Donald Trump has this week directed the Department of Homeland Security, the Pentagon, and the Commerce Department to minimise the amount of US systems dependent on GPS for positioning, navigation and time that could easily be hacked due to the vulnerabilities associated with GPS. This executive order stems from recent fears that Russia, Iran and other countries were hacking US GNSS, otherwise known as GPS, to change the positioning and redirect navigation.
The risk that GPS poses, when unprotected can leave aviation, maritime, autonomous vehicles, mobile devices and the financial markets at serious risk.
Commenting on the American president’s order, Roi Mit, CMO of Regulus Cyber, told Splash: “The risk of GPS interference is on the rise globally, these GPS attacks are done by either state actors or lone operators.”
These interferences can be easily generated because of the way GPS was designed to be open and accessible. Interferences include jamming, denial of signal, spoofing, hacking and altering the signal.
During 2019, hundreds of GPS attacks were recorded, resulting in various incidents that pose great risk to both life and property including ship collision, vehicles diverted off the road, airplanes suffering delays and location based apps crashing.
The European Union and the UK are also working on similar GPS regulations.
“As time goes by more and more technologies around us are becoming dependent on satellite navigation and timing, especially in the autonomous era, thus it is now becoming one of the largest cybersecurity vulnerabilities in the modern age,” Mit said.
One of the most high profile GPS spoofing incidents took place in 2017 when 53 ships in the Black Sea were ‘relocated’ during a Russian military exercise.
Last summer, the US Department of Transportation’s Maritime Administration issued a warning about threats to commercial vessels posed by Iran, saying that ships operating in the region could have a variety of issues, including “spoofed bridge-to-bridge communications from unknown entities falsely claiming to be US or coalition warships”.
Britain’s intelligence services MI6 and GCHQ also believe Iran used Russian GPS spoofing technology to send the British-flagged Stena Impero off course into Iranian waters in July last year.
A year ago, UK-based cyber vulnerability testing firm Pen Test Partners released information from a demonstration at the Infosecurity Europe conference, showing how electronic chart systems could be hacked to spoof the size and location of vessels. The firm reckoned it could create chaos in a busy shipping lane such as the English Channel.
GPS spoofing has also been detected over the last year off the Chinese coastline including at the port of Shanghai.
Dana Goward, president and director of Resilient Navigation and Timing Foundation (RNTFND), an educational and scientific charity, told sister title Splash Extra last year, “As we continue to increase reliance upon automated systems to improve the efficiency of operations, risks will continue to increase. This is especially true for night and low visibility operations in congested waters. The frequency with which GPS disruptions are occurring now means that it is only a matter of time before we see a mishap that can be directly attributed to GPS disruption.”