be supplied by the vendor, so that the customer only uses the methods that are of interest to them.
In turn, this allows systems to remain decoupled and thus easier to then build a rich interface on top of. However, carmakers will have to stay on top of the security of the part in the development phase, and ensure that dormant functions are not abused by at least logging their execution once somebody tries to call them out of context.
Developers and cybersecurity experts must become a core part of the team
Software development is relatively new territory for carmakers. Now, cybersecurity is a key component of building connected cars, and automakers need to embrace developers that have expertise in this area and make them part of the core team.
This cultural change must be championed by the business leaders to allow car security to advance alongside the innovative features that the industry is building. This can be done by implementing DevSecOps ideology into the team, in order to “build the mindset that everyone is responsible for security.”
Car development teams will likely need a group of cybersecurity experts who can educate the rest of the developers and are willing to participate in the development process in order to check and implement safe and secure functions. If a company doesn’t have this kind of expertise in-house, they can partner with an expert third-party to help them along this journey.
Innovation and security can complement each other
Cybersecurity doesn’t mean sacrificing feature innovation: developments are being made in the field of security too, such as biometric technologies that can be integrated into car design.
For example, Blackberry’s QNX technology “has built in concepts for hardware and software trust validation, hypervisor to maintain a separation between the safety critical and infotainment systems, and a core operating system which passes all the functional safety standards,” according to the company’s senior VP SVP, head of QNX, John Wall. Innovation need not suffer at the hands of security, and vice-versa.
Potential AV thieves would first look to use GPS data to disable or falsify a car’s GPS system, making it untraceable.
In addition, the world’s leading electric vehicle provider, Tesla, ensures security in its cutting-edge, connected cars by sending security updates to cars’ operating systems overnight, and even providing awards for hackers that manage to hack its cars.
Looking ahead to the possibilities of autonomous vehicles (AV) that can drive passengers without needing to have their owner inside, innovation in GPS will be necessary to ensure security and accountability of the car. Potential AV thieves would first look to use GPS data to disable or falsify a car’s GPS system, making it untraceable.
However, carmakers can make this impossible for hackers by not just logging the data in its raw form, but also combining it with other car data using cryptographic algorithms. This ensures that the GPS data remains traceable even after the hardware has been taken apart and sold on the auto-parts black market. In this way, the signature of the original data combined with the GPS position adds an additional layer of security.
Integrating security into connected car design is no simple feat, but it’s a necessary one for carmakers that want to ensure the safety of their passengers while on the roads. By using design principles, diversifying expertise within development teams, and understanding that security and innovation need not be a trade-off, they can do just that.
Alexander Meisel is an automotive cybersecurity engineer at intive. He has a computer networking diploma from Hochschule Furtwangen University, and he has served as a CTO and Development Team Director in previous companies. He has experience with venture capital, successful M&As, and product and technical marketing strategies. He is also a public speaker at technical conferences and trade shows.
By Alexander Meisel, automotive cybersecurity engineer at intive
Alexander Meisel
When it comes to connected cars, automakers are innovating fast. Consumers are experiencing increasing amounts of futuristic features, be they passenger connectivity, automated speed regulation, or autonomous driving capabilities.
However, these innovations and their integration with cloud connectivity come with a heightened risk for cyber attacks. A recent study conducted by U.K. self-driving hub organization, Zenzic, found that becoming cyber-resilient will be the biggest technical obstacle to successfully deploy self-driving cars on roads by 2030. This mountain will be a big one to surmount, and it’s only growing in size: The auto industry has seen a 94% year-over-year increase in hacks since 2016.
So, how can automakers prioritize security while keeping up with the demand for innovation in today’s connected cars?
Carmakers must consider security from day one
To make sure that security is built into the very foundations of a car, automakers must make it a priority from the first day of design. This focus is lacking amongst carmakers at the moment. In fact, 19% respondents to one survey said they don’t do enough security testing in the design phase, and only 28% said that they do a lot of the testing during the design stage.
Automakers can use design principles to build in security from the outset. For example, the principle of complete mediation allows for enhanced security as it ensures that a software stem “requires access checks to an object each time a subject requests access.” This means that attackers are only invited to exploit a system on one single occasion due to checks on subjects’ permissions.
Carmakers can also ensure that they are not sacrificing security by considering its importance when purchasing components from separate suppliers. These components must be specific enough to enable security in the system, but generic enough to allow for innovation.
Here, companies can leverage the software engineering principle of interface segregation. This means that a shrunken, clear interface should be supplied by the vendor, so that the customer only uses the methods that are of interest to them. In turn, this allows systems to remain decoupled and thus easier to then build a rich interface on top of. However, carmakers will have to stay on top of the security of the part in the development phase, and ensure that dormant functions are not abused by at least logging their execution once somebody tries to call them out of context.
Developers and cybersecurity experts must become a core part of the team
Software development is relatively new territory for carmakers. Now, cybersecurity is a key component of building connected cars, and automakers need to embrace developers that have expertise in this area and make them part of the core team.
This cultural change must be championed by the business leaders to allow car security to advance alongside the innovative features that the industry is building. This can be done by implementing DevSecOps ideology into the team, in order to “build the mindset that everyone is responsible for security.”
Car development teams will likely need a group of cybersecurity experts who can educate the rest of the developers and are willing to participate in the development process in order to check and implement safe and secure functions. If a company doesn’t have this kind of expertise in-house, they can partner with an expert third-party to help them along this journey.
Innovation and security can complement each other
Cybersecurity doesn’t mean sacrificing feature innovation: developments are being made in the field of security too, such as biometric technologies that can be integrated into car design.
For example, Blackberry’s QNX technology “has built in concepts for hardware and software trust validation, hypervisor to maintain a separation between the safety critical and infotainment systems, and a core operating system which passes all the functional safety standards,” according to the company’s senior VP SVP, head of QNX, John Wall. Innovation need not suffer at the hands of security, and vice-versa.
In addition, the world’s leading electric vehicle provider, Tesla, ensures security in its cutting-edge, connected cars by sending security updates to cars’ operating systems overnight, and even providing awards for hackers that manage to hack its cars.
Looking ahead to the possibilities of autonomous vehicles (AV) that can drive passengers without needing to have their owner inside, innovation in GPS will be necessary to ensure security and accountability of the car. Potential AV thieves would first look to use GPS data to disable or falsify a car’s GPS system, making it untraceable.
However, carmakers can make this impossible for hackers by not just logging the data in its raw form, but also combining it with other car data using cryptographic algorithms. This ensures that the GPS data remains traceable even after the hardware has been taken apart and sold on the auto-parts black market. In this way, the signature of the original data combined with the GPS position adds an additional layer of security.
Integrating security into connected car design is no simple feat, but it’s a necessary one for carmakers that want to ensure the safety of their passengers while on the roads. By using design principles, diversifying expertise within development teams, and understanding that security and innovation need not be a trade-off, they can do just that.
Alexander Meisel is an automotive cybersecurity engineer at intive. Alexander has a Computer Networking diploma from Hochschule Furtwangen University, and he has developed as a CTO and Development Team Director in previous companies. He has experience with venture capital, successful M&As, product and technical marketing strategies. Meisel is also a public speaker at technical conferences and trade shows.
