In today’s cyber landscape, a terrorist posing as a passenger on a commercial flight couldn't easily open up his laptop computer and use GPS spoofing to deceive the flight crew about the location and direction of the plane. Ground-based radars and manual flight controls prevent false GPS readings from going undetected. However, spoofing could become a more serious risk as the U.S. rolls out the GPS-based Next Generation air traffic control system and begins unplugging those ground-based systems.
The threat of terrorists redirecting and manipulating GPS signals won’t be easy to solve, which may be why it isn’t often discussed in the context of NextGEN. But it is a consideration that must be made.
NextGEN is a navigation upgrade that’s being undertaken by the Federal Aviation Administration to replace World War II-era radar tower technology. The long-term cost savings projected from the multi-billion-dollar NextGEN investment are premised largely on shifting navigation and air traffic control to GPS readings, so that today's expensive ground-based navigation aids can be turned off. Airlines are also in favor of this shift because it will allow them to lighten their planes and improve fuel efficiency.
Without at least some of today's backup ground based systems, aircraft could become more vulnerable to GPS spoofing, just as ships and trucks are today. GPS readings collected by ships and trucks are sent to control centers without backups. Threat actors could spoof these locations and disguise the real position of a hijacked ship or truck. A ship with a dangerous payload, for example, could be steered undetected into a different port.
NextGEN could create similar vulnerabilities for airliners if the risk is not taken into account by retaining some of the old technology. In addition to retaining some analog systems, pilots and air traffic controllers would benefit from detailed training on how to detect spoofing and cope with it if it happens.
As a former airline pilot who was in the air on the morning of Sept. 11, 2001, I wondered if previous GPS spoofing incidents might offer lessons for our airline industry and other transportation sectors. I studied the issue in my role as a security analyst for Dynamic Research Corp., and I summarized my interpretations in the paper, "GPS Spoofing.” The paper describes my personal views about how Iranian officials might have been able to take control of a U.S. RQ-170 reconnaissance aircraft last December. Evidence in the public record indicates that threat actors were able to jam the encrypted communications signal from a satellite without breaking the encryption, giving them the ability to leverage an autopilot feature to manipulate the GPS signals.
Those techniques couldn’t easily be applied to airliners today because of the current safeguards. Air Traffic Control radars detect and track aircraft most of the way along their routes, except when planes are over the highest mountain ranges or far out over the oceans. As a backup to the GPS system, each cockpit is equipped with a VHF receiver that can be tuned to a specific VOR (variable omni range) station, similar to the way a car radio can be turned to an FM station. The crew can set and track a specific course that is displayed on an analog gauge. During landings, radio beacons and light signals are beamed from the ground to help assure pilots they are on the correct glide slopes, especially in low visibility.
If a threat actor jammed the GPS signal and tried to replace it with a spoofed reading, the pilots would know something was wrong.
As NextGEN is rolled out, the risk of GPS spoofing could be kept low by retaining some elements of that equipment. The recent loss of GPS-based unmanned vehicles shows that GPS spoofing is an emerging cyber threat that needs to be taken seriously not just in defense, but in civilian transportation industries as well.