The classic GNSS attack in warzones, or otherwise, is collateral spill over. Events like these have entered the mainstream press, with a famous example, described by Berz, involving a super yacht docked in a Netherlands port. The yacht had a 40-Watt anti-paparazzi GPS jammer designed to disrupt the activity of photography drones piloted by members of the press. When the yacht owner accidentally left the device running in the port, the effect was to disrupt GPS in all of Belgium, Netherlands, and Luxembourg, as well as parts of Germany.  

On the ground and in a maritime setting these attacks can be managed effectively, but in the case of military aviation collateral spill over leaves aircraft at altitude “simply exposed”, according to Berz. 

“The challenge in aviation is that we didn’t really design systems to receive all kinds of crazy signals,” continued Berz. “On the flight deck, all sorts of crazy things happen that we didn’t really anticipate because it wasn’t really part of our system design.”  

Speaking in an exclusive interview with Global Defence Technology at CyberTech 2023, Menashe, head of the guidance department, spectrum defence and the space system branch at INCD, said that interference from Russia and Syria at the border has been a ‘mix’ of jamming and spoofing.  

In 2019 cybersecurity professionals raised flags over an obvious Russian and Syrian defensive mechanism to switch on GNSS denial systems, and in the years since then it has become a ubiquitous source of interference employed by other militaries and by criminals, across other airspaces. With the high level of integration of GPS in warning systems, this has led to a widespread distrust in aviation warning systems associated with nuisance alerts and distractions.  

While jamming from both Russia and Syria appears indiscriminate, focused spoofing attacks within Israel’s borders have targeted Israeli uncrewed aerial vehicles (UAVs). 

“That’s how Iran, ten years ago, hijacked a US UAV. They managed to send the drone, through a complex of satellite manipulation and GPS spoofing, [to] land the UAV onto their territory,” said Menashe, referring to the hijacking of an American Lockheed Martin RQ-170 Sentinel UAV in December 2011.  

Spoofing simulates satellite signals that look like those of the real satellites and give the user the impression that they are at another place, or they are flying with another trajectory than what they actually are. 

Menashe, who served for 30 years in the teleprocessing corps of the Israeli Ministry of Defence, said he believes “that by using the information that [Iran] stole from this UAV, I believe that they created the UAV that right now is working on Ukraine”, referring to Iranian supplied drones that Russia is using in the invasion of Ukraine. In April 2012, the Iranian Revolutionary Guard Corps claimed to have extracted all of the data from the Sentinel drone and to have begun work on reverse engineering the design in order to build a replica. 

Spoofing has applications at sea and on land, both by state actors and criminals. “One of the problems,” said Menashe, “you can see are pirates using spoofing to hijack a yacht. They cause the yacht to move to a specific port or specific place that they are waiting, and then they are attacked.”  

Menashe went on to describe how important merchandise has been stolen from hauliers working from lorries: “They block the cellular, spoof the GPS, the driver finds himself in the middle of the forest, and that’s it.” 

A remedy for operatives experiencing GPS jamming is to move onto an alternative constellation of GNSS networks with a multi-constellation receiver. In Israel this would mean switching from GPS to either GLONASS, Galileo or BeiDou, and represents a good solution in all but the very rarest events, where all four constellations are jammed.  

While multi-constellation receivers offer the user some security in their operations, from the perspective of manager in cybersecurity across a nation, this remedy does not provide the insight into the scale and location of interference that is crucial to understanding the situation in real time. “I need something to see. I need the monitoring. I know I am the regulator, I am not the operator, but I need something to see," Menashe said. 

In his work at ICND, Menashe has pioneered an approach that gives an overview across the country to describe visually in real time the interference being projected against GPS systems on the ground. By collaborating with commanding officers of geodetic stations across Israel, Menashe has been able to integrate their sensors in order to see the GPS status across all of Israel. “Just from collaboration, with zero dollars…I have enough sensors that reflect for me what is the current situation in Israel. I think this is a very unique situation, because I’m not familiar with another group that has this capability.” 

For covering the air domain, Menache uses a free to charge ADSB website. ADSB is a protocol used by aircrafts to broadcast their position to air traffic control and other aircrafts and other airspace users. Through the ADSB signals that all aircraft broadcast to the ground it is possible to see whether an aircraft is receiving accurate satellite signals or not. When aircraft emit these signals, they also broadcast an indicator of the accuracy and quality of the signal.

In work from Georgio Tresoldi, scientific project manager at the Swiss Cyber-Defence Campus, 70% of planes flying through Cyprus experience having their GPS signal interfered with along the journey.   

“He have a happy coincidence,” says Tresoldi, “that the ADBS system that broadcasts an aircraft’s GPS positions…which today some of us are saying is absolutely crazy from a security point of view…since there is this synergy - both the surveillance and the navigation system using GPS - it can also work to our advantage in the sense that we know that the aircraft is no longer sending us position, we also know that its positions disturbed. 

“And so, we can exploit that knowledge. And we then also know a little about when the disturbance starts and when it stops, and we can start to build algorithms to try and geolocate the sources of interference. 

“We have built up…our own data gathering network across Europe with which we now see all the time where the interferences are whenever aircraft fly. We don’t see is in airspace where the aircraft don’t fly, but we see it across Europe and we’re building that up into a real-time capability or a near real-time capability to help air traffic control manage the situation.” 

The cost to interfere with GPS signals is incredibly low, with Menashe estimating the cost of a small-scale jammer to cover a radius of 500m on the ground to be between $20 or $30. Tresoldi, who has done extensive work trying to simulate these kinds of attacks in a laboratory setting using consumer-off-the-shelf technology, agrees that the jamming technology is easily obtained: “It’s quite easy to produce a GPS jammer, or even to inadvertently operate one. It’s also possible to do it from military or security forces perspective.” 

Based on his thirty years of service in the Israeli military, Menashe’s advice for operations concerned with this GPS interference is to go back to root principles consistent with earlier military planning: “The basic assumption when you go to a project is that there is no GPS. So, you have to define and operate a system in an environment that you don’t have GPS. If you have to move manually, or it’s going to take more time, do it. 

“That’s why most of the technology that the military buys don’t rely on GPS, and even if it relies on GPS, it is supposed to be very protected… Functionally, it’s not like that in the private sector, so that’s why we need to guide them to understand, and of course to guide them to specific solutions, for time, navigation and position.” 

And yet, there are still examples of this kind of thinking taking root in civil operations, as Tamir Goren, director of strategic programs at the INCD explains: “Many years ago, when GPS became so available and reliant, the International Civil Aviation Organization started instructing airports in civil aviation to let go of the old legacy systems, and they started to decommission them, and then GPS interference came in, and now they’re instructing everyone to keep the legacy systems as a fallback.” 

There are certainly further technocratic approaches to addressing the issue of GNSS interference, but as Tresoldi points out, from an attacker’s perspective these systems are still very easy to attack. Rather than to adjust to be more resilient to attacks, he suggests that operators should adjust to be more flexible to operate in circumstances of interference to continue to maintain safety and react to challenges.