Securing PNT needs action on a global scale
A number of challenges lie ahead when it comes to developing international standards for resilience
How the world became dependent on GNSS for PNT
The arrival of GPS kick-started a revolution. Using GPS was a cheap and reliable method of obtaining precise time and accurate position fixes globally. This revolution really accelerated when the US government disabled Selective Availability (SA), which had added 50 meters of error horizontally and 100 meters vertically to unencrypted GPS signals, in 2000. The availability of GPS and the development of alternative global navigation satellite systems (GNSS) meant that the use of precise timing and positioning data quickly became ubiquitous. Global availability, free access, and the proven reliability of GNSS signals has led to a state where many systems now have built-in dependencies on GNSS data that are not readily understood or, in some cases, even recognised.
Unfortunately, whilst GNSS signals are generally very reliable, the low power level of received GNSS signals on Earth means that they are particularly vulnerable to RF interference, multipath and atmospheric events.
GNSS disruption incidents are on the increase globally
We have become used to seeing and hearing about incidents of RF interference affecting GNSS dependent systems around the world – often in or near regions of conflict. It has recently been reported that GNSS outages are now almost standard occurrences on commercial flight routes between the US, Europe and the Middle East.
Eurocontrol, the pan-European, civilmilitary aviation organisation, says it received 3,500 reports of GPS disruption in 2019. Commercial aviation has also experienced widespread GNSS interference events in the US.
GNSS disruption in the maritime domain continues – US Maritime Industry Advisory 2021-04 states that “Multiple instances of significant GPS interference have been reported worldwide in the maritime domain. This interference is resulting in lost or inaccurate GPS signals affecting bridge navigation, GPS-based timing, and communications equipment.” The advisory also states that multiple incidents of GPS interference have been reported near the eastern and central Mediterranean Sea, the Persian Gulf, and in the vicinity of the Suez Canal.”
Two recent user reports really brought home to me the scale of the problem we are facing.
In 2019 one flight crew reported that they were so used to experiencing GPS interference from a nearby military installation that when they experienced a course error, they assumed it was due to an intermittent GPS-generated error message, when in fact it was caused by a data entry mistake. (NASA ASRS Report 1706814, December 2019)
The other report was from a maritime user to the USCG/DHS Navigation Center. https://navcen. uscg.gov/?Do=GPSReportStatus
The user states that because they had experienced GPS jamming on this vessel several times before, in Port Said and in the Suez Canal, they proactively made the SAAB GPS/Glonass receiver the Primary ECDIS position sensor, to help defeat any GPS jamming. The outcome was good: “It worked — we never received alarms, or lost our ECDIS picture.”
Both of these reports are worth highlighting as they focus on users who are so familiar with experiencing RF interference to their systems during operations that it has become an expected part of their day. In the first case, the user made an incorrect assumption based on previous experiences – in the second, the user implemented a solution that increased the resilience of their system.
The need for a common approach to mitigation
This need to secure Critical National Infrastructure has driven muchneeded initiatives in several countries to provide assured and resilient PNT services to these user groups.
There is a risk, though, that in developing strategies focused on securing critical infrastructure, nationally driven standards and guidance will dominate. This could make it difficult for industry to provide equipment, and difficult for operators to implement, as in some cases they could require different systems to operate in different countries. For major global businesses and operations this could become a near-impossible task, so it seems important that there should be some level of commonality.
The first issue of the US Department of Homeland Security, Science and Technology Directorate’s Resilient PNT Conformance Framework was released in December 2020; https://www.dhs.gov/ sites/default/files/publications/2020_12_ resilient_pnt_conformance_framework.pdf The goal behind the framework is to promote a common approach to defining resilience levels, so that systems or equipment can be compared using GNSS resilience as a metric – alongside the usual GNSS performance metrics. The DHS framework is designed to allow PNT security to be fully integrated into an over-arching cyber-security framework, helping to ensure that resilience is built into the system at the earliest stage, and also to ensure that GNSS security is always considered as part of any cyber-security assessment.
The Resilient PNT Framework defines five levels of resilience, from 0 (no resilience at all) to 4 (most resilient), and describes expected system behaviours for each resilience level. The framework includes the definition of resilience as defined by a presidential policy directive (PPD-21). https://whatis.techtarget.com/definition/ Presidential-Policy-Directive-21-PPD-21
The directive defines resilience as ”the ability to prepare for and adapt to changing conditions and disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”
A number of challenges lie ahead when it comes to developing international standards for resilience.
Many nations are focusing on the dependence of their CNI on GNSS data and this national approach could lead to diverging definitions and standards, which might result in increased complexity for civilian users. This is especially true in maritime and commercial aviation, which, in many countries, are components of Critical National Infrastructure – yet need to be able to operate internationally. I believe that to achieve the most successful outcomes, any resilient PNT framework has to be adopted internationally, not just by national bodies – a global consensus on key aspects would be preferable. GNSS is also an easy target for nation states in time of conflict – or for terrorists who have the resources. Effective GPS jammers are cheap to build and easy to use, and the consequence of a wellcoordinated attack using high powered jammers could be massive disruption to advanced economies where GNSS usage has become an integrated part of life.
The primary consideration must be redundancy. Even the most highly resilient GNSS receivers will struggle if a jammer has high enough power, so augmenting GNSS with complementary or backup systems is an essential component of resilient PNT. The wide range of technologies available that can improve resilience or augment GNSS effectively mean this is not a simple task to undertake, especially as it is very difficult to compare resilience levels in a like-for-like manner.
Increased resilience costs money and it can be difficult to persuade users, who have benefitted from the free services provided by today’s GNSS constellations, to invest in increased levels of system protection – or even to carry out system tests to characterize the performance of their equipment when GNSS signals are disrupted or degraded. This can be a difficult barrier to overcome, especially since many users have not experienced any significant disruption to or denial of services. Testing is the vital component of increasing resilience that can help to overcome these challenges – it can highlight problem areas and allow for low cost, quick win improvements to be deployed.
For testing to be viable for many of these users, guidance and standards need to be effective and easy to understand. The “Protect, Toughen, Augment” framework for GPS, a layered approach to risk reduction formulated by Dr. Bradford Parkinson, is an excellent starting point. From there, emerging standards and guidance for users must also be complemented by initiatives and training that concentrate on raising user awareness of the issues, along with the tools and methodologies that can help to mitigate the risks.