Fixing a critical vulnerability in our critical infrastructure
- By Reggie Brothers
- May 29, 2020
It is rare that a government report offers a realistic, near-term solution to a pressing, long-standing, black swan problem. It is rarer still that such a report recommends relying on the market rather than advocating a solution that costs billions of dollars and takes many years to deploy.
But that is exactly what the Department of Homeland Security has done in addressing the risks of Global Positioning System disruption that would impair our critical infrastructure.
GPS is the silent, free-of-charge, government-owned utility that most of our critical infrastructure depends on for precise timing or positioning information. It is now used by much of the world to enable everything from smartphones to bank ATMs to medical devices.
Despite its critical importance to our national security and everyday lives, GPS is highly vulnerable to attacks and technical errors that have already caused serious disruptions. A long-term outage is an immense risk to our public safety, national security and commercial lifeblood. And as we have all recently been reminded, black swans do exist.
Alarmed by this vulnerability, Congress passed the well intentioned National Timing Resilience and Security Act of 2018 to try to make the nation's critical infrastructure resilient to GPS loss. The law acknowledged the critical infrastructure vulnerability, called for an urgent solution and prescribed certain desirable features of such a solution. Unfortunately, this law bypassed the market in favor of a government-built, one-size-fits-all system that would require a significant capital investment and several years to build.
Based on extensive technical analysis, DHS has found a better way to fix our vulnerability to a long-term GPS disruption. The solution is available today in the marketplace and does not require a costly, multi-year government program.
Analysis and recommendations from DHS are contained in a recent report to Congress. A few key takeaways:
- Each critical infrastructure sector has different needs for backup positioning, navigation and timing. DHS determined that the "position and navigation functions in critical infrastructure are so diverse that no single PNT system, including GPS, can fulfill all user requirements and applications." The report also notes that maximum resilience is found in diversity of solutions and recommends that the "Federal Government should encourage adoption of multiple PNT sources [to expand] the availability of PNT services based on market drivers."
- Multiple alternative solutions are commercially available today to meet those needs. The DHS report finds that "there are smart, market-oriented solutions that will contribute to enhanced resilience that the U.S. Government should continue to promote, enable, and stimulate." For example, a common baseline exists for timing needs, with DHS concluding that "a minimal acceptable precision of anywhere between 65-240 nanoseconds …supports all critical infrastructure requirements and is expected to meet future requirements, including 5G." The report specifically calls out five commercial solutions that meet this requirement.
- The federal government should not develop its own backup system to GPS; in fact, that would be counterproductive. Such a move would be an innovation killer, sidelining currently available technologies and preventing those in development from ever getting off the ground. DHS warns against this: "A free government system would negatively impact commercially available PNT systems by directly competing with them."
The DHS report is not an island of government thinking on resilience. Its findings and recommendations neatly align with the principles contained in a February 2020 presidential executive order that directs a market-based, technology-agnostic roadmap to increase resilience of our nation's critical infrastructure to GPS disruption.
The bad news, however, is that the report points to an underappreciation of the risk of a long-term GPS disruption, coupled with the absence of a regulatory mandate to address it. It also notes that critical infrastructure owners and operators are highly unlikely to implement these available commercial solutions without further federal incentives. After all, they would need to pay a fee for the resilient services these commercial solutions offer.
Fortunately, the report offers two good options to incentivize greater adoption of existing backup services.
One approach is to implement federal regulations that obligate owners and operators of critical infrastructure across all sectors to adopt PNT services that backup and augment GPS. DHS recommends that such a mandate "would set an outcome-oriented framework to require certain critical infrastructure to invest in resilience."
A second option would enhance user benefits by integrating backup services with existing GPS chipsets and hardware. There are alternative PNT services on the market today that do this by emulating the form factor of GPS user devices without significantly changing the size, weight and power requirements. However, government standards and industry-government collaboration could do more in this area to encourage adoption.
This is not an either/or choice. We must implement both options — in tandem and soon. In fact, both could be folded into new policy direction that Congress provides as part of an infrastructure stimulus and recovery bill. A nasty black swan could be stopped dead in its tracks, and it would not cost the federal government a dime.
Reggie Brothers is the former Undersecretary of Science and Technology for Department of Homeland Security and former Deputy Assistant Secretary of Defense for Research.