Between recent IT outages and the Notice to Air Mission (NOTAM) failure, airline companies have heightened awareness around operational risks that negatively impact on-time arrival and departures and passenger safety.

GPS spoofing and jamming--or the intentional interference or blocking of radio navigation signals--is an issue that has risen to the surface.

For example, Dallas air traffic was rerouted in October due to unreliable GPS signals but forced the conversation for operators about the reliance on less resilient GPS and altimeter technology. 

Altogether, a GPS outage--whether due to inclement weather or the malicious activity of cyber actors--has the potential to cost the U.S. economy $1 billion per day. The stakes are high for always-on, fully functioning GPS. Given its interference presents dynamic challenges, stakeholders across the aviation ecosystem must research, monitor, and oversee its safe and stable performance. 

Aviation chief information security officers and threat researchers must monitor GPS to continually mitigate risks, while maintenance and operations teams must manage service disruptions and degradation over time.

Research organizations, such as the RAND Corp., have conducted rigorous studies on GPS resilience, while the FAA has continually cited its role in aviation cybersecurity through the 2018 FAA Reauthorization and a series of research and development plans.

As the aviation industry innovates and implements exciting new technologies, the operational and cybersecurity risks of legacy and well-trusted avionics, such as GPS and GPS jamming, must be considered and addressed in context. 
 
GPS-Driven Attacks: Complex or Not?

Not all instances of GPS interference are caused by nefarious cyber actors. Everything from radio emissions and jamming (intentional or otherwise), or naturally occurring events in space can contribute to it. However, when leveraged by malicious actors, an attack on GPS technology could have a significant impact on its target.

GPS jamming attacks aren’t necessarily sophisticated. Attackers would likely rely on a powerful jamming device, such as a transmitter, or many of them spread out over a wide area, programmed to overwhelm signals on a specific frequency. A sophisticated network of these jamming transmitters typically signals a military-grade conflict, though consumers can purchase small, self-contained devices to jam specific areas and override satellite signals.

Commercial airliners use GPS to determine their next location and broadcast it for tracking purposes through the Automatic Dependent Surveillance–Broadcast (ADS-B). GPS jamming disrupts this process, forcing pilots to revert to alternate navigation technologies or flight procedures.

We witnessed this during an outage around the Denver International Airport last year, which weakened GPS signals within a 50-mi. radius and affected incoming aircraft.

The intentional use of these tactics has also been prominent in a military context. For instance, Russia has used GPS interference to defend its Syrian airbase, which impacted aircraft as far away as Tel Aviv and Cyprus. More recently, widespread GPS outages were reported in Russian territory amid the Ukrainian conflict, likely an intentional effort to prevent unmanned aerial vehicle (UAV) strikes.

Such examples highlight the critical nature of defending this fundamental technology. Whether incidental or planned, interference can have an impact in military or commercial settings. In both contexts, any airline downtime can be crippling.
 
Continued Collaboration

Ensuring the readiness of onboard components like GPS is typically in the remit of maintenance and operations. However, examples of intentional GPS interference demonstrate the ability of malicious actors to use the technique nefariously, which signals the need for cybersecurity teams to be involved when it comes to onboard component failure.

While GPS jamming or spoofing incidents typically always indicate malicious intent, aviation cybersecurity teams face an uphill battle in defending the onboard component. The teams are not able to pinpoint if an event is a concerted hacking attempt or something mechanical, as they may not see all the traffic coming into and out of it. Monitoring network traffic in this way has been an effective method used to identify meddling.

Without visibility into what is happening to GPS once it is aboard an aircraft, flight operations and cybersecurity teams can only use indirect indicators to recognize and classify a recurring maintenance issue, the onset of a cyberattack, or a false positive. Gaining visibility aboard an aircraft and its avionics produces rich data which could enable both teams to make confident, data-driven decisions.

The Bottom Line

The potential consequences of GPS disruption are clear, and this type of interference is an unnecessary risk that the aviation security ecosystem can mitigate with visibility into the component and proper collaboration among all stakeholders. That includes operations and cybersecurity teams, along with continued support from sector risk management and regulatory agencies. Like other operational risks, it requires continuous monitoring and the execution of response plans in the event of an outage.

The bottom line is that through collaboration and impactful guidance, we can collectively address GPS concerns.
 
Josh Lospinoso, a former U.S. Army Cyber Command officer, is the co-founder and CEO of Shift5, a data and cybersecurity company that provides hardware and software products to defend operational technology platforms aboard planes, trains and weapons systems.