The Maritime Sector Maritime Information Systems Risks News About Services Contact FR

Contents

Cyber risks associated with satellite positioning systems

 included in  News  Risks
   880 words   5 minutes 

Context

Today, the relatively low cost (a few tens of euros for a basic receiver), the miniaturization of hardware, and the widespread availability of GPS receivers have led many to assume that this global infrastructure will always be available. These advantages have also enabled the rapid expansion of GPS usage across many sectors where it was previously absent: healthcare, pet tracking, sports, agriculture, domestic robotics such as lawn mowers, photography, and even port cranes (see also this article). As a result, it is now difficult to estimate how many GPS receivers are currently deployed worldwide.

What is sometimes overlooked is that GPS is not only about positioning. Alongside precise positioning, GPS also provides extremely accurate timing information. Many sectors of industry rely—sometimes unknowingly—on GPS as a time reference. This timing information will become even more critical with the deployment of technologies such as 5G, which require extremely precise clock synchronization.

However, the easy availability of GPS receivers and the rapid development of software-defined radio have also made it easier to build low-cost GPS spoofing and jamming solutions. Techniques that were once accessible only to governments are now widely documented online, and the necessary equipment can sometimes be purchased for only a few hundred euros. As a consequence, the number of GPS spoofing and jamming incidents is increasing (see here for several examples), while effective countermeasures are still emerging.

GPS and the maritime sector

Alongside aviation, the maritime sector is probably one of the industries most dependent on satellite navigation systems, collectively known as Global Navigation Satellite Systems (GNSS).

This dependency has increased over time as the convenience of GNSS has led to the gradual abandonment of traditional offshore navigation techniques, particularly those based on radio navigation systems. International regulations have also reinforced this trend. Under the IMO’s SOLAS convention, vessels subject to the convention are required to carry a GNSS receiver.

Today, a large proportion of commercial vessels rely on GNSS receivers, and the rapid growth of the recreational boating and fishing industries has further accelerated adoption. GNSS has effectively become the default mechanism for determining a vessel’s position, speed, and heading. In some cases it has replaced traditional instruments such as logs and compasses, with data integrated into navigation systems like ECDIS (Electronic Chart Display and Information System) and broadcast to other vessels through AIS.

An example illustrating the risks associated with GNSS anomalies can be found in the port of Shanghai, where unusual GPS disruptions created phantom vessel movements (see this article).

In 2017, a study commissioned by the UK government estimated that a five-day global disruption of GNSS could cost the UK maritime economy approximately £1.1 billion. One of the key reasons for this impact lies in the dependence of port logistics on satellite positioning, particularly for container handling cranes. Without GNSS positioning, loading and unloading operations could be severely disrupted.

Beyond port operations, the maritime sector faces additional risks linked to GNSS disruption, including impacts on telecommunications systems and time synchronization mechanisms.

The difficulty lies in assessing these impacts realistically. Conducting a full-scale spoofing or jamming exercise in an operational port environment would obviously be problematic.

Nevertheless, the maritime sector traditionally emphasizes resilience. At sea, crews must be able to rely on alternative navigation methods when necessary. In theory this includes returning to traditional techniques such as celestial navigation, although these skills are increasingly rare in daily operations (though still taught in some cases).

Faced with the risks associated with GNSS dependency, the U.S. Navy reintroduced celestial navigation training after having largely abandoned it in the early 2000s (source).

Another important consequence is the cascading impact on other systems that depend on GNSS-derived position or time. If GNSS positioning becomes unavailable:

  • AIS data may become unreliable
  • systems synchronized via NTP may drift
  • vessel positions displayed on ECDIS may no longer be accurate

Such failures can significantly increase the risk of collisions or groundings.

Countermeasures

How can organizations mitigate the risks associated with GNSS spoofing or jamming?

  1. Clearly identify how dependent operations are on GNSS for both positioning and timing. The threat level may vary depending on the vessel’s location; certain regions—such as conflict zones—are more exposed than others.

  2. Monitor relevant warning channels. Alerts about GNSS disruptions, spoofing, or jamming may be transmitted via systems such as Inmarsat-C, NAVTEX, or maritime safety broadcasts, although these alerts sometimes arrive late.

  3. Consider using multi-constellation navigation systems, combining GPS with alternatives such as GLONASS or Galileo.

  4. Incorporate GNSS disruption scenarios into business continuity and incident recovery plans.

  5. Ensure that crews, ship operators, and port authorities are trained to recognize and respond to GNSS anomalies, including how to detect, report, and mitigate potential disruptions.

  6. Deploy anti-jamming technologies, such as CRPA (Controlled Reception Pattern Antenna) systems. These antennas are becoming increasingly available on the market. See this research presentation and this article discussing their performance.

A final point often raised concerns whether GNSS spoofing or jamming should be considered a cyber risk. From the moment such interference affects an information system—such as ECDIS or any system relying on precise time synchronization—it becomes relevant from a cybersecurity perspective. Much like a fire in a data center: the cause may not be “cyber,” but the impact certainly is.

Sources

Updated on 20/04/2020
 GNSSGPSSmartportVulnerabilities
Back | Home