GPS World

Tag: Resilient PNT Conformance Framework

  • Right on time: Protecting critical infrastructure against threats

    Right on time: Protecting critical infrastructure against threats

    Managing live sky and terrestrial time sources to protect critical infrastructure against cybersecurity threats

    By Greg Wolff, Microchip Technology

    Critical public infrastructure systems that rely on GNSS for reception of positioning, navigation and timing (PNT) data have been identified by national security agencies across the globe as potential cybersecurity attack vectors. Late in 2020, the U.S. Department of Homeland Security (DHS) published the “Resilient PNT Conformance Framework” guidelines, providing a common reference point to help critical infrastructures become more resilient to PNT attack threats. Within the framework, a cybersecurity approach has been proposed.

    Prevent. In this first layer of defense, threats are prevented from entering a system. However, it must be assumed that it is not possible to stop all threats.

    Respond. Atypical errors or anomalies are detected and action taken, such as mitigation, containment and reporting. The system should ensure an adequate response to externally induced, atypical errors before recovery is needed.

    Recover. The last line of defense is returning to a proper working state and defined performance.

    Figure 1. The four levels of resilience defined in the DHS “Resilient PNT Conformance Framework” guidelines. (Image: Microchip)
    Figure 1. The four levels of resilience defined in the DHS “Resilient PNT Conformance Framework” guidelines. (Image: Microchip)

    Four Levels of Resilience

    Based on the Prevent-Respond-Recover cybersecurity model, the PNT Conformance Framework document describes four levels of resilience. Note that the resilience levels build upon each other — Level 2 includes all enumerated behaviors in Level 1, and so forth.

    The framework provides a clear set of PNT resilience guidelines for equipment, whether at the silicon, module or system level. Although the framework is not specific to the use of GNSS, much of the focus has centered on GNSS vulnerabilities and the ability to be resilient to GNSS outages, whether caused by unintentional disruptions or intentional threats. However, the GNSS resiliency of specific equipment or technology does not fully address the needs of critical infrastructure operators who are managing the use of PNT services over large geographical areas.

    Critical Infrastructure Expansion

    Critical infrastructure is typically constructed in a tiered manner, beginning with a set of core sites connected to secondary sites that are ultimately connected to remote sites. With the rollout of 5G networks, densification and massive deployment of wireless access points will improve coverage and enable higher bandwidths to support the internet of things (IoT) and related services. However, this massive scale of access points will also require accurate timing at a much larger number of endpoints.

    Within the power utility infrastructure, the power grid is being augmented and expanded with alternative energy sources, such as solar and wind. The modernized smart grid is a highly distributed architecture that is dependent on accurate timing for coordination, monitoring and logging of data for operation and identification of power-outage fault detection. Additionally, power utilities rely on timing services for communications and transport of telemetry data throughout their entire operations.

    To date, GNSS has been the go-to source for timing, creating an exponential increase in the dependency on GNSS. Because of this massive dependency, the impact of errors or interruptions today is more significant than ever before.

    Figure 2. Example view of timing network at data centers across the globe. (Image: Microchip)
    Figure 2. Example view of timing network at data centers across the globe. (Image: Microchip)

    Terrestrial Time Distribution

    As an alternative for delivering accurate time to large numbers of locations and reducing dependency on GNSS, critical infrastructure operators are turning to the use of terrestrial distribution using packet protocols so that high accuracy distribution can be achieved using Precision Time Protocol (PTP).

    The virtual Primary Reference Time Clock (vPRTC) is a highly secure and resilient network-based timing architecture developed to meet the expanding needs of modern critical infrastructures. The vPRTC is simple in concept. It blends proven timing technologies into a centralized and protected source location, and then uses commercial fiber-optic network links and advanced IEEE 1588 PTP boundary clocks to distribute 100-ns PRTC timing where it is needed in end points that might be hundreds of kilometers away.

    Just as a GNSS-satellite-based timing system distributes timing to end points using open-air transmission, the vPRTC distributes timing using a terrestrial (typically fiber) network. The difference is that the operator remains 100% in control of the network and can secure it as necessary. This network-based timing is referred to as trusted time. It can be distributed as the primary source of timing or it can be deployed as a backup to GNSS timing solutions.

    Even with the many reliability and security benefits of the vPRTC approach, however, sole dependency on terrestrial time can become a single point of failure, just like a strategy dependent solely on GNSS. Because of this, critical infrastructure operators are deploying architectures that use both GNSS and terrestrial time. To do this effectively, operators find themselves with the need to have centralized management and visibility of both key sources of time. Further, to deliver on the promise of timing resiliency, a unified management system needs to include capabilities that can deliver a cybersecurity solution encompassing the Prevent-Respond-Recover DHS security guidelines across all nodes of the timing network.

    Figure 3. A measurement of phase difference between GNSS time and terrestrial time. (Image: Microchip)
    Figure 3. A measurement of phase difference between GNSS time and terrestrial time. (Image: Microchip)

    Unified Time Management

    Having a bird’s eye view of all nodes of a timing network is essential for providing timing security and resiliency. In the case of a GNSS anomaly or terrestrial time instability, when a problem occurs the most immediate need is to quickly identify whether the event is isolated to a specific location, affects a region, or in some cases is caused by a global situation. A centralized management and monitoring system provides a green, yellow and red threat-status indication representing different locations of interest. It is a simple way for operators to know the overall health of their timing infrastructure.

    When problems surface, critical infrastructure operators next need visibility of “observables” that can quickly isolate the root cause. With today’s timing networks relying on both GNSS time and terrestrial time, the ability to see observables that represent both timing sources in a unified manner is critical.

    GNSS Observables

    Multipath interference, weather anomalies, jamming and spoofing are terms commonly used when referring to GNSS vulnerabilities. Gaining insights (visibility) into the details to identify the root cause, however, requires more specific characterization of the signal.

    Visibility into the quality of GNSS reception is accomplished by monitoring GNSS observables. Table 1 provides a sample of key GNSS observables that can be tracked and monitored.

    Table 1. Sample of key terrestrial time GNSS observables.
    Table 1. Sample of key terrestrial time GNSS observables.

    Terrestrial Time Observables

    Characterizing the quality of terrestrial time requires time measurements between equipment interconnections within a single location (intra-office) or across nodes of a network (inter-office) — for example, comparison of equipment inputs and outputs or comparison of signals at different sites.

    Additionally, with the standardized use of PTP, the ability to evaluate network timing packet metrics is needed to verify time transfer from location to location. Terrestrial time performance calls for a different set of observables to be made visible and monitored. Table 2 provides a sample of key terrestrial time observables.

    When managing a large geographical area, being able to measure the phase difference between GNSS time and terrestrial time at multiple locations simultaneously enables an operator to determine how well these two sources of time compare. As described previously, critical infrastructure operators are ultimately in need of resiliency, which can best be achieved using both time sources.

    Measuring the two sources against each other at multiple locations creates the highest level of trust knowing that these independent time sources are well aligned.

    Table 2. Key terrestrial time observables that must be made visible and monitored.
    Table 2. Key terrestrial time observables that must be made visible and monitored.

    Conclusion

    With cooperation from industry, standards organizations and government organizations such as DHS, the use of timing services has become recognized as a foundational technology for critical infrastructure operations. Leveraging industry-standard cybersecurity models will help strengthen and harden timing equipment.

    Although equipment resiliency is vital, having a bird’s eye view of timing performance across the entire network is the starting point for providing complete network visibility that is critical to providing timing security and resiliency. To deliver on the promise of timing resiliency across critical infrastructure, operators need a unified management system that enables simple and complete visibility of both GNSS and terrestrial time observables.

    With a unified management of these two timing sources, operators have a platform to apply Prevent-Respond-Recover to timing threats and achieve the highest levels of resiliency and cybersecurity protection.

    Greg Wolff is senior product line manager of Frequency & Time Systems at Microchip Technology. He has worked in the time and frequency industry since 1988 and was an early pioneer in the marketing of network synchronization solutions to major critical infrastructure operators across the globe. He is an active contributor to emerging standards supporting PNT resiliency and most recently, as part of Microchip Technology’s Frequency and Time Systems group, launched the BlueSky GNSS Firewall. He holds a degree in engineering science from California Polytechnic State University – San Luis Obispo.

    Image: gremlin/E+/Getty Images
    Image: gremlin/E+/Getty Images
  • ADVA boosts PNT resilience with new software release

    ADVA boosts PNT resilience with new software release

    Photo: ADVA
    Photo: ADVA

    Upgraded range of synchronization solutions now includes enhanced PNT resiliency against jamming and spoofing attacks and cyberthreats

    ADVA has announced a new software release of its core and edge timing technology, to provide higher levels of positioning, navigation and timing (PNT) security and resilience to synchronization networks. The new release follows the Resilient PNT Conformance Framework issued by the U.S. Department of Homeland Security (DHS).

    The upgraded series of PTP grandmaster clock solutions now enables operators to automatically harness public key infrastructure. Along with enhanced certificate management, this delivers more robust security and removes complexity, the company said.

    ADVA’s core and mid-sized PTP grandmaster devices now also integrate enhanced aPNT+ technology, providing advanced jamming and spoofing detection as well as mitigation with automatic switchover in the event of cyberattacks.

    The software replaces costly hardware devices previously used for PNT protection and achieves enhanced DHS Level 4 Resiliency in PNT self-survivability, the highest in the industry. The new software release also supports 100 Mbit/s over fiber for interconnectivity with optical timing channels from third-party vendors as well as support for PTP profiles for a wide range of industries.

    “Today’s timing networks require greater accuracy than ever before. But mission-critical national networks need improved resilience and security as defined by the latest standards. With our trusted PNT assurance solutions, we’re providing the GNSS protection and cybersecurity that today’s operators need to meet current and future challenges,” said Gil Biran, GM of Oscilloquartz, ADVA. “From phase synchronization in critical national infrastructure to traceable timestamping in financial networks, highly precise and protected timing is key to successful operations. This upgrade sets a new standard for secure synchronization and delivers it to more networks than ever before.”

    The new 11.1.1 software release features upgrades to ADVA’s comprehensive range of Oscilloquartz edge timing products, the OSA 5412/22 series, as well as its core synchronization devices, the OSA 5430/40 series. The solutions now provide multi-layered security for synchronization infrastructure through improved certification management and PKI.

    As part of ADVA’s intelligent and scalable assured PNT platform, the ADVA aPNT+, the solutions also feature innovation for detection of spoofing and jamming as well as countermeasures to prevent service disruption. With PTP capabilities for new verticals, including the PTP broadcast profiles (SMPTE ST-2059-2/AES67), the new release will bring precise, reliable synchronization to many new customers.

    Further information is available in these slides.

  • DHS offers resources to protect critical infrastructure from GPS vulnerabilities

    DHS offers resources to protect critical infrastructure from GPS vulnerabilities

    DHS logoThe U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has published a GPS Receiver Whitelist Development Guide and a new release of the Positioning, Navigation, and Timing (PNT) Integrity Library to protect against GPS spoofing.

    The free resources are intended to advance the design of PNT systems and increase resilience of critical infrastructure to PNT disruptions.

    The GPS Whitelist Development Guide presents a software assurance approach to addressing potential vulnerabilities and increasing reliability of GPS receivers. The guide addresses data-related requirements in the Resilient PNT Conformance Framework, which provides guidance for defining expected behaviors in resilient PNT equipment.

    “We hope this guide and related resources will help industry advance towards a cybersecurity-based approach to PNT resilience,” said S&T Technical Manager Ernest Wong.

    Originally released in March 2021 as open source on GitHub, the PNT Integrity Library provides users with a method to verify the integrity of the received GPS data. The update includes:

    • A compliance check on Interface Control Document (ICD) IS-GPS-200, which is a formal means of establishing, defining and controlling communication between the GPS space and other user systems; and
    • A Do-It-Yourself (DIY) Toolkit, which describes how a perspective end-user of the PNT Integrity Library can assemble a demonstrational toolkit with commercial-off-the-shelf (COTS) hardware.

    “Since GPS signals can be jammed or spoofed, critical infrastructure systems should not be designed with the assumption that GPS data will always be available or will always be accurate,” said S&T Project Manager Brannan Villee. “Application of these tools will provide increased security against GPS disruptions. However, DHS also recommends a holistic defense strategy that considers the integrity of the PNT data from its reception through its use in the supported system.”