December 2019, ScientificAmerican.com 41LOCKHEED MARTIN (
1 ); CHANG W. LEE
New York Times
and
Redux Pictures (
2 )
DEPENDENCE BECOMES A TARGET
the Current gPs is a network of 31 satellites known as Navstar,
operated by space squadrons of the U.S. Air Force. To maintain
accuracy, the squadrons deliver Coordinated Universal Time to
the satellites, via a network of four antennas from Cape Canav-
eral to Kwajalein Atoll, up to three times a day as the satellites
fly overhead. Thanks to each satellite’s payload of atomic clocks,
the time they keep is accurate to under 40 nano sec onds—after
adjustments are made for general relativity, which makes the
satellites’ clocks tick about 45 micro sec onds a day faster than
clocks on Earth, and special relativity, which makes them tick
seven microseconds slower.
Each satellite continually broadcasts a binary code on two
frequencies. One frequency is for the military and requires a de-
cryption key. The other is for civilian use and is unencrypted.
Signals on both frequencies contain data packets that encode
the time, the satellite’s position at the moment of transmission,
and the orbit and status of the other satellites. The GPS receiverin a smartphone figures out its location by calculating how long
it takes the radio signals to travel from the transmitting satel-
lites, which provides their distances from the phone. A mini-
mum of four signals is required for a receiver to accurately de-
termine its position and time, which is why you might lose your
handy navigation guide amid the skyscrapers of lower Manhat-
tan or the narrow alleyways of Venice. Critical infrastructure in
the U.S. has numerous receivers that synchronize operations.
Hackers can jam a signal by drowning it out with meaning-
less noise, or they can spoof it by feeding the receiver false time
or coordinates, which will disorient the receiver in time or space.
Once one device has lost the correct time, it can send the spoofed
time to other devices on its network, throwing off the entire
complex and degrading its operation.
Industry is especially reliant on GPS because it is the most
accurate timekeeping method on Earth and it is free. In the
days before GPS, electric-grid operators could only estimate the
load on their transmission lines, which led to inefficiencies; to-
day GPS timing allows them to track the state of the grid and
optimize operation in response to real-time demand. Financial
markets once set their system time to a clock on the wall. Inac-
curate timekeeping and uncoordinated transactions were wide-
spread even after trading became computerized because early
software used a clock inside a computer that was aligned by
hand to the official time of the National Institute of Standards
and Technology (nist), the country’s timekeeper. Today’s finan-
cial systems, from a corner deli’s credit-card machine to stock
markets, use GPS to time-stamp and verify transactions, freeing
retailers from the need to transmit sales at the end of the day
and enabling the worldwide, ultrahigh-frequency trading so
prevalent now.
Cell-phone networks use GPS to break up, deliver and reas-
semble packets of data and to hand off calls from tower to tower
as a phone moves. Electronic medical records are time-stamped
with GPS time. Television networks use GPS to prove to advertis-
ers that their commercials ran during the time slots they paid
for. Worldwide, more than two billion GPS devices are used.
The great dependence on GPS is a tempting target. GPS is
vulnerable and provides an opportunity for mayhem, and the ca-
pability to disrupt it has been shown. The only uncertain factor
is whether an angry individual or group would choose GPS as a
vehicle for an attack. The answer increasingly seems to be yes.
“We now have ongoing demonstrations of state-sponsored spoof-
ing,” Humphreys says.
One of those states is Russia. In March the Center for Ad-
vanced Defense Studies, a Washington, D.C., research nonprofit,
identified nearly 10,000 incidents originating at 10 locations
that included the Russian Federation, Crimea and Syria. Experts
in the U.S. government and in academia say Iran and North Ko-
rea also have the capability. “Lots of countries and organizations”
have it, Goward says.
A government adviser who has repeatedly warned Congress, a
former executive at a defense contractor, and a former federal of-
ficial who was speaking on background told SCientifiC AmeriCAn
that a coordinated spoofing-jamming attack against various sys-
tems in the U.S. would be easy, cheap and disastrous. “It can be
exercised on a massive and selective scale,” Goward says. A spoof-
ing device costs about $5,000, and instructions are available on-
line. Yet it is difficult to defend against: “Even a relatively trivialGPS SATELLITES ( 1 ) provide intricate timing for data centers
such as this one ( 2 ) in Secaucus, N.J., that coordinate transactions
for major stock exchanges.12© 2019 Scientific American