NewScientist’s David Hambling (19 August 2017) notes the first occurrence of GPS spoofing:
REPORTS of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for knocking GPS off course. This could be the first hint of an electronic weapon that could be used by anyone, from nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – 32 kilometres along the coast, at Gelendzhik airport.
After checking the navigation equipment was working properly, the shipmaster contacted other nearby ships. At least 20 were affected.
While the incident hasn’t been confirmed, navigation experts think this is the first documented use of GPS misdirection – a spoofing attack that has long been warned of but never been seen in the wild.
The remark that petty criminals, whose aims are selfish and provincial, might be able to accomplish this sort of thing is particularly frightening. At least nations can be predictable, and if identified in a particular incident, punished. So what’s to be done?
The spectre of electronic warfare has led to calls for more research into countermeasures. Research on receivers that could authenticate a GPS signal has been under way for over a decade. “Guarding against spoofing is not easy,” says Last.
There is one other option: ditch GPS and return to Loran, the second world war era system of radio navigation beacons. It requires a large, complex antenna and spoofing can be detected and located relatively easily. It was switched off in 2011, but advocates have long rallied around a modern update, eLoran – a low-cost fallback for GPS that might now turn out to be priceless.
Standing willing and ready to re-enter service.
And if it really comes down to it, we can re-staff the lighthouses! No, not really, but certainly low-tech approaches, while perhaps not as effective as high-tech, are also not as vulnerable to malicious actors, either. Using low-tech for the primary requirements and high-tech for detection and retaliation may prove interesting.
