Spirent Communications plc warned of the increased likelihood of disruptions this year to a wide variety of civil and military applications relying on global navigation satellite systems (GNSS) – GPS, GLONASS, Galileo, and BeiDou. The prediction of greater risk from hacking and location spoofing attacks by criminal, state-sponsored, and other adversaries is part of Spirent’s annual security forecast for 2017. The forecast also highlights the continued risk of distributed denial of service (DDoS) attacks on Internet of things (IoT) devices and industries, including health care and automotive, that Spirent believes are the prime targets for security threats in the near future.
Last year, Spirent’s predictions for 2016 led off with a prescient warning about the increased risk of cyber espionage, which has since been borne out, most notably by news reports of suspected activities by the Russian government to influence the 2016 U.S. presidential election. Also as predicted, in 2016 threats from ransomware, malicious insiders, and compromised IoT devices increased, as did attacks on industrial control systems. For example, FBI sources reported on CNN that losses attributed to ransomware in the U.S. were set to exceed $1 billion by the end of 2016. That number is expected to grow in 2017.
In addition to an increased likelihood of GNSS interference, Spirent’s annual security forecast for 2017 predicts an expansion of risks from:
“With the greater drive towards use of autonomous vehicles, which rely heavily on precision GPS positioning and timing, threats posed by signal spoofing, jamming, time tinkering, and more could result in serious disruptions and worse,” said Sameer Dixit, senior director of security consulting at Spirent. “The transportation industry is taking this very seriously and already looking at various ways to protect against these threats. Because of this, we see momentum towards improving GNSS security in 2017.”
According to an article in Defense One, Timothy Bennett, a science-and-technology program manager at the Department of Homeland Security, has already reported the use of GPS spoofing and jamming equipment by Mexican drug cartels along the border to interfere with the U.S. Customs and Border Protection agency’s use of drones to patrol the area. Unlike the larger drones designed to military specifications, the smaller drones used for this purpose are more vulnerable to these kinds of attacks.
Spirent’s global network of GPS interference detectors has recorded more than 15,000 interference events since it was deployed in 2015, including a surprisingly high number of unintentional events caused by various forms of interference in the GPS L1 frequency band. A significant number of these unintentional events, which often correlate with transmissions from nearby RF transmitters and telecom equipment, have the potential to interfere with GPS signal reception.
Dixon noted one bright spot on the horizon: the increasing awareness up and down the technology food chain of the importance of security in these systems, and the entry of large, experienced, and security-conscious players into the IoT arena.