PNT Signals as National Critical Infrastructure

Several national critical functions and all 16 critical infrastructure sectors rely either directly or indirectly on functional and consistent position, navigation, and timing (PNT) signals. As such, fragility of weak and easily imitated global positioning system (GPS) signals could lead to catastrophic impacts on dependent and interdependent critical infrastructure systems. Designating PNT-signal-emanating assets as a standalone national critical function would bring resources, awareness, research, additional risk mitigation measures, and new solutions to help keep consistent and resilient PNT signals operational if threatened by natural and human-caused threats.

Imagine starting the day three hours behind, receiving a cellphone warning of identity theft, getting a call from a financial planner about retirement assets going missing, and learning that the Federal Aviation Administration (FAA) has grounded hundreds of planes – all potential scenarios following significant PNT disruption. These scenarios involve day-to-day functions and transactions that rely on PNT to operate. Many other local and national critical infrastructure depend on PNT signals for business operations, identity management, secure communications, and financial transactions.

Local critical infrastructure (such as water treatment plants, energy, and transportation) and financial institutions (such as banks and brokerage firms) conduct millions of transactions daily – all of which depend on authentic, accurate, and rhythmic PNT signals. For example:

·       Water treatment plants rely on PNT systems to securely communicate between their operating technologies to manage daily water flow, balance chemicals, and monitor water quality.

·       Banks validate customer authenticity and identity when completing transactions using phasor measurement units’ synchronization from U.S.-based PNT and GPS systems.

·       Some financial institutions and companies dealing with cryptocurrencies rely on proof of location in their blockchains.

·       First responders rely on communication equipment like digital and analogue systems that operate with PNT signals from space-bound GPS satellite systems.

However, not all companies are relying on weak GPS signals to validate PNT data, obfuscating analysis of true impact of fragility in the national GPS network. Although cryptocurrencies rely on proof of location in their blockchains; not all blockchain startups are relying on GPS signals for identity management. Some companies opt for geotriangulations using low-power wide-area networks (LPWAN) or other Internet-of-Things gadgets to help validate locational data. Other companies are looking at terrestrial unlicensed radio spectrum to help validate location due to not having confidence in current PNT space-based networks. This is still new in advancing industries. Although the solutions seem simple, like internal atomic clocks on servers or running parallel timing systems, there is no final process that is accepted industrywide. Foamspace Corp published a 2018 white paper on blockchain and a protocol for the decentralized geospatial data market:

Civil GPS is unencrypted, it has no proof-of-origin or authentication features, and despite dire warnings first raised in 2012, the system remains extremely susceptible to fraud, spoofing, jamming, and cyberattack…. A backup for GPS is needed because it can be easily spoofed, jammed, or falsified. This means that there is currently no truly secure way to verify location in blockchain-based smart contracts or decentralized applications.

The white paper indicated that more research is needed to create a reliable non-satellite-based resilient PNT signal network for civilian use that is redundant and can be relied upon if other systems are compromised.

Critical Infrastructure Relies on Precision Timing Supported by Weak GPS Signals

Energy grid, transportation, emergency communications, health care, and local and national logistics systems are all critical infrastructure that rely on precision timing. These industries usually do not have the most recent technology due to bureaucracy or funding and take time to reach new industry standards. Any slight disruption, malfunction, or misdirection could impact information communication technology (ICT) and connected interdependent systems especially if they are linked truncated systems that operate or support national critical functions.

There are important reasons why domestic Positioning, Navigation, and Timing (PNT) signals should be designated as a national critical infrastructure.

The PNT signals used in many of these industries depend on a space-bound GPS network for everyday validation of PNT data. Advancing business analytics are now more ingrained in industrial control systems and supervisory control and data acquisition (SCADA) systems that operate lifeline infrastructure. Failure of these systems would have devastating effects on business and culture impacting communities, family, and industries both nationally and internationally, some may be nearly impossible to recover from or even have the capability to rebuild due to aging or unsupported software and or hardware – ultimately delaying these systems from coming back online.

Dependency on Satellite GPS Systems for PNT Signals Creates a National Security Risk

According to the Resilient Navigation and Timing Foundation, “Thousands of disruption incidents have been reported throughout 2020, from China to California, and from the Arctic Circle to New Zealand” in the form of spoofing and jamming of GPS signals on aircraft, manufacturing equipment, and even pig farms. These jammers can be as small as a 12-volt item plugged into a cigarette lighter of a vehicle to foreign-based systems that are able to jam whole continents. Spoofing PNT signals is now standard procedure for some governments to evade sanctions on a grand scale. According to The Times of Israel, “Windward, a maritime intelligence company … said that since January 2020 it has detected more than 200 vessels involved in over 350 incidents in which they appear to have electronically manipulated their GPS location.” Enforcement actions rely heavily on location data to enforce violations.

Addressing a government advisory board in December 2021, National Security Council Director for Response and Resilience, Caitlin Durkovich said GPS remains “a single point of failure” for the U.S. Today, a lot of the critical infrastructure in California and other states are owned and operated by private/civilian sector entities, to include cities, counties, and special districts. Some of these entities use off-the-shelf ICT that rely on space-based GPS for their PNT signals. Consequently, when GPS signals are disrupted or interrupted, all 16 critical infrastructure sectors that partially or completely rely on GPS for PNT data for their ICT are at serious risk of being interrupted or completely disabled.

Dana Goward, president of the Resilient Navigation and Timing Foundation stated in 2018, “GPS signals have become essential to an incredible variety of services that everyone relies on: navigation, routing, common operational pictures, blue force, and asset tracking to name a few.” Interdependencies of PNT signals connecting all 16 critical infrastructure sectors present more clear evidence of how important physical GPS systems – either space-bound or terrestrial – that produce PNT signals are to the U.S. strategic imperatives supporting sustainment of lifelines.

Due to the dependencies and interdependencies to all 16 sectors, it might be time that domestic physical assets like GPS satellites and terrestrial networks (fiber and tower based) become their own national critical function, which would allow access to Department of Homeland Security (DHS) information and security resources like monies and organizational support. Although the physical assets that produce PNT signals are not yet recognized as one of the 16 critical infrastructure sectors, DHS did list PNT signals as one of the 55 National Critical Functions, which highlights how vital PNT signals are. An official designation of the physical assets would provide an additional layer of protection and a more robust exchange of information and requests for advice or assistance from designated committees like the Critical Infrastructure Partnership Advisory Council and other special interest groups. These efforts and proper designation would help in keeping these systems relative and resilient and allow for other solutions for PNT signals to be analyzed like visualizing geolocational data from blockchain technology, fiber lines, and tower-based systems like eLORAN.

Priority Systems

A May 2021 Government Accountability Report on Defense Navigation Capabilities highlighted, “While GPS provides significant capabilities to both military and civilian users under normal conditions, it is subject to interference by adversaries.” This is significant as it discusses the U.S. Department of Defense’s role and civilian role in using and/or supporting alternatives to PNT signals that do not emanate from GPS-type systems.

Over the past two years, there have been physical delays in many day-to-day critical systems. Some of these delays are due to disruptions in ICT systems due to cyberattacks or national disasters. One priority system is the logistical or supply chain system(s). Additionally, in response to the U.S. Department of Commerce in October 2021, the Resilient Navigation and Timing Foundation stated, “PNT services are used in transportation, logistics, telecommunications, SCADA, and other systems that support all supply chains, including those for ICT device production.” These ICT systems are an integral part of the business analytics that manage everyday local, statewide, national, and international SCADA and industrial control systems. The National Institute of Standards and Technology Interagency or Internal Report 8323 states,

The national and economic security of the [US] is dependent upon the reliable functioning of the nation’s critical infrastructure. [PNT] services are widely deployed throughout this infrastructure. In a government wide effort to mitigate the potential impacts of a PNT disruption or manipulation, Executive Order (EO) 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation and Timing Services was issued on February 12, 2020.

COVID-19 has again highlighted additional vulnerabilities in critical infrastructure systems, one of them being the fragile PNT signals from space-bound systems. These vulnerabilities include but are not limited to cascading impacts from resource diversion or delays, unauthenticated business transactions, and a continuing barrage of cyber impacts, which all affect manufacturing, materials processing, energy grids, and other industrial functions. Some of these activities include spoofing, denial of services, jamming, or compete failure of whole systems and interdependent systems from natural hazards like solar flares. These threats are real and relevant today. According to Forbes in February 2022, “At least 40 of the 49 Starlink satellites launched by SpaceX last week have been destroyed by a geomagnetic storm.”

Over time, these cascading impacts or snowballing effects will lead to devastating long-term challenges and open opportunities for adversaries to exploit vulnerabilities embedded within the supply chain and other interdependent systems that support local critical infrastructure and national critical functions. This will inevitability create catastrophic residual impacts to lifeline systems and could overwhelm emergency management agencies, first responders, and essential workers, especially when managing multiple incidents at the same time.

Defining GPS- and PNT-Signal-Producing Hardware as Critical Infrastructure

Executive Order 13905 Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services defines how to responsibly protect the use of PNT signals. This order highlights current efforts on PNT profile identification, testing, and categorization of navigation and timing services. It defines critical infrastructure as:

[S]ystems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on national security, national economic security, national public health or safety, or on any combination of those matters.

When these essential elements of information are defined as priority informational requirements used by intelligence agencies – and knowing the PNT signals rely heavily on only U.S.-controlled space-bound and/or terrestrial GPS interoperability networks – the country’s current physical GPS assets undoubtedly fit within this defined criterion. Next, this sets a principle in understating that U.S. owned and operated GPS and dependent systems that produce a PNT signal are the nucleus of how national critical functions and other business cycle analytics operate every day of the year, keeping communities and industries thriving. According to Dana Goward, “GPS-based time stamps allow databases to know which is the most recent bit of information being stored. They also provide location data as a part of identity management and offender monitoring systems. The list is almost endless.”

With the onset of 5G, automatous vehicles, precision agricultural systems, data cloud storage processes, and many other emerging industries, there will be greater dependency on a fully functional, operational, and resilient terrestrial and space-bound GPS infrastructure producing PNT signals in support of ICT systems across all 16 sectors.

Defining National Critical Functions

In 2017, former DHS Secretary Jeh Johnson designated U.S. elections systems as a national critical infrastructure. This was significant as the U.S. electoral system was being exploited. The fact that elections have been designated as a national critical function is supportive of the concept that dependent and interdependent systems can have their own national critical function designation due to their national and international impacts if exploited or corrupted. This is true of PNT signal producing systems that are connected to encrypted cyber services and business operation cycles that manage critical infrastructure and lifeline systems

Even when compared with other countries’ definitions of critical infrastructure, space-bound and terrestrial GPS systems seem to meet similar data points, further supporting the narrative it should be a standalone critical infrastructure sector. In 2008, the Council of the European Union defined critical infrastructure as:

[A]n asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or societal well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.

This was further discussed in 2017 report by Canadian authorities who are exploring the idea of designating satellites as a critical infrastructure. Even though Canada has not accomplished this to date, the report stated:

In this connection, space assets fall outside what is currently considered national critical infrastructure. Not only is space an operational domain of increasing importance to the Canadian Armed Forces, space assets such as the Global Positioning System and Anik-series telecommunications satellites are critical to the security, safety and economic well-being of this nation as a whole.

Even as recently as 2021, Edward Swallow, vice president of the civil systems at the Aerospace Corporation, stated:

[T]he Global Positioning System is vital for shipping and transportation, including ground, air traffic and marine navigation – anywhere in the world. Communication and information processing, including the world’s developing 5G networks, rely heavily on space-based infrastructure…. It’s time to protect our nation’s space-based systems by designating them as critical infrastructure. Without adequate security, cyberattackers can cause them to malfunction, send false information or collide, potentially creating a debris field that could linger for decades.

This is the cyber and physical side of how GPS satellites could be compromised. Evaluating vulnerabilities in both the physical and virtual spaces in which PNT signals emanate further links these assets and cyber vulnerabilities as pivotal to national security.

Clear and Present Efforts

When defining national critical functions, local critical infrastructure, sectors, and sub-sectors, there are many systems and networks that continue to depend on precise timing and locational information to make sound business and security related decisions. The President’s Executive Order 13905 outlines how silent but valuable U.S. PNT signals are, “The United States made the Global Positioning System available worldwide, positioning, navigation, and timing (PNT) services provided by space-based systems have become a largely invisible utility for technology and infrastructure.”

With emerging and advanced Internet of Things products coming online every day (both in the business and private spaces), identity theft, and the proliferation of cyberattacks on connected networks, there will be more demand to drive reliance on validation of services starting with an authentic and organic PNT signal. Although private sector solutions (e.g., blockchain technology) are currently being developed, they are still in development and only parallel the widely relied upon strong PNT signals. Making GPS assets that emanate PNT signals a critical infrastructure sector would help codify investment in national risk resilience, furthering the importance on the public-private sector interdependency model. In 2021, Peggy O’Connor, director of communications and policy for INSA, summed up a white paper titled, “Designating the U.S. Space Sector as Critical Infrastructure”:

Designating the space sector as the United States’ 17th critical infrastructure sector would clarify government agencies’ roles and responsibilities in protecting space infrastructure, make clear to U.S. adversaries that the United States is committed to defending its space infrastructure, contribute to the establishment of global norms regarding the safety and security of space systems, and accelerate development of best practices and technologies for ensuring cybersecurity and resilience of space assets.

There is a clear and present herculean effort from private and public sectors to protect space-bound systems, which prioritizes satellites that produce PNT signals. At the same time, there is a continued need to protect, harden, and advance technologies by developing multiple approaches to securing PNT signals and/or creating separate and resilient system(s). The Department of Defense has taken this problem seriously and developed information assurance standards to increase cybersecurity protections for space and ground control systems. Fully implementing these standards, Raytheon Intelligence & Space plans to deliver the enhanced ground control segment – GPS Next-Generation Operational Control System (GPS OCX) – in 2022.

While an official designation will not solve all the problems with PNT signals or completely protect the physical aspects of GPS assets, this is a good step in the right direction in keeping awareness of GPS assets and PNT signals at the forefront of how critical infrastructure, the Department of Defense, and everyday business analytics depend on these systems for PNT signals. Preparing now under the onus of creating a defined effort both domestically and from a national defense posture is key to understanding how any failure or any small disruption in PNT signals could be catastrophic in nature and could cause cascading impacts to unknown areas of lifeline systems. Designating both space-bound and terrestrial PNT signal(s) producing assets as an official national critical sector is a vital step to keeping these systems operational and resilient.

Nathan DiPillo

Nathan DiPillo currently serves as a California Governor’s Office appointee assigned to the California Office of Emergency Services as a Critical Infrastructure Analyst in the State Threat Assessment Center. Before state service, he functioned as a critical infrastructure specialist with the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA). He also spent over 15 years with the Transportation Security Administration, where he assisted in standing up the agency with policy development, training, and recruitment. He has over 25 years in the emergency management and security industry, beginning as a resident firefighter/emergency medical technician. He also served with the California State Military Department, and Army National Guard in the 223rd Training Command ending his career as a Sergeant First Class. During that time, he served in many units, finishing his career attached to the 102nd Military Police Training Division in an Opposition Force Unit. He currently serves on a small-town planning commission and assisted in coordinating an emergency family communications group in his local area. He possesses a Master of Emergency Management/Homeland Security from the National University and other Federal Emergency Management Agency (FEMA), U.S. Department of Homeland Security (DHS), and military certifications.



No tags to display


Translate »