By Joel Snape, Senior Research Analyst at Nettitude
Being able to get accurate location information anywhere in the world is something we have come to take for granted. The availability of cheap receivers means that GPS has been adopted across sectors in ways that were never envisaged by the system’s original designers. From tracking sports players on a pitch for improved training to enabling precision agriculture for enhanced crop yields, being able to quickly and cheaply obtain accurate location information has enabled significant innovation.
And of course it’s not just limited to position - new mobile technologies such as 4G and 5G require ultra-precise timing information which they obtain from the GPS system, and without it, deployment would be significantly more challenging and costly.
However, the same developments that have led to lower-cost receivers have also enabled new attacks on the system. The development of low-cost radio transmitters, and in particular the development of software-defined radio, means that attacks that were considered theoretical, or only achievable by governments, when the system was designed are now achievable for a few hundred dollars.
In recent months, new evidence has been presented of real-world attacks taking place to deny or disrupt the GPS system. Take a look at our full report for a summary of how GPS operates and what features make it susceptible to attack. The known attacks will be presented, along with examples of them taking place and a discussion of available mitigation techniques.
How are GPS cyber attacks affecting the marine industries?
The marine and offshore industries have come to rely on accurate and reliable Global Navigation Satellite Systems (GNSS) perhaps more than any other sector. The IMO SOLAS Chapter V regulation on the safety of navigation was updated in 2005 to require that vessels carry a ‘receiver for a global navigation satellite system’ to be operational for the duration of the intended voyage.
As a result, GNSS receivers are carried by over 87% of merchant vessels, with growth in the leisure and fishing markets also forecasted. GNSS systems have become the de facto mechanism for establishing position, speed and heading for vessels, usually feeding into an electronic navigation system (ECDIS) and broadcast as AIS messages. In practise, GNSS systems have become the ‘de facto’ mechanism for establishing position, heading and speed at sea.
In 2017, the UK Government commissioned a study into the impact on the UK economy if GNSS systems were to be disrupted for just five days, with the cost to the maritime sector being estimated at £1.1bn. This was predominantly due to disruption at ports due to container cranes’ reliance on positioning information leading to difficulties loading and unloading containers. More widely however, GNSS disruption would also prevent systems the maritime industry uses (such as telecommunications networks) operating effectively, and the complex network of dependencies means it is likely that unforeseen effects would take place.
The impact of a disruption to these systems is to force crew to fall-back to more traditional mechanisms for navigation, which may not be well-practiced or taught. For example, the US Navy stopped teaching celestial navigation in 2000, and has now re-introduced it for new crew due to the increased risk to electronic GNSS systems. If GNSS-based position information is unavailable, it leads to other systems such as AIS becoming unavailable due to a lack of input data. Overall, this results in a loss of crew efficiency, and if navigation is disrupted it is likely to lead to more vessels delayed in port and potentially an increased risk of collision or grounding.
Protecting your organisation from GNNS Spoofing
With reports of GNSS manipulation on the rise, it is important to assess your use of GNSS location fixes and ensure that you have considered the risk of that being interfered with. This might include:
- Understanding likely exposure to GNSS interference based on geography and sector.
- Discussing available mitigations with your device manufacturers, both in software and hardware.
- Understanding the way that systems behave if GNSS systems are unavailable.
- Ensuring staff are trained in how to react if they encounter GNSS system issues and know who to report them to.
Understanding the risks faced by your organisation and applying the appropriate risk treatment to ensure the impacts of GPS attacks, as well as other types of cyber attacks, can be effectively mitigated is key. Almost all marine and offshore organisations currently operate reactively when an incident occurs and the costs, reputation and impacts could be significantly mitigated with some upfront considerations and preparations. Nettitude can provide a range of guidance, assurance services and help to both inform and help you prepare effectively for cyber events within your organisation. Please contact us for more information.
In addition, in order to learn more about what features of different GPS systems make them susceptible to attack, as well as the types of GPS cyber attack facing your organisation, please see our full research report on the topic.