Bloomberg by Paul Tullis
The small satellite network, which keeps global computer systems from freaking out, is shockingly vulnerable to all kinds of interference.
Duke Buckner was enjoying his breakfast at the Renaissance Tel Aviv Hotel, looking out on the city marina, on the day that time stuttered. Buckner oversees marketing and business development for Microsemi Corp., an American communications and defense contractor, and he gets a copy of emailed error reports for its equipment. It’s rare to get more than one in a given day. But on the morning of Jan. 26, 2016, they flooded his inbox. He forgot about breakfast.
The complaints had to do with Microsemi’s timing receivers for the Global Positioning System, the ubiquitous satellite navigation technology that was built for the U.S. military and has found its way into all our pockets. GPS isn’t just for maps. It’s also a kind of vast, spaceborne clock. Computers all over Earth use it to determine what time it is, down to billionths of a second. When there’s the slightest disagreement among those computers, things fall apart.
Microsemi’s timing receivers were frantically issuing error messages because of just such a discrepancy. “In normal operation, these things don’t generate alarms for years,” Buckner says. “So when one goes off a lot of times, people don’t know what to do.” Over the next 11 hours, cellphone towers lost their connections, U.S. police and fire stations reported communications errors, BBC radio signals were interrupted, and the telescope that tracks asteroids in Earth’s orbit went offline.
The root cause was a bug in the GPS network. When the U.S. Air Force, which operates the 31 satellites, decommissioned an older one and zeroed out its database values, it accidentally introduced tiny errors into the database, skewing the numbers. By the time Buckner’s inbox started blowing up, several satellites were transmitting bad timing data, running slow by 13.7 millionths of a second.
Each satellite carries several atomic clocks that are supposed to measure time by tracking how often the electrons at its core jump from one energy state to another. The satellites then transmit that data, along with their locations in orbit, toward Earth. On the ground, the GPS receiver in your phone relies on the consistency of those ultraprecise calculations to determine where you are, where the nearest decent bowl of pho is, and so on. (Yes, Einstein fans, the receiver accounts for the space clocks ticking a little slower than the ones on Earth.)
It’s tough to overstate how GPS-dependent the world economy has become since the U.S. Department of Defense started giving the service away to the public in 2000. There are 2 billion GPS receivers in use around the world, a number that Europe’s satellite navigation agency estimates will hit 7 billion by 2022. Along with the telecommunications industry, banks, airlines, electric utilities, cloud computing businesses, and TV broadcasters require constantly precise GPS timing. Emergency services do, too, as do military forces. The U.S. Department of Homeland Security has designated 16 sectors of infrastructure as “critical,” and 14 of them depend on GPS.
A few other satellite-navigation systems in place are working on or have backups in place: Galileo (operated by the European Union), GLONASS (Russia), and BDS (China). Only the Russian system claims global coverage, though.
Most critical services, and financial markets, have backups—their own atomic clocks, perhaps, or connections to slightly less precise tools. But some of those backups depend on GPS timing, and might last only a few minutes. “GPS is the single point of failure for the entire modern economy,” says Representative John Garamendi, a California Democrat who’s been warning about the hazards for years as a member of the House committees on armed services and on transportation and infrastructure. “No cellphone, no ATM machine will work.”
The 11-hour run of intermittent chaos that ruined Buckner’s breakfast was just a hint of what’s possible. That was an innocent mistake, after all, not a concerted attack on the GPS network. Yet U.S. politicians have done little to safeguard the system since then.
Besides Garamendi, one of the loudest voices pleading to shore up GPS vulnerabilities is Dana Goward, who runs the nonprofit Resilient Navigation and Timing Foundation. (Founded in 2013, it’s backed by defense contractors and related companies.) A former Coast Guard helicopter pilot, Goward doesn’t equivocate when asked what a widespread GPS outage would mean. It’s like ignoring warnings to reinforce airplane cockpit doors before Sept. 11, he says, or the alarms about New Orleans’s creaky levees before Hurricane Katrina: “People will die.”
Schriever Air Force Base, a few miles east of Colorado Springs, is home to the 2nd Space Operations Squadron. 2SOPS, as the squadron is known, operates the GPS network from a single room behind two passcoded doors, an armed guard, barriers that can rise from the driveway to block vehicles, and three chain-link fences topped with razor wire.
In the operations center one day in June, eight uniformed airmen and two civilian contractors are getting ready to conduct a “pre-pass,” a routine test to ensure the satellites can communicate. Each of the airmen has secret or top-secret clearance, and visitors must pass a background check. The language of 2SOPS is, unsurprisingly, heavy on acronyms.
“Pre-pass SV 15!” says the satellite system operator.
“C/L1-8 Step 4 listen up for pre-pass,” responds the mission chief.
“Active now, SV 15, CAPE A string, SSO 1, alternate visibility at DIEGO, VSOH/NAV/MOD/GBD, no applicable CIFs/TPs,” says the system operator.
2SOPS typically relays a new navigation message to each satellite once every 24 hours to make sure it’s accurate, using a network of 11 antennas around the world. In between, the unit monitors the GPS network for quirks and defects, based on precise navigation and timing signals the airmen send the satellites every 1.5 seconds. It’s repetitive work that runs the risk of becoming mindless, says Lieutenant Colonel Stephen Toth, who runs 2SOPS. “With repetition can come complacency,” he says. “You need to pay close attention to make sure it doesn’t creep in.”
Lots of things can scramble the satellites besides some stray numbers in a database. Solar flares. Space debris. And, perhaps, hostile foreign powers. The Pentagon started to regard the satellites themselves as a potential target in 2007, when China obliterated one of its own aging weather satellites using a missile. North Korea, Iran, and Russia are also said to have developed satellite-busting weaponry. In an effort to guard against hacking, 2SOPS has added the position of cyberdefense operator, and the military is expanding related training for the satellite operators.
In June, President Trump surprised a meeting of the National Space Council, a committee so new it doesn’t have a website, by announcing his intention to create a Space Force, a sixth division of the military to complement the Air Force. This was over the objections of his defense secretary, and it may have a tough time winning approval from Congress, which last year rejected just such a proposal. But the threats aren’t difficult to imagine, and the U.S. is ill-prepared for them. While there are protocols and international agreements that dictate what to do when a Russian fighter jet flies too close to an American jet over Syria or a U.S. Navy vessel runs aground in Chinese waters, there’s no rulebook for what happens when a foreign satellite’s activity appears potentially hostile.
On the receiver side, GPS signals are weak enough to be clouded by pigeon poop on cellphone towers—or jammed by miscreants using hardware that’s surprisingly easy to obtain. Although the hundreds of varieties on the market are illegal in most countries, the European Global Navigation Satellite Systems Agency tallied roughly 50,000 incidents of deliberate jamming in the last two years, mostly truckers and ride-hailing drivers trying to hide their locations from employers during breaks. It’s assumed jamming was the cause of more than 40 airliners’ loss of GPS when nearing runways at Manila’s Ninoy Aquino International Airport in July and August of 2016. All landed safely by eyeballing their approaches, but the weather isn’t always so forgiving.
The most insidious tactic on the ground is GPS spoofing, using malicious software to broadcast phony signals and fool the receiver on, say, an aircraft into thinking it’s somewhere, or somewhen, that it isn’t. Such methods “would certainly work against Ubers, Waymo’s self-driving cars, delivery drones from Amazon,” and more, says Todd Humphreys, an aerospace engineering professor at the University of Texas at Austin.
In the world of finance, subtle spoofing could foul up everything from a convenience store’s credit card reader to the entire New York Stock Exchange. “If you change the reference time dramatically, everybody’s going to notice,” says Andrew Bach, who used to oversee the NYSE’s network services. “The thing people get concerned about is, what if someone very gently drifts time ahead or back for the purpose of injecting confusion into the operations of the financial industry?” Even though most major Wall Street companies have their own atomic clocks to backstop GPS timing, introducing subtle anomalies could spook the algorithms that run the world of high-frequency trading, sparking a mass sell-off.
Spoofing by hostile foreign powers is a concern for the Pentagon, too. During a 2012 demonstration, stunned Homeland Security officials watched as Humphreys and colleagues hijacked a drone by giving it false GPS coordinates and leading it away from its intended path. Russian military forces are able to spoof drones over Syria and the Black Sea, says a person familiar with the matter.
The Air Force says spoofing isn’t really its responsibility, that 2SOPS’s job is just to maintain the signal from the GPS network, not ensure that receivers can read it accurately. Yet no other government agency is in charge of trying to mitigate the effects of jamming and spoofing. It’s been left to businesses like Microsemi to develop relevant antispoofing firewalls and keep them updated. DHS says it provides support and technical expertise to operators of critical infrastructure, but only on request. Mostly, the department says, it’s up to businesses to make sure they have backup plans.
That’s unrealistic, according to Goward, the lobbyist. “Everyone we’ve talked to in all industries sees this as a government responsibility, and none that we know of, other than core financial services, is able to withstand any significant disruption for any significant period of time,” he says. The corporate attitude seems to be one of mutually assured destruction, he adds, as in, “I’m not gonna get blamed. The Air Force or the government’s gonna get blamed. So why should I spend money on it?”
An hour north of the Air Force base, in Waterton, Colo., sprawls a Lockheed Martin Corp. facility that dates to 1955, when it was isolated enough for missile testing. Today, Denver’s suburbs edge up almost to the fence around its 5,600 acres. Among the 185 structures on-site, the company recently built a $128 million, 40,000-square-foot cleanroom. Inside, past the armed guards, a half-dozen workers in calf-length jackets, hairnets, and shoe coverings, all antistatic and lint-free, are assembling the next generation of GPS satellites.
The Air Force has approved the first GPS 3 satellite for launch, and Lockheed expects another to get the OK this summer, once it completes vacuum tests behind a three-story door just off the cleanroom. The tests mimic the conditions of outer space using pumps and cold or hot air, yielding low pressures and temperatures ranging from -238F to 302F.
The GPS 3 satellites are designed to last 15 years, 25 percent longer than the current generation, which have far exceeded their life expectancy thanks in part to careful fuel management. The GPS 3s also provide a signal eight times stronger, which makes it tougher to jam, with triple the location accuracy. But they still lack the two strongest antispoofing technologies on the market, both essentially extra layers of security to detect attacks and prove signals and navigation messages are legit. Two colonels with Air Force Space Command agreed to discuss GPS vulnerabilities in an interview but canceled the day before it was scheduled. A spokeswoman says the change was “due to the current environment and the sensitivity around some of the questions” and that one of the encryption methods “is currently being examined.”
Although it would help if the government went with the better encryption techniques, it would be safer to reduce the world economy’s dependence on GPS, says Garamendi. He’s been pushing for years for the federal government to build a backup ground-based radio network called Enhanced Long-Range Navigation (eLoran). It would deliver stronger signals than those from GPS, and Congress estimates it would cost taxpayers $200 million. South Korea says it will have eLoran coverage by 2020.
There’s been no serious effort to set up the backup system in the U.S., even though military officials briefed members of Congress on GPS vulnerability by 1997. George W. Bush’s Homeland Security team announced plans for an eLoran system in 2008, but the funding fell out of Barack Obama’s recession-strapped first budget the following year and hasn’t reappeared since. James Platt, director of the DHS position, navigation, and timing office under Trump, says his office ought to define the requirements for a backup system before it begins evaluating whether eLoran is the best option.
Garamendi, the Democratic congressman, has been left to try to fold the funding into military spending bills without DHS support. “It’s just organizational reluctance of federal agencies to pick up a new task,” he says. If they don’t, Trump’s Space Force may well be flying blind—and Duke Buckner can sell lots of atomic clocks. Not that he’s super excited about it.
No comments:
Post a Comment