Growing Risks of Global Navigation
Satellite Systems Spoofing
The Center for Advanced Defense (C4ADS) recently released a study that found 9,883 cases of GNSS (Global Navigation Satellite Systems) spoofing, including at least 1,311 instances since February 2016 of commercial ships in or around Russian waters being fed the wrong positional coordinates. We spoke with RANE expert Daniil Davydoff, Associate Director of Intelligence at AT-RISK International, to discuss the risks posed by GNSS spoofing and what steps firms should take to mitigate the associated risks.
GNSS is an umbrella term for the various regional satellite systems that beam location information to earthbound receivers, including the US’s GPS system and Europe’s Galileo. GPS spoofing technology sends false signals from ground-based transmitters that mimic those sent from satellites. The ground-based false signals are much stronger than those sent by satellite, enabling them to crowd out the real information.
Due to the widespread use of GPS-style technology – in mobile phone networks, shipping, security, etc. - spoofing has the potential to cause widespread disruption within supply chains and pose a risk to maritime and aerial navigational safety. Davydoff believes that the finance sector’s risk exposure to GPS spoofing is lesser known but also potentially significant. For example, GPS spoofing could be used to change the time stamps of quotes, causing markets to cross with each other, leading to quote saturation that could lead to long delays in an exchange’s queue.
- Cyber experts have used GNSS spoofing to trick the Tesla Model 3’s automatic navigation system into sharply breaking/switching lanes and taking a wrong turn on the highway.
- Davydoff tells of delivery trucks in Brazil that unlock once they reach their destinations falling victim to GPS spoofing, resulting in the trucks being unlocked and making their goods available before they’ve arrived at their destinations and are properly secured.
C4ADS says that Russia-linked GNSS interference is mainly employed as a defense mechanism to protect sensitive locations and people, with the think tank noting a “close correlation between movements of the Russian head of state and GNSS spoofing events,” but there have been recent instances of foreign governments blaming Moscow for more hostile acts.
- Davydoff believes that the current focus on Russian GNSS spoofing is due to the scale in which it is being carried out and the geopolitical implications, but he sees actions by non-state actors as being equally if not more important. The low cost of the technology, with devices available for as little as $300, leads analysts to believe that there will be a proliferation of the technology among non-state actors seeking to profit or cause disruption.
Davydoff notes that flaws within GPS technology have been evident for years. Companies should examine the ways in which their operations rely on this technology and develop alternative methods or policies to prevent disruption in the event that GPS reliability is compromised.
- Technology is being developed that discriminates between disruptive and authentic signals, though these innovations are being created predominantly for large systems such as those used in marine navigation.
- Instead of or in addition to using GNSS protection technology, companies can consider preparing alternate navigation methods in the event that GPS is unavailable. For example, Davydoff notes that the US Navy uses ground-based navigation signals as well as alternative satellite technology, diversifying from relying solely on GPS. They are also working to ensure that officers are cross-trained in traditional map-based navigation.
- Smaller companies, especially those reliant on GNSS technology, may not have the resources to invest in redundant navigation tools or tools that can block false signals, and Davydoff suspects that larger, resource-rich enterprises will be able to more effectively prepare for GNSS spoofing attacks than smaller firms while countermeasures are still expensive.