VIEWPOINT SPACE

GPS Spoofing Incident Points to Fragility of Navigation Satellites

8/22/2017
By Dana Goward

Photo: NASA

A relatively innocuous safety alert from the U.S. Maritime Administration last month belied the dramatic impact upon vessel navigation in the area.

“A maritime incident has been reported in the Black Sea in the vicinity of position 44-15.7N, 037-32.9E on June 22, 2017 at 0710 GMT. This incident has not been confirmed. The nature of the incident is reported as GPS interference. Exercise caution when transiting this area.”

The advisory was the result of a report to the U.S. Coast Guard from the master of a commercial vessel. Though safely 25 miles off shore in the Black Sea, for several days the ship’s GPS receiver showed it to be at an airport several miles inland. Perhaps more disturbing, the receiver showed its location accuracy to be within 100 meters.

Over 20 vessels were reported to have similar problems at the same time and place in late June.

Compounding the problem, the ship’s AIS anti-collision system, which uses location from GPS to display the locations of other vessels, showed multiple “ghost ships” where there were none.

Analysis of other information provided by the ship’s master has led navigation experts to conclude that the vessels’ GPS systems were being deliberately deceived, or spoofed, by false GPS-like signals.

Denying GPS service in a given area by transmitting a stronger signal on the same frequency, also known as jamming, is fairly easy. GPS signals are very weak, even compared to other satellite systems, and illegal jammers can be easily purchased online. Prices start at around $50 and increase with the size of the desired impact area.

Spoofing a receiver, or forcing it to display false information, is a bit more difficult. Many believe that this was done by Iran in 2011 when it captured a CIA drone operating next door in Afghanistan.

This belief was reinforced early the next year when a professor at the University of Texas demonstrated how it could have been done with a remotely controlled helicopter.

Until a hackers’ convention in 2015, reports of spoofing had been rare. At that event, a Chinese researcher gave step-by-step instructions on how to build a spoofing device and sold kits for about $300. Several months later, U.S. Customs and Border Protection announced its drones were being spoofed by drug cartels, and reports of spoofing began to increase.

The source and reasons for the incident in the Black Sea remain unknown, though for years there have been reports of GPS signal disruption in and around Russia.

Moscow has been very open about its ability to frustrate U.S. and other forces by disrupting GPS. The Kremlin announced in 2016 that it had equipped over 250,000 cell towers with GPS jamming devices as a defense against attack by U.S. missiles. It has also boasted that its GPS jamming and other electronic warfare capabilities “make aircraft carriers useless.” Press reports have made it clear that Russia has used its capability to regularly jam or spoof GPS signals in both Moscow and Ukraine as part of its internal security and international operations.

Other nations disrupt GPS signals for their own purposes as well. North Korea has often disrupted service in South Korea, and China has done so to counter U.S. drones in the South China Sea.

Jamming and spoofing equipment is so inexpensive to obtain and easy to use, it would be surprising if any national military did not possess some level of capability.

Jamming or spoofing GPS is not limited to nation-states. Terrorist groups, criminal organizations, even privacy seeking citizens, all have been found using illegal, but easy to obtain and operate, GPS jammers and spoofers. In one infamous case, a delivery driver attempting to defeat his employer’s fleet tracking system routinely disrupted landing equipment at Newark International Airport as he drove past on Interstate 95. It took federal and state authorities months to figure out what was going on and to catch him in the act. He is reported to have said that he was just looking to have a little time without someone looking over his shoulder.

The June incident in the Black Sea is one of the most blatant and well-documented disruptions to date. It is the latest in a long series of events that should be keeping policy makers awake at night.

This is because virtually every technology — cell phones, IT networks, financial systems, cargo and transportation systems — relies in some degree on one or more services provided by GPS. It’s why officials at the Department of Homeland Security have called GPS a single point of failure for critical infrastructure.

A minor GPS system anomaly last year reinforced that point. When system operators removed an old satellite from service they inadvertently caused a very small, 13.7 microsecond, timing error in about half of the other satellites. This caused scattered faults and failures in receivers across industries and around the globe. Close to home, the U.S. aviation safety ADS-B system and most all the first responder radio networks in North America were among the technologies impacted.

The way to virtually eliminate this threat to America’s safety and economy has been known for quite some time — pair strong signals on a much different frequency from a terrestrial system with those from GPS satellites. The combined signals would be virtually impossible to disrupt.

In fact, the Bush administration announced that it would establish just such a system, called eLoran, in 2008. After years of delay and study, the Obama administration announced in 2015 that it had validated the eLoran decision and would build such a system to protect the nation.

Yet bureaucratic inertia and lack of accountability have resulted in nothing being done. While Russia, China, Iran, Saudi Arabia, South Korea and others have eLoran-like systems to ensure themselves against disruption of weak signals from space, America continues at great risk.

Senior executive branch officials have described a bureaucratic deadlock and told the Resilient Navigation and Timing Foundation that “this cannot be solved within the administration.”
And it probably won’t be until the danger to America has been demonstrated by an attack or disruption that makes the evening news because of all the damage it caused.

The good news is that Congress is beginning to act. A provision in the House version of the U.S. Coast Guard Reauthorization Act for 2018 directs establishment of an eLoran system to protect GPS and America. A report with the House version of the 2018 National Defense Authorization Act calls on the Departments of Defense, Transportation and Homeland Security to do a $10 million proof-of-concept demonstration for a GPS “backup and complementary system” in fiscal year 2018.

The not-so-good news is that all these provisions are “subject to the availability of appropriations” and toss the ball back to an already reluctant bureaucracy. Given the high demands upon administration budgets and staff time, without at least a little funding, no action can be expected.

But there is a bright spot. Most all those involved with this issue favor establishing the new terrestrial system through a public-private partnership. This has the potential to provide royalty-free public services to protect the nation, while also generating hundreds of millions of dollars in revenue for the government to more than offset its relatively small — as low as $10 million per year — subscription fee.

Everyone in the Congress and administration the foundation has spoken with agrees with the threat to the nation and the need for a solution. Multiple government studies have identified the best technology. With the right business model, the government can make money instead of spending it. All that remains is an empowered leader within government and a little bit of seed money to get the ball rolling.

But the administration is stuck in neutral. We need Congress’ leadership to protect America. 

Dana Goward is president of the non-profit Resilient Navigation and Timing Foundation. He is a retired senior executive service member and a retired Coast Guard captain. In his last government assignment he served as the nation’s maritime navigation authority.

Topics: Cybersecurity, Space