GAO reports on DOD developing alternative PNT capabilities, though some efforts remain incomplete
The U.S. Government Accountability Office (GAO) disclosed in a recent report that the Department of Defense (DOD) is developing systems able to incorporate multiple PNT sources simultaneously using an open systems approach to facilitate the ability to integrate new technologies. In addition, the report identified 11 efforts aimed at providing alternatives to GPS.
“Five of the 11 current alternative PNT efforts are either using a major capability acquisition pathway or a middle tier of acquisition pathway, but four of those efforts lack complete business case documentation,” the GAO said in the report. “Of the six remaining efforts, the business case best practice does not apply, but three of these efforts are in the process of preparing business cases.”
The GAO recommends the Secretary of the Navy ensure the Navy’s alternative PNT efforts have complete business case elements, such as an acquisition strategy. The watchdog agency also suggests the PNT Oversight Council establish strategic objectives and metrics to measure its progress. DOD concurred with one recommendation and partially concurred with the other. GAO maintains both recommendations are valid.
The reliance of the DOD on GPS (Global Positioning System) for its operations enhances its threat landscape, with threats such as cyber threats and jamming emerging as constant risks. Furthermore, the DOD recognizes that potential threats to GPS require investments in complementary technologies. The dangers can be categorized as jamming, spoofing, cyber, unintentional interference, and direct attacks on satellites or satellite infrastructure, and they carry with them the potential to limit the military’s ability to conduct operations.
GPS uses accurate positioning, navigation, and timing (PNT) which has become an invisible but essential utility for many critical infrastructure operations. Disruption of, or interference with, these systems have adverse effects on individuals, businesses, and the nation’s economic and national security. For example, PNT data is essential to effective military operations. However, multiple threats can render GPS data unavailable or inaccurate. DOD recognizes the threats to GPS and is taking steps to address them by developing more robust GPS capabilities and alternative PNT technologies. GAO was asked to review DOD’s acquisition of alternative PNT technologies.
“While the impact of these threats can deny or degrade GPS, some DOD platforms may be able to continue to operate without GPS for a period of time, but as GPS degradation or denial stretches on, more missions will be impacted,” the GAO report said. It continues to discuss the threats facing GPS, DOD’s alternative PNT efforts and their business cases, and the defense agency’s oversight of its PNT portfolio. The GAO report is a public version of a sensitive report that GAO issued in April this year, with information that the DOD deemed to be sensitive being omitted.
The GAO compiled and analyzed GPS threat information from relevant organizations and DOD officials, analyzed DOD documents, reviewed DOD PNT portfolio plans and strategies, interviewed DOD officials, and sent a questionnaire to DOD PNT program officials before analyzing its final results.
The GAO report also found that the DOD’s overall PNT portfolio is managed by the PNT Oversight Council, a statutorily established senior-level body. However, during recent meetings, the Council has largely prioritized modernizing the existing GPS over alternative PNT efforts. It has no strategic objectives or metrics to measure progress on the alternative efforts. “Defined objectives and metrics would help the Council better measure overall performance and mitigate any potential gaps in PNT capabilities as the military transitions to using M-code,” it added.
While transmitter power limits the range for jamming and spoofing attacks, the impact from cyberattacks can have far greater reach, as long as the target is accessible via a computer network and can present a greater threat, the GAO report said. “In 2018, we found that automation and connectivity are fundamental enablers of DOD’s modern military capabilities, but they make weapon systems more vulnerable to cyberattacks.”
“According to DOD and the National Aeronautics and Space Administration (NASA), cyber threats exist for all GPS segments: space, ground control, and user equipment,” according to the GAO report. “One study on GPS approached the system as a computer system instead of a signal system and found that the intricate nature of the GPS devices provided a large attack surface that is vulnerable to cyberattack,” it added.
The report also covered some recently reported examples of cyber warfare capabilities. For example, in 2020, the U.S. Defense Intelligence Agency assessed that China could employ its cyberattack capabilities to establish information dominance in the early stages of a conflict to constrain an adversary’s actions or slow its mobilization.
In the same year, there were two attacks from Russia, the GAO report said. First, Russia launched a hack known as the SolarWinds Breach by gaining access through a software company’s software used to manage computer systems. The attack affected many U.S. federal agencies, including the Department of Defense at the Pentagon.
The watchdog also cited the time when hackers conducted a cyberattack on Garmin’s commercial GPS navigation services using a hacking tool developed by a hacking group with ties to Russia. The attack affected various Garmin services, including website functions, customer support, and company communications. Additionally, pilots who use Garmin could not download up-to-date aviation databases before they could fly.
In 2020, experts estimated that around 6,000-7,500 military personnel would conduct cyber warfare for the North Korean state, the GAO report said. “Given its demonstrated cyber capabilities, it is conceivable that North Korea could initiate a cyberattack against U.S. space systems or ground stations, although there is no publicly available information to suggest this has happened to date,” it added.
The GAO made two recommendations for executive actions to components within DOD. First, the Secretary of the Navy should ensure its PNT efforts have complete business cases, including that the Automated Celestial Navigation System (ACNS) program assesses technology and schedule risk, and the CEC program assesses its schedule risk. It also advised that the AN/WSN-12 program completes its scheduled risk assessment and documents the decision to leverage a technology risk assessment conducted on a similar program to the AN/WSN-12.
Furthermore, the GAO report suggests the effort to add alternative PNT capabilities to the Global Positioning System-based Positioning, Navigation, and Timing Service (GPNTS) finishes its requirements documentation. It also recommended that the Secretary of Defense ensure that the PNT Oversight Council creates strategic objectives and metrics to measure progress towards those objectives for DOD’s alternative PNT efforts.
In February last year, the National Institute of Standards and Technology (NIST) released a cybersecurity guidance framework for PNT services. As a result, organizations can increase their resilience through responsible use of PNT services, as the national and economic security of the U.S. depends on the reliable functioning of critical infrastructure.
Related
