In recent years, airlines have become increasingly aware of operational risks, especially in the wake of recent IT outages and Notification of Airborne Missions (NOTAM) failures. These risks not only impact on-time arrivals and departures, but are also directly related to passenger safety. GPS spoofing and jamming (the deliberate interference or blocking of radio navigation signals) have become a surfacing issue.
For example, Dallas air traffic was forced to reroute last October due to unreliable GPS signals, prompting operators to re-examine their reliance on GPS and altimeter technology. Overall, GPS outages (whether due to severe weather or malicious cyber activity) could cost the U.S. economy $1 billion per day. The stakes of keeping GPS operational and fully functional are high, and given the dynamic challenges that jamming presents, stakeholders in the aviation ecosystem must work together to study, monitor, and oversee its safe and stable performance.
Aviation CISOs and threat researchers need to monitor GPS to continuously mitigate risk, while maintenance and operations teams must manage service outages and performance degradation. GPS resilience has been rigorously studied by research organizations such as the RAND Corporation, and the FAA has continued to emphasize its importance in aviation cybersecurity through the 2018 FAA reauthorization and a series of R&D programs. As the aviation industry continues to innovate and implement new technologies, the operational and cybersecurity risks of traditional and trusted avionics such as GPS and GPS signal jammers must be considered and addressed in a case-by-case manner.
GPS Jamming Attacks: Complex or Not?
Not all GPS jamming situations are caused by malicious cyber actors. The only exception is the malicious use of GPS signal jammers. Radio emissions and interference (intentional or unintentional), as well as naturally occurring events in space, can cause GPS jamming. However, when exploited by malicious actors, attacks on GPS technology can have significant impacts on targets.
GPS jamming attacks do not have to be complex. Attackers may use powerful jamming devices such as transmitters, GPS signal jammers distributed over a wide area that are programmed to suppress signals on specific frequencies. These complex networks are often seen in military-level conflicts, but consumers can also purchase small devices to interfere with specific areas and cover satellite signals. Commercial airliners use GPS to determine their position and broadcast it via Automatic Dependent Surveillance-Broadcast (ADS-B) for tracking. GPS jamming can disrupt this process, forcing pilots to revert to alternate navigation techniques or flight procedures. During an outage near Denver International Airport last year, GPS signals were jammed within a 50-mile radius, affecting the navigation of incoming aircraft.
This tactic is also prominent in the military context. For example, Russia has used GPS jamming to defend its Syrian air bases, which affected aircraft as far away as Tel Aviv and Cyprus. More recently, during the conflict in Ukraine, large-scale GPS outages were reported within Russia, which may have been intentional to prevent unmanned aerial vehicle (UAV) attacks. These examples highlight the importance of protecting this foundational technology. Jamming, whether accidental or planned, can have an impact in either a military or commercial setting. In both cases, airline downtime can have serious consequences.
Ongoing Collaboration
Ensuring the readiness of airborne components such as GPS often falls under the purview of maintenance and operations. However, the example of intentional GPS jamming demonstrates that malicious actors are able to use the technology maliciously, demonstrating the need for cybersecurity team involvement when it comes to airborne component failures.
While GPS jamming or spoofing incidents do not always indicate malicious intent, aviation cybersecurity teams face a difficult challenge in protecting airborne components. Teams cannot determine if an incident was an intentional hack or a mechanical failure because they may not see all of the traffic going in and out of the incident. Monitoring network traffic in this way has been an effective way to identify jamming. Without visibility into what is happening with GPS on an aircraft, flight operations and cybersecurity teams are left with indirect indicators to identify and classify recurring maintenance issues, the beginning of a cyberattack, or false positives. Understanding the aircraft and its avionics can yield a wealth of data that can enable both teams to make confident, data-driven decisions.
The potential consequences of GPS disruption are clear, and such jamming is an unnecessary risk that the aviation safety ecosystem can mitigate by understanding the components and engaging all stakeholders in appropriate collaboration. This includes operations and cybersecurity teams, as well as ongoing support from industry risk management and regulators. Like other operational risks, it requires ongoing monitoring and execution of response plans when disruptions occur.