SlideShare a Scribd company logo
1 of 15
Download to read offline
GPS/GNSS jamming and spoofing mitigation best practices and strategies
Nino De Falcis, senior director, business development, Americas
WSTS 2021
© 2021 ADVA. All rights reserved.
2
The problem
PNT
cyberthreats
Protecting US critical infrastructure from PNT disruptions*
*Economic cost: $1B/day(1)
(1)Source: RTI & NIST 2019
GPS & US critical infrastructure
Finance
Communications
Power grids
Transportation Data centers
All supported by
© 2021 ADVA. All rights reserved.
3
PNT vulnerabilities
PNT
cyberthreats
GPS/GNSS level Network level
RARE
Cyberattacks
RARE
GPS/GNSS
degradation
causes
GPS/GNSS receiver
Environmental
GPS segment errors
Adjacent-band
transmitters
Spoofing
Jamming
© 2021 ADVA. All rights reserved.
4 *source: DHS
DHS resilient PNT guidelines
Driven by US Federal Executive Order 13905 of Feb 2020
Core functions Functional diagram Resiliency levels
Resilient PNT conformance framework*
© 2021 ADVA. All rights reserved.
5 *source: DHS
DHS anti-spoofing open-source resources
Released on Feb 26, 2021
Spoofing detection library GNSS spoofing detection algorithm
PNT Integrity Library & Epsilon Algorithm Suite*
• Designed for GNSS receiver/time server OEMs
• Provides spoofing detection capabilities for
GNSS PNT sources
• Provides scalable framework for GNSS PNT
manipulation detection
• Allows additional checks to be added as new
threats arise
• Detects inconsistencies in position/velocity/
clock observables provided by GPS receivers
• Enables end-users to have basic spoofing
detection capabilities without any modifications
to the existing GPS receiver
PNT
PNT
© 2021 ADVA. All rights reserved.
6
NIST resilient PNT guidelines
Driven by US Federal Executive Order 13905 of Feb 2020
Core
Core
Desired cybersecurity
outcomes organized in
a hierarchy & aligned to
more detailed guidance
& controls
*sources: NIST.IR.8323 & NIST
Cybersecurity Profile for PNT Services*
Goals
Core
• Guidance and controls
Implementation tiers
• Qualitative measurement
of cybersecurity risk
management practices
Profile
• Alignment of requirements
and objectives, risk
appetite, and resources
Framework
© 2021 ADVA. All rights reserved.
7
Best practice approaches against PNT cyberthreats
Multilayer
detection
Multisource
backup
Fault-
tolerant
mitigation
Resilience/robustness/cybersecurity augmentation
PNT
cyberthreats
© 2021 ADVA. All rights reserved.
8
Four levels of jamming/spoofing detection
Multilayer detection approach
Level 1: GNSS antenna
• Use anti-jam/spoof antennas, with threat alarms
• Add in-line anti-jam/spoof accessories, with threat alarms
Level 2: GNSS receiver
• Use smarter multi-constellation/-band receivers, with jam/spoof &
satellite count monitoring, jam mitigation, spoof detection, etc.,
and threat alarms
Level 3: PNT device
• Use/compare two GNSS receivers, in fixed & nav mode, to detect
location/phase/time change, with spoof alarms
• Monitor/compare/verify multisources (GNSS/PTP), with jam alarms
Level 4: PNT network management
• Manage/monitor/compare/verify all network devices (GNSS/PTP/
etc.) in real-time, with AI/ML-based threat analytics/alarms
PNT
network
management
PNT
device
GNSS
receiver
GNSS
antenna
© 2021 ADVA. All rights reserved.
9
Augmented PNT resilience and robustness
Multisource backup approach
Level 1: PNT device
• Source 1: Use GNSS receiver(s) or DoD M-code receiver
• Source 2: Use local holdover clock (super crystal or rubidium
atomic)
• Source 3: Use external standalone (no antenna) cesium
atomic clock, to provide a trusted ePRTC (enhanced primary
reference time clock) with verified GNSS/PTP sources
• Source N: Use other sources/clocks of opportunity like White
Rabbit (SyncE+PTP), etc.
Level 2: PNT network management
• Source 4: Use/manage network NTP/PTP time feeds
• Source N: Use/manage other sources/clocks of opportunity
like White Rabbit (SyncE+PTP), etc.
PNT Network
managment
PNT device
© 2021 ADVA. All rights reserved.
10
Complete PNT control, visibility and assurance
Fault-tolerant mitigation approach
Level 1: PNT device
• Monitor/compare/verify multisources (GNSS/PTP), with fault-
tolerant failover based on detected GNSS jamming/spoofing
& network cyberthreat alarms
Level 2: PNT network management
• Manage/gather/analyze/visualize all network device data in
real time, then use AI/ML analytics to detect, mitigate &
prevent:
o Jamming/spoofing based on GNSS receiver observables, with threat
alarms
o GNSS environmental obstruction, with threat alarms
• Use a centralized, fault-tolerant network management &
monitoring system at scale, with multisource failover in case of
jamming/spoofing threats
• Gain complete control/visibility of threats across the network,
with a geo map showing compromised/mitigated PNT devices
PNT network
management
PNT device
© 2021 ADVA. All rights reserved.
11
User Level 0 PNT disruptions User Level 1 PNT resiliency
Solution
Problem
Best architecture strategies against PNT cyberthreats
Level 1 resiliency
User User
GPS GNSS (multi-constellations – GPS, Galileo, etc.)
SB (single-band) or
MB (multi-band L1/L2/L5)
Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers
• Fixed & nav mode receivers to
detect spoof events
• MB to mitigate jam events
• Holdover clock: super XO or Rb
• Anti jam/spoof software
Optional
• Anti-jam antenna
• In-line anti-jam/spoof
accessory
© 2021 ADVA. All rights reserved.
12
User Level 1 PNT disruptions User Level 2 PNT resiliency
Solution
Problem
Best architecture strategies against PNT cyberthreats
Level 2 resiliency
Grandmaster - 2 GNSS SB/MB receivers
User
PTP
Network
Monitor
ePRTC
Trusted
GNSS SB/MB
User
GNSS SB/MB
Grandmaster with 2 GNSS SB/MB receivers
• Config same as Level 1 resiliency
PLUS
• PTP network time backup
from ePRTC source
• PTP network time monitor,
with threat alarms
© 2021 ADVA. All rights reserved.
13
User Level 2 PNT disruptions User Level 3 PNT resiliency
Solution
Problem
Best architecture strategies against PNT cyberthreats
Level 3 resiliency
• Config same as level 2 resiliency
PLUS
• Secondary PTP network time
backup
• PTP network time monitor,
with threat alarms
User
PTP
ePRTC
Trusted
PTP
GNSS SB/MB
Grandmaster - 2 GNSS SB/MB receivers
User
PTP
ePRTC
Trusted
GNSS SB/MB
Grandmaster - 2 GNSS SB/MB receivers
© 2021 ADVA. All rights reserved.
14
User Level 3 disruptions User Level 4 PNT resiliency
Solution
Problem
Best architecture strategies against PNT cyberthreats
Level 4 resiliency
• Config same as Level 3 resiliency
PLUS
• Fault-tolerant mitigation
management & monitoring
system for complete APNT
(assured PNT)
• PTP network time feeds self-
reconfiguring for intelligent
backup & APNT
User
APNT
ePRTC
Trusted
PTP
GNSS SB/MB
User
PTP
ePRTC
Trusted
PTP
GNSS SB/MB
Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers
PTP
Thank you
IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation,
direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA.
NDeFalcis@adva.com

More Related Content

More from ADVA

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 

More from ADVA (20)

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clock
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networks
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networks
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edge
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANO
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterprise
 

Recently uploaded

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 

Recently uploaded (20)

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 

GPS/GNSS jamming and spoofing mitigation best practices and strategies

  • 1. GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
  • 2. © 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
  • 3. © 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
  • 4. © 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
  • 5. © 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
  • 6. © 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
  • 7. © 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
  • 8. © 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
  • 9. © 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
  • 10. © 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
  • 11. © 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
  • 12. © 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
  • 13. © 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
  • 14. © 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
  • 15. Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com