GPS/GNSS Vulnerabilities are Cybersecurity Threats

GPS (Global Positioning System) – part of the Global Navigation Satellite System (GNSS) – is an essential technology that is much more than just helping us use our mobile devices to find our way. GPS provides positioning, navigation, and timing – also called PNT – and provides a technology relied upon by industries including the financial sector, public safety, agriculture, and utilities including the power grid and water supply.  However, GPS vulnerabilities can pose significant cybersecurity threats.

One of the main GPS vulnerabilities is spoofing, which is when a malicious actor sends false GPS signals to a receiver, tricking it into thinking it is in a different location. This can lead to serious consequences, such as misleading aircraft and ships, disrupting transportation, and interfering with military operations. Prior to Russia’s invasion of the Ukraine back in 2021, two NATO warships had their positions spoofed while in port in Odessa, after they had been conducting exercises in the Black Sea with Russian military ships nearby.  

Another GPS vulnerability is jamming, which is when a malicious actor sends a powerful radio signal to interfere with the GPS signal, causing it to be lost or distorted. Given the relatively weak signals that come from the space-based GPS signals, a jammer can often be small in size – and simply need to use the same frequency as GPS to emit a radio signal that causes interference, overpowering the GPS signal. This can disrupt communication and navigation systems, leading to potential accidents, and chaos. Small jammers (while illegal), can be purchased online – and are frequently used by individuals who do not want to be tracked (e.g., truckers who don’t want to be tracked by their employers). On a larger scale, not only has Russia been jamming GPS in and around the Ukraine since the invasion (which has caused issues across Europe with flights using GPS), but back in October of 2022, there were noted issues of GPS interference around Dallas – causing issues at the Dallas airport and impacting travelers

Recognizing these threats, in the fall of 2022, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has classified PNT vulnerabilities as cybersecurity threats. These threats can often appear as “Denial of Service” or “Man in the Middle” kinds of cyber attacks. Without mitigation strategies (including having a resilient PNT system in place), these kinds of GPS attacks could impact transportation, communication, and critical infrastructure. It is important to address these vulnerabilities by implementing measures to detect and mitigate spoofing and jamming attacks, ideally providing a resilient layer to GPS with complementary PNT technology – including NextNav’s TerrapoiNT