SlideShare une entreprise Scribd logo

GPS/GNSS jamming and spoofing mitigation best practices and strategies

ADVA
ADVA

In this WSTS session, Nino De Falcis discussed how operators can protect their synchronization networks against GNSS timing becoming unreliable due to jamming and spoofing attacks. He covered how these attacks are accomplished, and recommended best practices for assessment and implementation of mitigation strategies, including suggested solution architectures.

Technologie
1  sur  15
Télécharger pour lire hors ligne
GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
© 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
© 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
© 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
© 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
© 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
© 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
© 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
© 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
© 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
© 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
© 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
© 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
© 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com

Recommandé

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 

Recommandé

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Contenu connexe

Plus de ADVA

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockADVA
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksADVA
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksADVA
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOADVA
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterpriseADVA
 

Plus de ADVA (20)

Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 
Introducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clockIntroducing the market's first high-performance optical cesium clock
Introducing the market's first high-performance optical cesium clock
 
Best practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networksBest practices in synchronizing IP-based packet broadcast networks
Best practices in synchronizing IP-based packet broadcast networks
 
Achieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networksAchieving resilient and assured PNT in secure information networks
Achieving resilient and assured PNT in secure information networks
 
Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edge
 
Introducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANOIntroducing Ensemble SaaS MANO
Introducing Ensemble SaaS MANO
 
O-RAN and the enterprise
O-RAN and the enterpriseO-RAN and the enterprise
O-RAN and the enterprise
 

Dernier

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

GPS/GNSS jamming and spoofing mitigation best practices and strategies

  • 1. GPS/GNSS jamming and spoofing mitigation best practices and strategies Nino De Falcis, senior director, business development, Americas WSTS 2021
  • 2. © 2021 ADVA. All rights reserved. 2 The problem PNT cyberthreats Protecting US critical infrastructure from PNT disruptions* *Economic cost: $1B/day(1) (1)Source: RTI & NIST 2019 GPS & US critical infrastructure Finance Communications Power grids Transportation Data centers All supported by
  • 3. © 2021 ADVA. All rights reserved. 3 PNT vulnerabilities PNT cyberthreats GPS/GNSS level Network level RARE Cyberattacks RARE GPS/GNSS degradation causes GPS/GNSS receiver Environmental GPS segment errors Adjacent-band transmitters Spoofing Jamming
  • 4. © 2021 ADVA. All rights reserved. 4 *source: DHS DHS resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core functions Functional diagram Resiliency levels Resilient PNT conformance framework*
  • 5. © 2021 ADVA. All rights reserved. 5 *source: DHS DHS anti-spoofing open-source resources Released on Feb 26, 2021 Spoofing detection library GNSS spoofing detection algorithm PNT Integrity Library & Epsilon Algorithm Suite* • Designed for GNSS receiver/time server OEMs • Provides spoofing detection capabilities for GNSS PNT sources • Provides scalable framework for GNSS PNT manipulation detection • Allows additional checks to be added as new threats arise • Detects inconsistencies in position/velocity/ clock observables provided by GPS receivers • Enables end-users to have basic spoofing detection capabilities without any modifications to the existing GPS receiver PNT PNT
  • 6. © 2021 ADVA. All rights reserved. 6 NIST resilient PNT guidelines Driven by US Federal Executive Order 13905 of Feb 2020 Core Core Desired cybersecurity outcomes organized in a hierarchy & aligned to more detailed guidance & controls *sources: NIST.IR.8323 & NIST Cybersecurity Profile for PNT Services* Goals Core • Guidance and controls Implementation tiers • Qualitative measurement of cybersecurity risk management practices Profile • Alignment of requirements and objectives, risk appetite, and resources Framework
  • 7. © 2021 ADVA. All rights reserved. 7 Best practice approaches against PNT cyberthreats Multilayer detection Multisource backup Fault- tolerant mitigation Resilience/robustness/cybersecurity augmentation PNT cyberthreats
  • 8. © 2021 ADVA. All rights reserved. 8 Four levels of jamming/spoofing detection Multilayer detection approach Level 1: GNSS antenna • Use anti-jam/spoof antennas, with threat alarms • Add in-line anti-jam/spoof accessories, with threat alarms Level 2: GNSS receiver • Use smarter multi-constellation/-band receivers, with jam/spoof & satellite count monitoring, jam mitigation, spoof detection, etc., and threat alarms Level 3: PNT device • Use/compare two GNSS receivers, in fixed & nav mode, to detect location/phase/time change, with spoof alarms • Monitor/compare/verify multisources (GNSS/PTP), with jam alarms Level 4: PNT network management • Manage/monitor/compare/verify all network devices (GNSS/PTP/ etc.) in real-time, with AI/ML-based threat analytics/alarms PNT network management PNT device GNSS receiver GNSS antenna
  • 9. © 2021 ADVA. All rights reserved. 9 Augmented PNT resilience and robustness Multisource backup approach Level 1: PNT device • Source 1: Use GNSS receiver(s) or DoD M-code receiver • Source 2: Use local holdover clock (super crystal or rubidium atomic) • Source 3: Use external standalone (no antenna) cesium atomic clock, to provide a trusted ePRTC (enhanced primary reference time clock) with verified GNSS/PTP sources • Source N: Use other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. Level 2: PNT network management • Source 4: Use/manage network NTP/PTP time feeds • Source N: Use/manage other sources/clocks of opportunity like White Rabbit (SyncE+PTP), etc. PNT Network managment PNT device
  • 10. © 2021 ADVA. All rights reserved. 10 Complete PNT control, visibility and assurance Fault-tolerant mitigation approach Level 1: PNT device • Monitor/compare/verify multisources (GNSS/PTP), with fault- tolerant failover based on detected GNSS jamming/spoofing & network cyberthreat alarms Level 2: PNT network management • Manage/gather/analyze/visualize all network device data in real time, then use AI/ML analytics to detect, mitigate & prevent: o Jamming/spoofing based on GNSS receiver observables, with threat alarms o GNSS environmental obstruction, with threat alarms • Use a centralized, fault-tolerant network management & monitoring system at scale, with multisource failover in case of jamming/spoofing threats • Gain complete control/visibility of threats across the network, with a geo map showing compromised/mitigated PNT devices PNT network management PNT device
  • 11. © 2021 ADVA. All rights reserved. 11 User Level 0 PNT disruptions User Level 1 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 1 resiliency User User GPS GNSS (multi-constellations – GPS, Galileo, etc.) SB (single-band) or MB (multi-band L1/L2/L5) Grandmaster – basic GPS receiver Grandmaster - 2 GNSS SB/MB receivers • Fixed & nav mode receivers to detect spoof events • MB to mitigate jam events • Holdover clock: super XO or Rb • Anti jam/spoof software Optional • Anti-jam antenna • In-line anti-jam/spoof accessory
  • 12. © 2021 ADVA. All rights reserved. 12 User Level 1 PNT disruptions User Level 2 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 2 resiliency Grandmaster - 2 GNSS SB/MB receivers User PTP Network Monitor ePRTC Trusted GNSS SB/MB User GNSS SB/MB Grandmaster with 2 GNSS SB/MB receivers • Config same as Level 1 resiliency PLUS • PTP network time backup from ePRTC source • PTP network time monitor, with threat alarms
  • 13. © 2021 ADVA. All rights reserved. 13 User Level 2 PNT disruptions User Level 3 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 3 resiliency • Config same as level 2 resiliency PLUS • Secondary PTP network time backup • PTP network time monitor, with threat alarms User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers User PTP ePRTC Trusted GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers
  • 14. © 2021 ADVA. All rights reserved. 14 User Level 3 disruptions User Level 4 PNT resiliency Solution Problem Best architecture strategies against PNT cyberthreats Level 4 resiliency • Config same as Level 3 resiliency PLUS • Fault-tolerant mitigation management & monitoring system for complete APNT (assured PNT) • PTP network time feeds self- reconfiguring for intelligent backup & APNT User APNT ePRTC Trusted PTP GNSS SB/MB User PTP ePRTC Trusted PTP GNSS SB/MB Grandmaster - 2 GNSS SB/MB receivers Grandmaster - 2 GNSS SB/MB receivers PTP
  • 15. Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA. NDeFalcis@adva.com