Critical infrastructure not prepared for GPS disruption
- By William Jackson
- Nov 08, 2013
Although position, navigation and timing services from the Global Positioning System are widely used in the nation’s critical infrastructure, government and industry are not prepared to address the risks of GPS disruptions, according to a recent study.
The Government Accountability Office said GPS has become “an invisible utility” underpinning many applications critical to the nation’s security and economy. A number of executive directives have mandated programs to detect and mitigate accidental or malicious interference, but, “sectors’ increasing dependency on GPS leaves them potentially vulnerable to disruptions,” GAO concludes.
The Transportation and Homeland Security departments have primary responsibility for ensuring the security of systems relying on GPS, but a lack of resources and cooperation has limited progress in identifying backup technologies in the last eight years.
In its report, GPS Disruptions: Efforts to Assess Risks to Critical Infrastructure and Coordinate Agency Actions Should Be Enhanced, GAO recommends that DHS produce a more reliable assessment of the risks of GPS disruption together with metrics for the effectiveness of risk mitigation and that the two departments establish a formal agreement laying out roles and responsibilities.
GPS is a satellite-based system providing precise timing signals that can also be used to determine position and for navigation. Timing functions are used widely in critical infrastructure, and transportation industries, particularly aviation and maritime, use GPS for navigation. Because it relies on radio signals, GPS is susceptible to natural interference from weather on Earth and in space, to accidental interference from other devices and to intentional blocking or spoofing.
Disruptions to service have not been common. The U.S. Coast Guard, which fields reports of GPS problems, received 44 such reports in 2012. But reporting is not mandatory, and GAO noted that USCG’s role is not widely known, so incidents could be underreported.
GAO examined the use of GPS in four critical infrastructure sectors — communications, energy, financial services and transportation — as well as DHS and DOT efforts at risk management. The communications and transportation industries are most reliant on the service, although the financial services and energy sectors use its timing features to a lesser extent.
DHS has produced a National Risk Estimate for GPS, released in 2012 for official use only. GAO criticized the report, saying it is incomplete and has limited usefulness because it does not meet the department’s own guidance for risk management. DHS defended the study, saying that its scope was limited, that it fulfills its intended purposes and that it “sufficiently characterized the risk environment.”
GPS is the backbone for NextGen, the Federal Aviation Administration’s next-generation air traffic control system, and because of its use for navigation DOT is the lead civilian agency for GPS reliability efforts. The department was charged in a 2004 national security directive with developing backup capabilities for government and industry, with the assistance of DHS. An implementation plan for a national position, navigation and timing architecture has been released, and potential backup alternatives for FAA NextGen are being researched. Current navigational alternatives to GPS do not support NextGen capabilities, and FAA expects to make a decision by 2016 on a backup system.
USCG is doing research to test alternative non-space-based sources of timing, NIST is researching the possibility of using the nation’s fiber networks as an alternative, and DHS has commissioned a study of ways to detect and mitigate sources of disruptions. The Defense Advanced Research Projects Agency also is working on alternative navigation tools.
But GAO found little progress had been made in identifying adequate backup technologies, due to a lack of staffing and budget and to a lack of cooperation between the two lead departments. Roles in the effort have not been clearly defined, and DOT sees its job as addressing only the needs of the transportation sector, leaving the rest to DHS. But DHS says that the terms of the directive put DOT in the lead position.
DHS said that it will establish a formal, written agreement with DOT “that will clearly delineate roles and responsibilities” in developing GPS backup capabilities. But it noted that “the ability to fully implement agreed-upon shared tasks will be contingent on the availability of personnel and financial resources.”
William Jackson is freelance writer and the author of the CyberEye blog.