SlideShare une entreprise Scribd logo

GPS/GNSS jamming and spoofing mitigation best practices and strategies

ADVA
ADVA

In this WSTS session, Nino De Falcis discussed how operators can protect their synchronization networks against GNSS timing becoming unreliable due to jamming and spoofing attacks. He covered how these attacks are accomplished, and recommended best practices for assessment and implementation of mitigation strategies, including suggested solution architectures.

Technologie
1  sur  15
Télécharger pour lire hors ligne
GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
© 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
© 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
© 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
© 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
© 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
© 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
© 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
© 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
© 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
© 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
© 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
© 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
© 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com

Recommandé

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 

Recommandé

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 

Contenu connexe

Plus de ADVA

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 

Plus de ADVA (20)

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clock
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networks
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networks
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edge
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANO
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterprise
 

Dernier

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

GPS/GNSS jamming and spoofing mitigation best practices and strategies

  • 1. GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
  • 2. © 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
  • 3. © 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
  • 4. © 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
  • 5. © 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
  • 6. © 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
  • 7. © 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
  • 8. © 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
  • 9. © 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
  • 10. © 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
  • 11. © 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
  • 12. © 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
  • 13. © 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
  • 14. © 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
  • 15. Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com