It's about time - GPS spoofing a real risk

Global positioning system, or GPS, technology is now the infrastructural component underpinning all types of industries and government applications: handheld devices, critical infrastructure and all types of networks rely on GPS or other GNSS (Global Navigation Satellite Systems) for navigation and for providing accurate timing and synchronization.

In recent years, it has become apparent that reliance on external GNSS sources for timing and location data is becoming increasingly vulnerable. Spoofing incidents are now becoming common.

GPS spoofing is usually associated with false positioning data, allowing attackers to for ex. misdirect cargo shipments to alternate locations or hijacking a a boat for piracy purposes. However, with most GPS applications, it's timing that matters most, not positioning.

Precise time, frequency and phase are all key elements in critical sectors such as power and utility companies, financial and banking markets, telecoms, air traffic control, and many more. This timing data is usually derived precisely from a GNSS. Disrupting the universal time source has the potential to crash financial markets, cause power blackouts, and disrupt the communication grid (i.e. cause cell phone stations to fail).

GNSS timing is thus becoming a new source of cyber risk and an extension of the attack surface in many critical infrastructure sectors.

Furthermore, GPS spoofing can be done with commercially available, cheap, and portable equipment, including using software-defined radios running open-source software. With this type of spoofing, a broadcast antenna is used to point at a target’s GPS receiver to override the GPS signals provided to nearby buildings, equipment or mobile assets (ships, etc.).

As an example of this threat, take the power grid operators: in order to deal with potentially damaging fluctuations, an operator needs to know what the voltages and currents are at specific points in time, and at widely dispersed points along the grid. For instance, summer temperatures can influence how many of a city's residents turn their air conditioners on or off, generating disturbances that propagate along the power grid and across the continent.

Electric companies are therefore making constant high-precision, high-resolution measurements to control power grids. To do that, they use on devices called phasor measurement units (PMUs), which are aligned with the atomic clocks used in GPS. In fact, PMUs are growing increasingly more important, as power grids rely on distributed sources of energy, such as rooftop solar power.

At the same time, PMUs are vulnerable to GPS spoofing attacks, wherein a hacker would place transmitters near a station to broadcast fake GPS signals, which would be picked up by the PMUs. Fooling the PMUs of one or more power stations could lead to disruptions that could cascade throughout an entire power grid.

Although very fundamental to critical operations, GPS spoofing is a risk that is relatively easy to address, leveraging some basic cybersecurity hygiene and most importantly not requiring costly infrastructure upgrades.

An example approach used by the company Accubeat is to introduce a device in the OT environment that provides security and backup of the accurate time obtained from a GNSS receiver. Accubeat's patented Time Firewall is a device that is inserted between the antenna and the existing GNSS receiver. The Time Firewall receives the GNSS satellite signal from an antenna, checks the integrity of the signal using an internal atomic clock and various algorithms. If it determines that the GNSS signal is reliable, it will forward the RF signal to the timing network. In case the signal is spoofed or unreliable for any reason, the device can trigger alerts and engage its internal atomic clock and satellite signal simulator to provide an alternate GNSS signal, allowing uninterrupted operation of timing even in spoofing conditions.