LRQA Nettitude Blog

GNSS Cyber Attacks: The Threat to the Marine and Offshore Industries

Posted by Nettitude on Nov 9, 2019 2:29:50 AM

By Joel Snape, Senior Research Analyst at Nettitude

Being able to get accurate location information anywhere in the world is something we have come to take for granted. The ready availability of receivers means that Global Navigation Satellite Systems (GNSS) have been adopted across sectors in ways that were never envisaged when the first Global Positioning System (GPS) NAVSTAR 1 satellite was launched in 1978. From tracking sports players on a pitch for improved training to enabling precision agriculture for enhanced crop yields, being able to quickly and cost-effectively obtain accurate location information has enabled significant innovation.

 

And of course, it’s not just limited to position - new mobile technologies such as 4G and 5G require ultra-precise timing information which they obtain from  GNSS, and without it, deployment would be significantly more challenging and costly.

However, the same developments that have led to lower-cost receivers have also enabled new means of disrupting GNSS. The development of low-cost radio transmitters, and in particular the development of software-defined radio, means that attacks that were once considered theoretical, or only achievable by governments, are now achievable for a few hundred dollars.

In recent months, new evidence has been presented of real-world attacks taking place to deny or disrupt GNSS. Take a look at our full report for a summary of how GPS operates and what features make it susceptible to disruption. The known attacks will be presented, along with examples of them taking place and a discussion of available mitigation techniques.

 

How could GNSS disruption affect the marine and offshore industries?

The marine and offshore industries have come to rely on accurate and reliable Global Navigation Satellite Systems (GNSS) for safe and efficient shipping and offshore operations.

Furthermore, the IMO’s SOLAS Convention includes Chapter V which addresses the safety of navigation and requires all ships, irrespective of size to carry a “receiver for a global navigation satellite system or a terrestrial radio navigation system, or other means, suitable for use at all times throughout the intended voyage to establish and update the ship's position by automatic means”[1].

As a result, GNSS receivers are carried by over 87% of merchant vessels, with growth in the leisure and fishing markets also forecast. GNSS systems have become the de facto source of position, navigation and time data at sea.

In 2017, the UK Government commissioned a study into the impact on the UK economy if GNSS systems were to be disrupted for just five days, with the cost to the maritime sector being estimated at £1.1bn. This was predominantly due to disruption at ports due to container cranes’ reliance on positioning information leading to difficulties loading and unloading containers. More widely, however, GNSS disruption would also prevent systems the maritime industry uses (such as telecommunications networks) from operating effectively, and the complex network of dependencies means it is likely that there would be unforeseen effects.

The impact of a disruption to these systems is to force the crew to revert to traditional navigation techniques, which may not be well-practised. For example, the US Navy stopped teaching celestial navigation in 2000 but has now re-introduced it for new crew due to the

If GNSS information is unavailable, it leads to the loss of data feeds to other systems, including those necessary for the safety of navigation and efficient operation of ships and ports. Overall, this results in a loss of crew efficiency, and if navigation is disrupted it is likely to lead to more vessels delayed in port and potentially increased risk of collision or grounding.

 

Protecting your assets from GNSS spoofing

With reports of GNSS manipulation on the rise, it is important to assess your use of GNSS and ensure that you have considered the risk of that being disrupted or interfered with. This might include:

  1. Understanding likely exposure to GNSS interference based on geography and sector.
  2. Discussing available mitigations with your device manufacturers, both in software and hardware.
  3. Understanding the way that systems behave if GNSS systems are unavailable.
  4. Ensuring staff are trained in how to react if they encounter GNSS system issues and know who to report them to.

Understanding the safety and operational risks faced by your organisation and assets, and how to manage the impacts of the loss of availability or integrity of data used by your vessels and offshore installations, including GNSS data, is key.

Nettitude can provide a range of guidance, and assurance services and help to both inform and help you prepare effectively for cyber events within your organisation. Please contact us for more information.

In addition, in order to learn more about what features of different GPS systems make them susceptible to attack, as well as the types of GPS cyber-attack facing your organisation, please see our full research report on the topic.

[1] Regulation 19.2.1.6 of SOLAS Chapter V (Safety of Navigation)

 

Subscribe Here!

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Recent Posts

Posts by Tag

See all