By Alan Cameron with Logan Scott
‘We have virtually no defense against the cyber attacks that are targeting us now, and will be in the future.”
Richard Clarke served three U.S. presidents as counter-terrorism czar. He wrote a fascinating — and terrorizing — article in the April issue of Smithsonian magazine, from which comes that quote. I posted it on my LinkedIn page and asked for input for this editorial.
RF and signal-processing consultant Logan Scott, also an occasional author in these pages, sent in the following. I love it when people do my work for me.
Scott writes that “Richard Clarke says about cyber-defense: ‘I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it . . . . That’s denial.’
“This certainly looks to be the case for GNSS. Looking into the future, if we continue our current civil GPS security policies, I think ‘woulda, coulda, shoulda’ will someday nicely summarize our feelings. GPS-derived time plays key roles in high-speed trading (~70% of all market transactions). GPS timing already synchronizes power-generation facilities, albeit not in the U.S. GPS-derived location plays a foundational role in air traffic control worldwide. Shipping containers and their cargo are routinely secured using GPS-derived location monitoring and geofencing.
“So how do we secure civil GPS? Mostly, we don’t. Simple situation awareness regarding jamming and spoofing is not present in most GPS receivers. Instead, we plan on having the cavalry ride to the rescue should some problem occur. This will work about as well as it did for Custer at Little Bighorn. The battle will be over before the response is mounted; our response will be mainly forensic in nature. Basic, test-based performance standards are needed so non-expert users can select adequate receivers.
“Even more fundamentally, we do not have the capability to authenticate and prove location to second parties. This could play a huge role in improving cybersecurity where one of the central problems is attribution. Knowing where the attack came from, we can add a layer to our defenses. ICS/SCADA commands from unauthorized locations could be rejected. Techniques for creating authenticatable location signatures are available, but due to funding shortsightedness, we continue to launch generation after generation of GPS satellite without these features. Supply-chain integrity could also be improved: in the future, parts could be stamped with their location and time of manufacture.
“We still have the opportunity to change ‘woulda, coulda, shoulda’ to a more favorable ‘Veni, vidi, vici’ — but the window of opportunity is closing.”
Letter to the Editor
In your March editorial, “The Fire Next Time,” you ask for suggestions to protect against another LightSquared encroachment. The solution is remarkably simple. Just let the same bandwidth be used for space downlink as it was originally intended. That would be both innocuous to GPS receivers and, more importantly, stake the ground against future challenges like LightSquared.
— Alan Browne