For our March 2025 issue, Professor Washington Ochieng proposed the following question to members of our editorial advisory board: When we discuss the security of GNSS/PNT systems, we nearly always focus on interference — i.e., meaconing, intrusion, jamming or spoofing. However, GNSS/PNT systems are embedded in systems of systems that also offer many other opportunities for cyberattacks. What should we do about it?
Miguel Armor
“As a GNSS receiver manufacturer and correction service provider, cyber attacks are a risk we must consider seriously that arises from our customers’ integration of our solutions into complex systems. At the receiver level, it is important to make risk assessments to identify vulnerabilities across all components and implement a robust, multi-layered security strategy that includes physical, network and software components. At the core, our strategy incorporates cybersecurity considerations into our product/service development processes. We utilize the ASPICE framework for our engineering processes and we layer into that process the ISO21434 standard to ensure that we take steps all along the development path to consider cybersecurity. We selected this standard from the automotive industry due to the connected car use case, which is now in the front of cybersecurity development. ISO21434 covers the entire development life cycle — from system, to hardware and software, to verification and validation — in a way that many other standards do not. As a correction service provider, we ensure our data streams are secure and reliable, maintaining the highest standards of accuracy and availability. We also use ISO27001 as an IT framework for our correction network infrastructure. Continuous monitoring and iterative improvements are crucial to maintaining a secure and resilient GNSS/PNT infrastructure. It is key also to prioritize redundancy and backup systems to ensure continuity and resilience, to develop a comprehensive incident response plan that allows for rapid action in case of a breach and to conduct regular employee training to promote cybersecurity awareness across all products and platforms.” – Miguel Amor, Hexagon Positioning Intelligence
Alison Brown
“Cyberattacks are a credible threat to all existing GNSS systems and certainly need to be taken into account when considering alternative resilient PNT solutions. In fact, Goal 3 of the recently released U.S. Department of Transportation PNT Strategic Plan identifies PNT cybersecurity as a critical element of PNT resilience. The National Institute of Standards and Technology (NIST) provided a report titled Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. This cybersecurity framework was created for both users of PNT services to manage risks when using PNT signals or data, and for operators of alternative PNT services to leverage when providing PNT signals or services. It was created by applying the NIST Cybersecurity Framework (CSF) and provides approaches for cybersecurity for PNT by continuously monitoring for attacks (e.g., denial of service, jamming), false data, and other malicious behavior within the systems and across the PNT services, using data-driven methods and solutions. This Cybersecurity Framework should be routinely adopted by both users and providers of PNT services.” – Alison Brown, NAVSYS Corp.
<p>The post Tips to combat cyberattacks on GNSS/PNT systems first appeared on GPS World.</p>