In early January, a new U.S. Department of Homeland Security (DHS) document appeared: “Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure.”
The document focuses on receivers used in critical infrastructure, with an emphasis on timing receivers. It provides owners, operators, researchers, designers and manufacturers with information to improve the security and resilience of PNT equipment across the spectrum of equipment development, deployment and use.
Specifically, its recommendations address:
- installation and operation strategies that can be implemented for current equipment,
- strategies that can result in more robust and resilient new and/or improved products based on existing technology and knowledge,
- research and development that can lead to improved future capabilities.
It introduces clear definitions of different categories of threats and hazards, including the new term “data spoofing.” It recommends some creative ways to install receive antennas, such as using decoy antennas and obscuring the location of the actual antennas being used, presumably to foil some spoofing attacks. It also points out that modern GNSS receivers are computers, and need to be operated and maintained with good cyber hygiene, just like other computers.
The extensive list of recommended development strategies will challenge manufacturers while informing purchasers about the features they can seek in new equipment.
Implementing these recommendations will lead to increased competence — that is, equipment that is better able to accommodate imperfect or faulty inputs, intentional or not.
The document reflects the recognition that many reported problems or difficulties with GPS could be prevented or mitigated by improvements in GPS user equipment and how it is installed and operated. It is encouraging to see DHS taking steps to remedy this situation, and important that manufacturers of timing receivers, as well as critical infrastructure owners and operators that use timing receivers, follow through on these recommendations.
The document is posted on the website for DHS’ National Cybersecurity & Communications Integration Center, National Coordinating Center for Communications-Computer Emergency Readiness Team.