UK warned attacks on GPS systems could hit critical infrastructure

A report from the Royal Academy of Engineering has warned that too much of the UK's critical infrastructure is reliant on GPS tracking systems, and that it should consider supporting the alternatives.

Martyn Thomas, chairman of the Academy's Global Navigation Satellite Systems (GNSS) working group, said that such systems were beneficial and had become omnipresent in a range of products and systems, but warned that too many of them were reliant on the one data source, and thus risked being totally knocked over through error or unavailability.

"Such widespread use of GNSS derived data within our economies means that the secure provision of positional, navigational and timing [PNT] data is now a matter of national security as well as a major economic asset," he wrote in the report.

The report, which was led by Thomas, warned that GPS had been over-adopted because it was easy to use and cheap to procure.

"The range of applications stretches from highly accurate surveying to in-car navigation, and from network synchronisation to climate research," it added.

This is fine until there is a problem with systems, satellites for example, which prevents signals being sent or received, said Thomas. Should this happen, the UK's vulnerability will be exposed.

"The Academy's study has identified an increasing number of applications where PNT signals from GNSS are used with little, or no, non-GNSS-based back-ups available," he explained.

"The trend is for GNSS to be used in a growing number of safety of life critical systems. Unfortunately, the integrity of GNSS is insufficient for these applications without augmentation. Non-GNSS-based back-ups are often absent, inadequately exercised or inadequately maintained."

Failures could result in a number of problems, for example a problem with a telecoms network could result in a potentially life threatening system outage. However, it is perhaps what were described as "deliberate interference" attacks that were of most concern to the report authors.

"As opportunities arise for criminals to make money, avoid costs or avoid detection, it is known that significant effort will be directed towards attacking GNSS-based systems," the report warned.

"The banking infrastructure has already seen such an increase in high-tech attacks and now devotes considerable time and expense to countermeasures."

Likely attacks include the jamming of system or vehicle information to hide a driver's whereabouts, spoofing a signal to mislead admins of a device's location, or rebroadcasting signals from another location.

"Jamming over a small area is easily achieved and it is known that dedicated kit is already readily available for purchase over the internet even though use of that equipment in the UK is illegal," the report warned.

A number of recommendations were made by the authors. They urged operators running critical services to make mitigating risks a major part of their operations, that emergency services review their dependence on satellite systems, and that services create contingency plans for outages.