Protecting the power grid from GPS spoofing
- By Patrick Marshall
- Sep 04, 2018
It’s relatively simple for bad actors to bring down a power grid by spoofing the GPS signals the grid uses to time stamp sensor measurements, according to researchers at the University of Texas at San Antonio.
The sensors -- phasor measurement units -- are installed in fixed locations throughout the grid and transmit 30 measurements per second to the control center, where operators monitor grid performance and increase or decrease the supply of electricity depending on the readings. That data is time stamped with the signals received by the sensors’ on-board GPS receivers.
A spoofed GPS signal, according to Nikolaos Gatsis, assistant professor of electrical and computer engineering, would result in those time stamps being incorrect. “They would make the control center think that the measurements they are getting happened at a different time,” Gatsis said. That, he said, could cause operators to take actions they shouldn’t be taking and that could lead to blackouts.
Gatsis and his team -- which includes Professor David Akopian and Assistant Professor Ahmad F. Taha and graduate student Ali Khalajmehrabadi — are using a three-year, $400,000 grant from the National Science Foundation to develop an algorithm to detect GPS spoofing attacks and to provide grid operators with corrected timing data.
According to Gatsis, the algorithm compares previously recorded information about GPS signal timing to incoming signals. When an anomaly in the timing is detected operators are alerted. And the algorithm does more than just detect anomalies. “The algorithm can also provide protection,” Gatsis said. “It provides the corrected timing” by noting the timing of signals before the attack began and projecting them forward.
The team is also exploring using the algorithm to protect against time-synchronization attacks against financial institutions, which use the GPS timing data to time stamp financial transactions.
And while the team is currently only working with non-mobile infrastructure, it plans eventually to apply it to mobile devices. "As we move forward with this concept of driverless cars, it becomes much more vital that we secure our GPS signals because the hijacking of the location abilities of a driverless car could be very dangerous," Taha said.
The team plans to make their algorithm available in app stores for Android and iPhone users, as well as for desktop applications.
Patrick Marshall is a freelance technology writer for GCN.