DHS publishes resources for safeguarding against GPS hacking

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

Imagine if the global positioning system was somehow hacked. From the Waze app in your pocket to the operation of Navy shops, you might say we’d be in deep trouble. Now some technical whizzes in the Department of Homeland Security’s Science and Technology Directorate have come up with what they call a Positioning, Navigation and Timing Integrity Library to guard against someone trying to spoof the GPS. For more on what it’s all about, technical manager Ernest Wong spoke to Federal Drive with Tom Temin.

Interview transcript:

Tom Temin: Mr. Wong, good to have you on.

Ernest Wong: Good morning Tom, thanks for having me.

Tom Temin: Now we’re talking about spoofing as opposed to what I said perhaps, hacking, and there’s a difference there. Tell us what it is.

Ernest Wong: Yeah. And that’s a good question. To start off with, probably the best way to make the distinction would be to compare it against GPS jamming. And if you’d throw into buckets, jamming would be considered denial, whereas spoofing would be considered deception. So if you’re in a vehicle with vehicle navigation, when you get jammed, you know what’s going on, you lose your GPS position, and you realize you have to go find some alternate means of knowing where you are, and how to get there. When you get spoofing, that’s all about deception. So if someone were to spoof you, they’re going to tell you that you are at a position that you’re not or that it’s time that it’s not. So instead of making that turn in maybe half a mile, you might make it in 50 feet. So when you’re making decisions on faulty information, that can have consequences.

Tom Temin: And how do people spoof what is a GPS signal? How do they go about that?

Ernest Wong: So the technology is getting quite easy these days, used to be more of a, I guess, emerging threat. But now as technology evolves, and knowledge is growing, it’s pretty approachable. So with probably about $500, you can get software defined radio. And the code is also available out there in GitHub and other open source repositories.

Tom Temin: Okay, so you have developed something called the PTN Integrity Library. Tell us what that is, and then maybe how it works.

Ernest Wong: Sure. If you’re trying to protect yourself against GPS spoofing, one of the first things you need to be able to do is to recognize that it’s going on. And so the PNT Integrity Library is a suite of spoofing detectors, so basically sensors, and there’s different ways you can detect it. So with this PNT Integrity Library, an equipment manufacturer, for instance, could take these algorithms, which are open source and free to use on GitHub, that we’ve posted to CISA’s GitHub. And if they were to use these algorithms and provide end to end solution for detecting GPS spoofing.

Tom Temin: What is it about the spoof signal that’s different from the GPS signal? Is that the direction it’s coming from since GPS is coming from space?

Ernest Wong: Yeah, so there’s a lot of different ways to detect GPS spoofing, if we want to get into it a little bit. So the first thing you mentioned, there is definitely one of those indicators in terms of what’s the angle of arrival. Oftentimes, a spoofer is going to be generally closer to the earth. So you can tell by the angle, you can tell by the power levels, and also the consistency checks. If someone tries to walk off your position, at a certain rate, perhaps you are in a fixed infrastructure location, you should not be moving. So you can do various types of consistency checks as well to just look for those sorts of anomalies.

Tom Temin: And this integrity library then, where does it live in a system? Where do you put it? How do you install it? How do you use it?

Ernest Wong: So there’s two ways to use this. And this is primarily for industry. So end users can use it if they have the level of sophistication needed. And there are some current structure owners and operators out there that are a little more sophisticated and they built their own systems, and they may not do it this way. But for the most part, we expect that this is something that manufacturers will take, and then perhaps pull the parts that they need and incorporate it into their GPS receivers. And these receivers, if we’re talking critical infrastructure, these tend to be something that you’d mount in a server rack. So they’re pretty large pieces of equipment with multiple components inside of them. So these algorithms would then go into that piece of equipment and provide this detection capability.

Tom Temin: Yeah, so for the armed services, for example, or Homeland Security Department operational aspects, then you would have the capability of having this equipment in place. And with the changing nature of these types of, I guess we can call this a cyber threat, I’m sure the people that are spoofing are always coming up with new ways of doing this. Is this all updatable as new vectors and new technologies are developed by the bad guys?

Ernest Wong: Yeah, that’s a great question. And the PNT Integrity Library was designed specifically to deal with those sorts of issues. So the integrity library is a modular API is a modular framework. So in the future, if there are new types of threats, or if there are better types of detectors, people can write the code for the detector, and then just basically put into the API, and it’s essentially a plug and play.

Tom Temin: Okay. And there’s something else you’ve developed called the Epsilon Algorithm Suite. And what is that, how does that relate to the library?

Ernest Wong: So these are two sets of detection suites or detection algorithms. The PNT Integrity Library is a bit more of an involved one that requires more information into the system. The Epsilon Algorithms are really more of those consistency checks that I spoke about. And so potentially you could deploy this on sort of device that would be almost like an add-on device after your equipment. So instead of replacing your, maybe your PNT device, which could be quite expensive in critical operations, they run thousands of dollars. You might be able just have this add-on device that takes that output from the PNT or GPS system, and basically act as a filter to let you know when there’s something wrong. So it requires less information, it’s easier to integrate.

Tom Temin: And getting back to the integrity library, as you mentioned, it’s on GitHub. So you’re following the open source model in developing this and putting it out. Can other developers, say from other branches of government, for example, say from the intelligence community or DoD, can they also develop and work on and contribute to this in that open source model?

Ernest Wong: Yeah if they would like to. So it’s available on CISA’s GitHub page. And there’s also a link on the S&T PNT program page where there’ll be links to both of these GitHub repositories. And if people want to contribute code, it’s hosted on GitHub itself. So it works just like any other repository where people can submit proposed code changes, and then the maintainers of the repository can review it and accept or not change.

Tom Temin: And by the way, have there been any instances of GPS spoofing so far? Or is this so far, just a potential?

Ernest Wong: That’s always a good question. It’s one that always comes up. And there have been, especially in the last I’d two years, a growing number of public reports from industry trade magazines, academic publications, as well as now we’re seeing a little bit in the big papers like New York Times and other spoofing events that have been reported around the world. For example, the most common force we see, the most well known I’d say, are in the maritime industry. A lot of maritime vessels that operate around the Black Sea do experience a lot of GPS interference, as well as GPS spoofing. That’s quite well known. We’ve also seen reports about GPS spoofing in the Middle East, in mainland China, and in Iran. And so it’s a little concerning that the frequency is increasing rather quickly, and they’re becoming rather high profile. As far as domestically, it’s a little harder to know about those things because spoofing is harder to detect. Jamming is quite easy, because it’s very high power. When it comes to spoofing, it’s certainly low power. And if you’re not looking for it, you may not see it. But we have seen some examples of what can happen when you experience GPS spoofing.

Tom Temin: And is spoofing the biggest threat to GPS? You mentioned, there’s jamming, and there’s spoofing, and I don’t know what else. But what is the biggest threat to the GPS system and the ability to use it?

Ernest Wong: GPS spoofing is definitely an issue. But I’d say the biggest threat to GPS usages is really ourselves and how we use technology. And just like any other technology, oftentimes, we take it for granted. And so GPS is a great technology, and it basically is used everywhere. Within critical infrastructure, within the power grids, and communication sector, in a lot of places that we don’t realize, and we don’t necessarily use it in a secure way. So I think the biggest issue is that we need to raise awareness of these problems, and try and think about how we use GPS more deliberately and deploy them in ways that are resilient so that they can withstand recover, and operate through these sorts of threats.

Tom Temin: Yes, so the library you’ve developed needs to get out more widely than just to Garmin, and the military and the places you think on first.

Ernest Wong: Yeah, so while these libraries are definitely one of the tools that we put out, not the only resource we put out. So a couple months ago, in December of 2020, we also put out the Resilient PNT Conformance Framework. And this is basically the second half of the solution. These detectors, these algorithms that we put out is important for knowing if you’re experiencing some sort of anomaly, but once you know there’s a problem, what do you do about it? If it’s just vehicle navigation, it’s not a big deal in terms of maybe you stop on the map and you move on, or maybe you lose some time in navigation. But when it comes to the electric grid or the communication sector, they can’t stop, right. They have to keep going they have to keep operating. And so this Resilient PNT Conformance Framework is more about how do you build resilient equipment, and be able to withstand these sorts of attacks and continue to operate through them and recover? And so that really is a second piece of the solution. And that’s something that we’ve made available to industry, it’s a document that’s published online at our S&T website. And it’s intended for facilitating development and adoption of resilient PNT equipment.

Tom Temin: Alright, well get that library check it out. Ernest Wong is a technical manager in the DHS Science and Technology Directorate. Thanks so much for joining me.

Ernest Wong: Thanks for having me on.

Related Stories

Comments

Sign up for breaking news alerts