Is the security of navigation at risk? A look into GPS spoofing in the maritime industry.
The maritime industry needs GPS.
We need accurate answers to the questions ‘where are we?’ and ‘where are we going?’ at all times on the water.
These questions apply whether you’re piloting a large vessel into port, or driving to a new restaurant across town. One way we answer these questions is with GPS. But your GPS system may not always be telling you the truth. GPS is being interfered with globally.
One of the more concerning techniques is GPS spoofing.
What is spoofing?
GPS spoofing is when a fake GPS signal is sent to a receiver antenna to trick a system into reporting its location incorrectly. GPS systems are generally designed to use the strongest GPS signal received, so spoofed signals override the true signal being sent from a satellite.
It differs from jamming, which blocks a GPS signal completely. With a jammed signal, you’ll stop receiving any GPS signal at all, something you or your equipment is more likely to notice. When your signal is being spoofed you may not notice until it is too late.
Why is spoofing a risk?
GPS was originally developed by the US Department of Defence and was made publicly available in the year 2000. Other countries quickly jumped onto the satellite navigation bandwagon as they realized its usefulness in both military and civilian operations, e.g., China’s Beidou, Russia’s GLONASS, and the EU’s Galileo.
We’ve now integrated GPS use into our lives to such an extent that it’s near impossible to imagine navigating without it.
Every critical industry (banking, finance, transport, logistics, healthcare) is now reliant on GPS to work. All are vulnerable to spoofing.
Spoofed signals can be created using relatively cheap equipment and software on a laptop. You could spoof a GPS signal from your bedroom.
Surely GPS is not that easy to spoof…
If you type “GPS spoofing” into Google, you’ll easily find instructions on how to spoof your own location. Open up the Google Play Store or the Apple Store on your phone and search for GPS spoofing apps. There are countless spoofing apps available. Some have over 10 million downloads.
If a teenager can successfully spoof GPS while gaming, what could a talented hacker or a nefarious group with deep pockets be capable of?
We are already seeing the answer.
GPS spoofing is happening around the world, to protect government officials from security risks, to hide imports and avoid sanctions, and to interfere with military exercises.
GPS spoofing recent examples:
2016 – Ships near the Kerch Strait report GPS signal issues while Putin is visiting nearby.
2017 – GPS spoofing in the Black Sea is reported by 20+ ships near the Russian coast.
2017 – Uber customers in Moscow report GPS issues and being charged for long trips they didn’t take.
2018 – GPS signal issues are once again reported in the Kerch Strait. Meanwhile, US military drones in Syria report GPS signal jamming.
2018 – During NATO exercises in Finland and Norway, pilots report GPS signal issues near the Russian border.
2018 – Red Flag, an American Air Force war game, creates a mass GPS outage to give realistic fighting conditions to participants, impacting civilian GPS use across Western states.
2019 – GPS spoofing at Chinese Oil terminals is reported. The Centre for Advanced Defence Studies (C4ADS) finds this impacted hundreds of ships. Strava, a popular running app, also experiences GPS issues from users out for their morning runs nearby.
2020 – A luxury residence near the Black Sea (suspected as the holiday home of Putin), is identified as a hot spot for GPS spoofing, impacting ships nearby.
2021 - Kids around the world use GPS spoofing to cheat Pokémon Go.
You’re telling me that GPS, which is a national security threat if tampered with – is not secure?
Well, yes. Also, those players on the Pokémon leader board might have cheated.
But there’s a solution, right?
Yes and no.
There are actions you can take to decrease spoofing risk on your vessel.
Ensure your cyber risk management plan is a part of your ship’s safety protocols (this is required by the IMO already for some vessels).
Ensure ship crew are proficient with other navigation aids so they can cross-check information if GPS doesn’t seem right. Equip your ship with quality navigational aids.
Know the area you are sailing into. If it’s a hotspot for GPS spoofing activity, be vigilant.
If you notice something is amiss, report it right away. The more detail the better.
Okay great, you’ve implemented all of the above.
Well done.
But don’t get too comfortable just yet.
There are no completely foolproof methods to avoid GPS spoofing because GPS satellites weren’t designed to protect against it.
The US, concerned about the threats of GPS interference, is investing in a number of projects to counter this. Some countries are reinstating updated versions of LORAN as a backup to GPS, (a technology that was used in WWII times).
For us here at Navicom Dynamics, we love GPS. We use satellites for our precision navigation systems to work. A passion for providing accurate, reliable precision navigation systems is what built our company. We care about the “Where are we?” and “Where are we going?” questions and we create Portable Pilot Unit (PPU) systems to answer these so that you can have ease of mind on the water.
A PPU system can’t protect you against GPS spoofing attacks.
But they can give you a secondary source of accurate information to aid in navigation. It’s an additional, and necessary, layer of safety for you, your crew, and your vessel.
If you care about being safer on the water, get in touch with our sales team at sales@navicomdynamics.com for a discussion about our Portable Pilot Units and precision navigation systems.