SlideShare una empresa de Scribd logo

GPS/GNSS jamming and spoofing mitigation best practices and strategies

ADVA
ADVA

In this WSTS session, Nino De Falcis discussed how operators can protect their synchronization networks against GNSS timing becoming unreliable due to jamming and spoofing attacks. He covered how these attacks are accomplished, and recommended best practices for assessment and implementation of mitigation strategies, including suggested solution architectures.

Tecnología
1 de 15
Descargar para leer sin conexión
GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
© 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
© 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
© 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
© 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
© 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
© 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
© 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
© 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
© 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
© 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
© 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
© 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
© 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com

Recomendados

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 

Recomendados

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Más contenido relacionado

Más de ADVA

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 

Más de ADVA (20)

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clock
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networks
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networks
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edge
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANO
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterprise
 

Último

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Último (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

GPS/GNSS jamming and spoofing mitigation best practices and strategies

  • 1. GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
  • 2. © 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
  • 3. © 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
  • 4. © 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
  • 5. © 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
  • 6. © 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
  • 7. © 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
  • 8. © 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
  • 9. © 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
  • 10. © 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
  • 11. © 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
  • 12. © 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
  • 13. © 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
  • 14. © 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
  • 15. Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com