The Department of Homeland Security is lagging in its efforts to mitigate cybersecurity threats to Position, Navigation and Timing technology such as the Global Positioning System, which it has identified as a “systemic risk” to critical functions, according to a former government official who now leads an educational organization aimed at protecting GPS signals from jamming and spoofing.
“DHS, [Department of Defense], [Department of Transportation], in fact the entire executive branch is absolutely behind the curve on addressing this issue,” Dana Goward, President of the Resilient Navigation and Timing Foundation, told Inside Cybersecurity.
“Many in the federal government are only now coming to the realization that GPS denial and deception is a cybersecurity problem,” he said. “Yet GPS disruption interferes with end use devices, communication links, and can put false info into data bases.”
Goward, a former director of Marine Transportation Systems for the U.S. Coast Guard, is also a senior advisor to U.S. Strategic Command’s Purposeful Interference Response Team and a member of the National PNT Advisory Board, which was outlined by a 2004 National Security Presidential Directive that established an Executive Committee on PNT co-chaired by the Departments of Defense and Transportation. Strategic Command controls U.S. nuclear forces and space operations.
“Good policy was established and a course set in 2004, but there has been little follow through,” Goward said, adding "Congress has been a lot more proactive than the administration, which is playing catch-up on this."
In November, DHS said it would first focus on how to build resiliency into the technology that uses a constellation of satellites and clocks to provide precise timing and location to facilitate a range of functions that include things like microsurgery and banking in addition to navigation, but can increasingly be hacked by malicious actors jamming or spoofing the satellite signals.
Congress, in contrast, has for years been working on creating a back-up for GPS and on Dec. 4, the president signed the National Timing Resilience and Security Act into law as part of the Coast Guard Authorization Act of 2018, saying “the Secretary of Transportation shall provide for the establishment, sustainment, and operation of a land-based resilient, and reliable alternative timing system.”
The bill's implementation now awaits the necessary appropriation as the impasse between President Trump and congressional Democrats drags on over immigration issues.
On Dec. 5, James Platt, who directs DHS' Position Navigation and Timing office, briefed the National PNT advisory board on the department's plans to address the cybersecurity concerns associated with the technology.
According to slides of the presentation hosted by GPS.gov, those plans include: “Building redundancy or resiliency into critical functions that depend on GPS technology...to assess the extent to which the service is needed and what traditional or legacy systems need to be in place if it fails.”
Platt also highlighted DHS' work with the National Institute of Standards and Technology to create “conformance and compliance standards for GPS/[Global Navigation Satellite System] receivers,” “partnerships with other federal agencies and the private sector,” and “best practices.”
But Goward is skeptical of such actions moving the ball forward and pointed to a need for leadership that includes enforcement.
"[DHS]" has been admiring the problem for years,” Goward said. “They say they are looking at best practices for receivers and claim they are working with NIST to develop 'voluntary standards,' but that term suggests a contradiction. We have yet to see them take a serious, comprehensive approach to this. Federal leadership, whether it is from DHS, the Department of Commerce, the [Federal Communications Commission], or another agency is needed to ensure GPS/GNSS receivers used in critical infrastructure can resist many forms of jamming and spoofing.”
Goward specifically highlighted a role for the FCC, the chairman of which the 2004 directive says “shall be invited to participate on the Executive Committee [on PNT] as a liaison.”
"They haven't shown much interest in this, but if there's anyone who has a mandate to ensure Americans can receive an undisturbed signal, that would be the FCC,” Goward said. “They have the authority, but over the last ten years, as these sorts of disruptions have increased, the agency has actually reduced the amount of equipment and staff they devote to enforcement.”
The FCC declined to comment for this story due to the partial government shutdown. -- Mariam Baksh (firstname.lastname@example.org)