EASA Part-IS: Cyberattacks on GNSS – The closer to ground, the greater the uncertainty
- pawelkorzec
- 3 days ago
- 4 min read
Updated: 2 days ago
Services like GPSJAM and SKAI Spoofing are tempting as they offer seemingly straightforward answers to complex issues. While they are very valuable, visually engaging and intuitive, the question remains whether they provide an accurate and comprehensive understanding of the actual threat landscape? We are concerned that they do not, due to their nature. Simply, the ADS-B sensors, flying high in the sky so they tell us whats happening at higher altitudes. But what happening close to the earth, lets say below 1000ft? How to understand and visualise terrestrial threads? The earlier we recognise the true nature of the anomalies, the more effectively we can mitigate the potential consequences.
Let's consider the threat of GNSS jamming and spoofing from an alternative perspective - that of underwater diving. Anyone who has experienced the underwater environment, whether using a snorkel and mask or full scuba equipment, knows that the most beautiful sights are found near the surface. As we dive deeper, the environment becomes darker, colder, and with few exceptions less interesting. It is much the same in aviation. The higher we fly, the broader the perspective is, but, as in life, gaining one thing often means losing another; in this case, we lose the details. And as is commonly said, the devil is in the details, and that is precisely what we would like to focus.
Risk is easier mitigated when huge operational space is available and the number of variables is limited. This is exactly the case at higher altitudes, where we have access to onboard inertial systems, big safety buffers (defined by RNP), and better availability of conventional navigation data (eg. VOR-DME).
The closer we are to the ground, the tighter it gets. We have to pay more attention to time of reaction, as the distances get smaller. Suddenly, we might lose signal or receive a reflected signal. Near the earth, there’s also more "noise" from radio interferences. Something that works in one place might not work just around the corner of a building. As a consequence, a mistake can have catastrophic consequences much quicker than at a high level.
Terrestrial attacks on IT infrastructure, vehicles, drones, or aircraft flying low are relatively easy to carry out, cheaper, and much harder to detect or identify. After all, we can’t put sensors everywhere.
Based on nearly a year of observations, looking at GNSS interference, statistically we can state with great simplification that:
most often they are interfered by taxis and trucks
originated by various types of state services, including the military
hackers, young IT specialists who want to test jamming / spoofing equipment purchased on popular auction systems
civilian thieves and criminals
infrastructure that spreads on frequencies similar to satellites (industrial noise)
military troops as part of hybrid warfare
deliberate influence of one country on another in the framework of hybrid warfare (e.g. Black Sea area, Middle East, Baltic countries, Kaliningrad Oblast)
ships / vessels
Which of the above threats are the most dangerous? Looking at the issue from the perspective of quantity and effectiveness, probably all of them are similar. Remember, that just like with "brute-force" attacks, a high frequency of attempts does the job.
In addition, there are new legal weapons, tools that state services receive in the fight with non-cooperating drones. Updated law, adapted to new needs, makes it possible to down, take control and neutralize drones. These systems most often use jamming and spoofing techniques. And although legal, their misuse can have unwanted consequences.
With all due respect to the Policeman, but will he or she, in a necessity of acting quickly, think about consequences of spoofing area behind the drone that should be neutralised? Who will record usage of that devices, if area of impact will be "half of the sky"? How to designate and inform about places where the legal use of jammers and spoofers must be prohibited for public safety reasons? There are many questions that currently have no answers because the civilian world has not faced similar problems before.
And now to the shore. What does all this have to do with the EASA Part-IS concept?
Today's world, acting as a system of connected systems, is more dependent on satellite data than we think. Without accurate time, banks, mobile networks, data backup systems, stock exchange, power plants and many others will not work.
In the face of dozens or even hundreds of "typical IT" threats related to cybersecurity, we would like to draw the attention of airports, airlines, and equipment manufacturers to include information about attacks on satellite navigation systems when analysing cyber threats. Omitting them at the very beginning can result in chaos, misunderstanding of suddenly "strange" or unexpected behaviours. As we mentioned already, GNSS in aviation is not only about air navigation...
If after this short article you think it is worth talking, let us know. Monitoring, classifying and locating threats can be done relatively quickly, effectively in the on-premise and as service model. All possibilities are on the table. The installation of the sensors at airport, airplane, or data center will take a maximum of one day.
We have ready, industrial monitoring tools developed by GPSPATRON. Together we will agree on sensor locations, teach how to interpret collected data and develop risk mitigation plans. We have the competence to look at the issue of GNSS anomalies holistically, both from the IT side and from the manned and unmanned aviation side.
Looking for more, please write: gnss@droneradar.eu or just call us: +48 511 230 660.
Comments