Navigating the GPS threat landscape, with Brandon Karpf.

Brandon Karpf: Just to give you a sense of the power, the GPS signal that your phone is collecting is about the same power as a car headlight seen from 12,000 miles away. That's the power, right? [Laughter] So, I mean, it's very low power by the time it reaches your phone or any, you know, GPS receiver on the ground. [ Music ]

Maria Varmazis: Welcome. I'm Maria Varmazis. And you are listening to T-Minus Space Cyber Briefing. In this show, we examine the evolution of cybersecurity in the global and orbital infrastructure that powers, protects, and connects our lives. [ Music ] Hello, friends. It is always a treat to have a conversation with my N2K colleague and host of the CyberWire Daily, Dave Bittner, and friend of the show, Brandon Karpf, who is the leader of international public-private partnerships at NTT. The three of us recently got together to discuss something space cyber-related that Dave had found and shared with us. I'll let Dave start us off on our conversation. Here he is.

Dave Bittner: So there was a recently published video over on YouTube from the folks at Veritasium. Very, very popular YouTube -- is it fair to call it a science channel?

Brandon Karpf: I would call it science and kind of a new media.

Dave Bittner: Yeah, I'm a fan. So this particular episode of their show has to do with GPS jamming, and specifically that something is jamming the GPS system over Europe. Maria, do you want to try to fill in some of the gaps here of what this is about?

Maria Varmazis: Yeah, so I will just get right in front of it and say, I made an assumption that this video was about someone doing something dastardly on the ground and jamming GPS signals from a ground station. And literally the first two minutes of this video says, no, that is not what this is about [laughter]. So for anyone else who's going, oh, that's old news, we've talked about that a bunch, this is not that. This is a bit of a physics whodunit, which is kind of -- they take us on a nice little journey here. Somebody's doing something dastardly in the L-band. Which is what all GNSS satellites are working in, right? And it's over a huge swath of not just Europe, but even parts outside of Europe. They figure out pretty early on with just some basic geometry, that if you're going to be jamming signals over that big a part of the world, it's not going to be something on the ground. It's got to be something in space that's doing this. And then they walk us through how the researchers figured out what satellite or satellites they think might be doing some naughty things in space. Did I summarize that well?

Brandon Karpf: I think you nailed it. I mean, it was this professor and his research student at UT Austin. But then there was a part of the story where they brought together folks in the position navigation and timing community around the world, in Europe and Germany and others. I mean, a really kind of a collaborative effort to get the data that they needed to pretty narrowly pinpoint the perpetrator of this.

Maria Varmazis: Yes.

Dave Bittner: And I think it's worth saying that when we say "GPS jamming," this is more of every now and then an occasional anomaly type of jamming. This wasn't somebody, you know, shutting down GPS for long periods of time. Although any disruption to GPS is potentially dangerous. This is the kind of thing that was happening a few seconds at a time, spread out over weeks and months and years. Which was part of the puzzle of who's doing this and why?

Maria Varmazis: Yeah.

Brandon Karpf: Yeah, it was 75 specific events over the course of between 2019 and 2026, and measured over Europe, Greenland, and Canada, more or less simultaneously, at least simultaneously within, you know, human perception, obviously not machine perception.

Maria Varmazis: Yeah. And they were flooding, they were just flooding the frequency. What exactly was this, I don't know if we want to call it an attack, but what exactly was it doing?

Brandon Karpf: Yeah, so from the perspective of kind of a malicious attack or a radio frequency attack, you know, we've -- and I know that on the various podcasts, we've talked about jamming and spoofing in the past. Jamming being just kind of noise where, you know, if someone's talking, a jammer is just talking over that person, right? Whereas spoofing, right, if someone's talking, then someone is actually mimicking the way they speak and making you believe that it's the person talking, right? That's jamming versus spoofing. And this just seemed to be just a very quick, subtle interference. So the same frequency band, a little bit louder than the true signal. And so it was kind of a spoof, right, kind of a jam, a little bit in between, but not enough to really affect any of these systems. And that was part of the mystery is like, what is going on here? Why is this happening every few weeks, every few months, kind of randomly on Wednesdays and Thursdays, by the way, during business hours?

Maria Varmazis: Yeah, just for fun. No.

Brandon Karpf: Right. Exactly.

Maria Varmazis: I mean, one kind of jumps to a conclusion pretty quickly that someone's kicking the tires on some bigger plans. I mean, that would be my assumption of something like this. You don't test something out like this just to see if you can do it and then leave that there.

Dave Bittner: Right, right. Not to mention having to have the infrastructure to, I don't know, launch a satellite to be able to do this [laughter].

Maria Varmazis: Easy peasy.

Dave Bittner: Right. Yeah. So spoiler alert, if any of our listeners don't want us to jump to the end here, now would be a great time to pause, go watch the Veritasium video, which we will include a link to in the Show Notes, and come back for our thoughts and discussion about what happened. So let's skip to the end here. Maria, what are the most plausible theories that folks have as to what could be going on here?

Maria Varmazis: My understanding is that the thinking is this is from Russia's early missile warning system, that they're kicking the tires on some transmitters that have the ability to flood the zone.

Dave Bittner: Well, something that caught my attention was the notion that they would be using the frequencies very close to GPS because their adversaries would be less likely to take those signals down or to interfere on their own. So if you have communications that you want to be -- you don't want to have them interrupted, if you park them right next to a critical service like GPS, perhaps it's less likely that you will be interrupted.

Maria Varmazis: I think this would be a good time for Brandon to explain how that works. Because I think people who have maybe a very digital mindset might not understand.

Brandon Karpf: Yeah, and I think you both captured the two working theories, you know, right on. One of them being, this is an offensive capability that Russia has attached to their early warning satellites in a specific orbit called the Molniya orbit. Which is a highly elliptical orbit that has a long dwell time over the northern hemisphere and, you know, definitely could be an offensive capability, but also could have been or could be, as Dave was talking about, an actual communication signal, where there's content inside this signal, and that they're just testing, making sure that these satellites can still communicate on this signal that is very close to, but not exactly on top of the GPS frequency. And so both are totally viable. A key aspect of any sort of radio frequency communication is that your communication is never over just a single frequency, it's actually typically a band of frequencies. Especially if you want to put a good amount of information into that signal, you do need to have a little bit of a band. That's created by however you multiplex the signal, creates that frequency bandwidth that you're communicating over. And so if Russia has put their kind of this critical wartime reserve communication frequency right next to GPS, well, every time they test it, a little bit of that signal is going to leak over into the GPS band, and you'll measure some interference. So both are totally, you know, viable theories. I don't think that there's enough data out there right now to say which one is true. There's an extraordinary amount of data going around in the radio frequency spectrum. You cannot conceivably collect all frequencies all the time. And so finding the data there to see if they're communicating maybe in a band that's just slightly above GPS, that data is not readily available yet. But I think both are viable and both kind of point out some critical vulnerabilities or concerns with the GPS band that we rely on.

Maria Varmazis: I mean, does it take a ton of power to do what they're doing? I mean, from the Molniya orbit, I mean, I imagine it's just not that heavy a lift.

Brandon Karpf: Not at all. I mean, the -- just to give you a sense of the power in a GPS signal, the GPS signal that your phone is collecting is about the same power as a car headlight seen from 12,000 miles away. That's the power, right [laughter]? So, I mean, it's very low power by the time it reaches your phone or any, you know, GPS receiver on the ground, right? And so, I mean, there's probably a lot of power coming out of the satellite itself, but then again, I mean, it doesn't have to overcome a lot.

Dave Bittner: Yeah, I want to say, and this is off the top of my head, so I reserve the right to be wrong, but I want to say it's about 50 watts of radio power coming out of any of those GPS satellites, which.

Brandon Karpf: Yeah, that's about right.

Dave Bittner: While directional and focused and all that kind of stuff, is not -- you know, imagine a 50 watt light bulb that is tens of thousands of miles in space. And that power is distributed over a good part of the globe. That's how you get your 12,000 mile away car headlight.

Brandon Karpf: And a lot of the conversation around kind of GPS jamming and spoofing -- and by the way, spoofing is far more the -- is a much more dangerous, right, attack, because it manipulates the signal. It makes you think that you or, you know, your device is somewhere that it's not. But most of these have talked about kind of the asymmetry of the $30 jammer, right? You can very easily make one of these things at home on the ground. What's notable about this is that this has clearly been extended into the space architecture.

Maria Varmazis: Yeah.

Brandon Karpf: And so this is really one of the first times we have clear evidence that there is a jammer or a spoofing capability, something that could be used to interfere in space, right? And so that's a concern. And along with, you know, how dependent we are on this critical infrastructure of position, navigation, and timing signals. [ Music ]

Maria Varmazis: A car headlight from 12,000 miles away, that's around 19,000 kilometers for the civilized world. And that level of power provides the foundational tech of our modern life. Chew on that for a moment while we take a quick break. When we return, we're diving into the super useful and super congested and contested part of the electromagnetic spectrum that runs from one to two gigahertz. It is called the "L-Band." Stay with us. I feel like we should also talk a little bit about the L-Band in general, about just how much is going on in the L-Band. And Dave, I'm looking at you, especially as a ham [laughter]. Like, this feels like also something you can speak to. I mean, so much goes on in the L-Band, and this is something I really didn't appreciate until I started learning about this a few years ago. Is there a more important piece of the spectrum out there than the L-Band to modern life? I don't know, maybe there is, but that seems pretty damn important.

Dave Bittner: No, I mean, it's a good point. Obviously, as one of the folks in the video point out, one of the experts that they spoke with, GPS touches just about everything these days. Almost all of our consumer electronics are somehow tied into GPS. It's how our devices tell time, right? Because GPS is reliant on extraordinarily accurate time, it's a great time source. So your phone uses it for its time source. And there are appliances that use it as their time source, you know, your car.

Maria Varmazis: A lot of critical infrastructure uses it, yeah.

Dave Bittner: Right. Yeah, your car has GPS. So it uses it as a time source and obviously a location source and all those things. But yeah, there are a lot of things in this band. And what is this, it's a -- what is it, like 1.2 gigahertz, something like that? Is that wrong?

Maria Varmazis: It's like one to two, basically, yeah, something like that.

Dave Bittner: Yeah.

Maria Varmazis: All of the GNSS systems -- sorry for being redundant. GNSS, all of the various navigation systems, all of them seem to be on the L-Band. So that's kind of important, right?

Brandon Karpf: And they are there because that's a band that is not as susceptible to various types of interference, you know, natural interference -- weather conditions, ionospheric conditions, things like that. Because it's a high enough frequency that the infrastructure can be small, right, can be more microprocessors and really small antennas. But it's not so high that it's interfered with by, you know, water droplets in the atmosphere and things like that. So it's actually a very resilient frequency band, which is why so many critical applications use that frequency band. But, you know, therein lies the issue, where we don't really have resiliency in the architectures. We don't really have resiliency in how we get timing signals. And I mean, there are technologies that are in the lab now that are starting to be developed, and some of them are starting to be deployed, like actually applying digital signatures to GPS signals, right, you know, that are starting to be applied. There's some quantum technologies that might resolve some of these issues. But this architecture needs more focus because it's, as Maria and Dave, you both pointed out, everything relies on this, right? Everything, every computing system relies on this.

Dave Bittner: I'd just like to point out that this is the reason why my entire family for Christmas this year got hardbound, paper-printed-out copies of a road atlas [laughter].

Maria Varmazis: Yep. Not a bad idea, honestly, yeah.

Dave Bittner: They all looked at me like I was crazy. And I probably am, but I said there is a --

Maria Varmazis: For other reasons, though, Dave.

Dave Bittner: There's a non-zero chance that at some point in your life, GPS is going to be interfered with, and you will thank me then.

Brandon Karpf: Dave, I too have paper maps, road maps of all of my state and all of the surrounding states here at home.

Dave Bittner: Right.

Maria Varmazis: Yep. I keep them in my car, and I've got one at home for the same reason. Yeah, it's not a bad idea. I do have to wonder, Brandon, when we're talking about interfering with global navigation satellite systems -- see what I did there? So if we're thinking that if the theory is that Russia has figured out that a $30 jammer can also go in a satellite now, does this become a war of attrition where everyone's going to be doing this and now basically this all becomes useless because we're all blasting the fog horn on each other from space?

Brandon Karpf: Yeah, it could, and certainly in a conflict scenario. But keep in mind, right, if you are reliant on the signals in L-Band and you want to use them for your own systems, and pretty much every, you know, Western military system relies on it, very few of our offensive capabilities can function without some sort of timing or position signal. You know, you wouldn't want to obviously jam that, right, because then you're mitigating or you're affecting your own systems.

Maria Varmazis: Nongoal.

Brandon Karpf: Yeah, area of operation. So the question is, can you build systems that don't rely on it? And are you building systems? You know, you think about the war in Ukraine, the cat and mouse game, and we're now to the point, actually beyond that, they've been doing this for a while now, but to the point of having hardwired drones, right? Fiber optic lines that actually connect an operator to their drone, flying kilometers, right, kilometers and kilometers for operations because of the radio frequency jamming. So there are potentially other solutions here. But a lot of research and investment is going into other types of timing signals, right? There's such a thing as quantum position verification of using quantum key distribution technologies to verify that you are where you say you are and when you're communicating. So in that way, you can start doing not space-based GNSS, but actually ground-based GNSS.

Maria Varmazis: What?

Brandon Karpf: Yeah.

Maria Varmazis: We're going back to terrestrial? Wait a second.

Brandon Karpf: Right. And back to -- there was an old technology called LORAN, which is more in a lower frequency band, a high frequency or in VHF frequency, that's kind of an over the horizon band that was used as timing signals. I mentioned the application of digital signatures to -- and so actually applying cryptography to the GPS signals allows you to verify that the signal you're receiving is actually verified true, and therefore that takes out the spoofing attack, right? It doesn't resolve the jamming attack, but is kind of an anti-spoofing technology. And so there's a number of these, you know, research areas that are still very kind of lab early days. But, you know, I think this story highlights the need for more focus and thinking about GPS as critical national infrastructure that is not resilient today, that there is no resilience in that architecture, and we're really behind the curve.

Maria Varmazis: Yeah, and while you were mentioning all these technologies, I was thinking about PNT going into Low Earth Orbit. And I'm wondering, would that still have the same vulnerability of, hey, we mess with the L-Band, even LEO PNT is not going to work?

Brandon Karpf: Yeah, I would say so. I mean, the one benefit in LEO is you're so much closer. You're not at 12,000 miles, you're at 300 miles, right? And so your signal strength is much higher, which means that you have a lower signal to noise ratio. Which means that the true signal -- to jam that, you need a much more powerful transmitter to jam that, to overcome the power of the true transmitter.

Dave Bittner: Because the US GPS system is not the only game in town.

Maria Varmazis: No.

Dave Bittner: Does that automatically provide some redundancy? I mean, this video points out that even the phones we carry in our pockets aren't strictly relying on the US system to figure out where they are.

Maria Varmazis: That's right, yeah.

Dave Bittner: They'll listen to the other systems as well.

Brandon Karpf: Yeah, there's a Russian system, a Chinese system, a European system, an American system. I'm not sure if they're more. There might be an Indian system or something planned.

Maria Varmazis: Yeah, there's some sort of like partial systems that other countries are getting. Yeah, India has one too, yep.

Brandon Karpf: Yeah. And actually what this video points out is that this wasn't just interfering with the US GPS frequency range. It was also interfering with the Chinese frequency range. Which is slightly different than the US range, right? And so, you know, there is some redundancy across these various architectures. And they pointed out that our devices today do measure more than just the US GPS constellation. So there's resiliency in that redundancy. But, you know, I think anything that is space-based that is relying on L-Band, that's relying on these extremely low-power signals that are unencrypted and unverified, is vulnerable to the attacks that we're seeing.

Maria Varmazis: Yeah, encryption, kind of important [laughter].

Brandon Karpf: Very important.

Dave Bittner: I guess another question that this video brings to mind for me is, you know, this is a case of the Russians sort of showing their cards a little bit. And they got noticed. But we're having this conversation of saying, oh, this is a problem. This is a vulnerability. We need to take a closer look at this. Wouldn't it be fair to assume that everybody's already thought about this? And, you know, if the Russians have a system to do this, we have a system to do this?

Maria Varmazis: No [laughter]. No way.

Dave Bittner: I mean, let's not be naive that there isn't global recognition of the importance of this system, that all of these have been table-topped out to what happens if and how do we counter them?

Brandon Karpf: Well, I bring this up often when I'm having conversations. You know, a lot of my work is around critical infrastructure resilience, right? That is what I'm working on in the Pacific region. And I have these conversations with folks who say, you know, they expect, oh, if we go to war with China, China's going to cut out all communications and they're going to cut all undersea cables. And the mobile networks in the Philippines and Guam and Taiwan and Okinawa are all going to go dark. And, you know, what I bring up is the historic example in recent history of, you know, even in Ukraine, the mobile networks didn't go down. Why? Because the Russians needed them to communicate too, right? And so to your point of, yeah, we have a number of interconnected systems, there's no secret about how reliant we all are on these systems, not just us, but other nations as well. And these other nations need these systems to function also. I think from a defensive perspective, though, the real question is, you know, or the real observation, right, is that GPS is the most important utility that nobody really treats as critical infrastructure, at least publicly. And it's the one that, in my mind, is most susceptible to spoofing. Because there is no resiliency in that architecture itself. We don't have something to fall back on, right? If communication networks go down and the undersea cables get cut, we have some fallback options, right? If the water treatment plants go down, there are some fallback options. We don't really have a fallback option for position navigation and timing. And so there's a lot of risk inherent in accepting that position, even though everyone knows, right, what's vulnerable.

Maria Varmazis: Yeah.

Dave Bittner: Also, yeah, I agree. And I think about my children and their generation who are, you know, GPS is like water to them. It's just, it's there, it's always been there, and they don't think twice about it. For those of us who are old enough to have been around when this became a thing, and it was suddenly this magical thing that, oh my gosh, you know, we know exactly where we are. I remember our former colleague, John Petrick, who used to be the editor of the CyberWire, he was telling me one day that I think it was the war in the Persian Gulf was the first time that in history that a military actually knew where it was precisely, right?

Brandon Karpf: [Laughter] Right.

Dave Bittner: So my point being that I think if GPS were unavailable, and as we've talked about, how many things that it is involved with, just the psychological effect that could have on a nation, on an adversary, where suddenly all of these things that we just are used to, if they're not able to resolve your location, that would make people edgy, I think.

Brandon Karpf: Right.

Maria Varmazis: I mean, so much other stuff would go down. Like when you start poking at that hornet's nest a little bit, I think not knowing, you know, where we are on the road would be like the last thing we'd be worried about if GPS really went down, because there'd be a lot of other stuff hitting the fan.

Brandon Karpf: I used to point this out in the Navy all the time, which is any network that relies on cryptography, needs the GPS signal for timing reasons. That all you need to do on your local computer is mess with your timing signal, right? And you can do this, right? You can turn off the clock, right? Not your computer clock, the actual timing clock. And see what happens. You can't communicate. You cannot get on the internet without a timing signal. And so to your point, Dave, right, we used to live without it. We could live without it again, right? We could adapt. But we have a lot of systems that rely on this. And we also don't quite know -- just like the same conversation with the post-quantum cryptography and the transition to quantum secure cryptography, where we don't quite know all of the things that rely on cryptography, we also don't quite know -- we don't have a good inventory of all the things that really rely on this position, navigation, and timing signal. And so, you know, it's easy to say, hey, I don't really need my Google Maps on my phone to work. I can figure out how to get to the grocery store down the street. But then the stoplights probably wouldn't be working, right?

Maria Varmazis: And the power grid goes down.

Brandon Karpf: Right, there's a lot of other things there.

Maria Varmazis: Yeah, it'd be real bad. Real, real bad. Yeah, I think we would not notice the maps, because there'd be other things like, oh, now there's no power and there's no water.

Brandon Karpf: Yeah.

Maria Varmazis: A whole bunch of stuff.

Brandon Karpf: Now, I think there's goodness here too. Because as I mentioned earlier, there are technologies already in testing in lab environments and some rolling out into real world that resolve some of this, right? And a lot of them have to do with quantum technologies, which are legitimate and being tested and proven. And it's not that it's helping us with GPS security, it's that it is helping us not need GPS anymore, these new technologies that are being developed, these fundamental technologies. Where quantum navigation and quantum clocks will work even when the signal, the GPS signal, is being jammed or spoofed. So there is a silver lining here.

Maria Varmazis: So we went out to space to make these systems more resilient, and now we're messing with those too much, so we're going to go back to Earth. Wow. Okay.

Brandon Karpf: I'm going to rely on dead reckoning and my sextant to [laughter] --

Dave Bittner: They teach you that in the Naval Academy, Brandon?

Brandon Karpf: They do. They do teach celestial navigation. And the story I'll tell is the most accurate I could ever get with celestial navigation is, oh, I'm somewhere in the North Atlantic.

Maria Varmazis: Bravo. Okay.

Dave Bittner: You were in the South Atlantic at the time, but you were never really a good student.

Brandon Karpf: So that's that's another story for another time, Dave.

Dave Bittner: All right. Well, I want to point all of our listeners to this video that we've been talking about. Again, this is from the folks over at Veritasium, one of the most popular YouTube channels there is, and with good reason. It's called "Something is Jamming GPS Over Europe. Here's what we found." It is a video worth your time. Like I said, we'll have a link in the Show Notes. [ Music ]

Maria Varmazis: And that's T-Minus Space Cyber Briefing, brought to you by N2K CyberWire. If you like what you heard today, you will also enjoy our newsletter, Signals and Space. Every week on Sundays, you'll get research and notes pulled together by our producer, Ethan Cook, and me, along with this week's top space cyber news stories. And you can subscribe by visiting thecyberwire.com/newsletters. We'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing cybersecurity landscape. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the Show Notes, or send us an email. Space@n2k.com is how you can get in touch. We're proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K helps cybersecurity professionals grow, learn, and stay informed. As a nexus for discovery and connection, we bring you the people, the technology, and the ideas shaping the future of secure innovation. Learn how at N2K.com. Thank you for listening to T-Minus. I am your host, Maria Varmazis. The show is produced by Ethan Cook and Liz Stokes. We are mixed by Elliott Peltzman and Tre Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben, with content strategy by Ma'ayan Plaut. Peter Kilpe is our publisher. See you next week. [ Music ]