BE-AWARE GNSS threat analysis in Austria

Global Navigation Satellite Systems (GNSS) serve a pivotal role in a multitude of applications, encompassing positioning, navigation, and timing. GNSS technology finds extensive use across critical infrastructure domains, including financial transaction timing, synchronization of communication and power grids, aviation route optimization, and even within organizations such as the Austrian Armed Forces.

However, GNSS systems face significant vulnerability challenges. They are susceptible to cyber threats, such as jamming and spoofing, owing to the weak signal strength of GNSS signals. Additionally, the illicit use of personal privacy devices, capable of jamming GNSS receivers, compounds these security concerns. Notably, all GNSS systems, including GPS (USA), Galileo (EU), and GLONASS (Russia), operate on the same frequency spectrum, rendering them equally vulnerable.

Overview of GNSS cybercrime

This project’s primary objective was to compile an exhaustive overview of the critical infrastructures at risk from GNSS cybercrime in Austria, encompassing equipment employed by the Austrian Armed Forces and the Federal Ministry of the Interior. The project, known as Be-Aware, was a continuation of the FFG ASAP12 project TACTIC, which demonstrated potential GNSS interference from jammers and spoofers. To fortify critical infrastructures against cyber threats, it was imperative to identify which infrastructures are susceptible to GNSS cybercrime—a task that still lacks comprehensive data across European countries.

Assessing the potential threat to an infrastructure entail delving into the direct and socio-economic consequences of disruptions, such as power outages or loss of mobile communication services. Estimating the probability of such occurrences requires an understanding of the extent of interference and jamming, data which was absent for Austria.

Vulnerabilities by Jamming and Spoofing

Another critical aspect of this project was the demonstration of the threat posed by GNSS vulnerabilities. Consequently, a multi-frequency, multi-GNSS spoofing demonstrator will be developed to showcase the potential risks to GNSS receivers. GNSS equipment for testing was provided by project partners, BMLVS and Wiener Netze.

The information gathered, including potential consequences, estimated occurrence probabilities, and the extent of damage, culminated in the creation of a catalog detailing GNSS threats specific to Austria. This catalog enumerates critical infrastructures, categorizing them by the level of threat they face. Armed with this data, infrastructure operators can quantify their situation and make informed decisions about whether additional safeguards, such as specialized GNSS antennas or PRS receivers, are necessary to enhance GNSS infrastructure security.