News : Can’t teach an old GPS new tricks

Tuesday, May 28, 2024

Can’t teach an old GPS new tricks

May 28, 2024

With help from Mallory Culhane

Driving the day

— The decades-old GPS tech critical to everything from phones to planes is under attack. Now Russia successfully jamming signals in Ukraine and China’s expanding GPS technology potentially foreshadows a real issue for American critical infrastructure.

HAPPY TUESDAY and welcome to MORNING CYBERSECURITY! The community pool is open for the summer, which means it’s now that time of year where I’m reminded that preteens with year-round training regimens are better swimmers than me.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

Intermountain Health vice president and chief information security officer Erik Decker, Cleveland Clinic chief information security officer Vugar Zeynalov and BeyondTrust chief technology officer Marc Maiffret at taking part in a virtual chat with U.S. News & World Report on fending off cyberattacks on the nation’s health system. 1:00 p.m.

Trusted AI CEO Pamela Gupta, Code.org chief academic officer Pat Yongpradit and AI Education Project chief of staff Christian Pinedo are joining the Bipartisan Policy Center for a virtual discussion on AI and the evolution of digital literacy. 1:00 p.m.

Vulnerabilities

ELECTRONIC WARFARE — The decades-old tech that powers pretty much every electronic map, aircraft navigation system and cellular and internet data networks is facing an existential crisis in its old age, and could possibly provide a blueprint for adversaries looking to exploit holes in critical infrastructure.

— The backdrop: Some of the high-tech, American-made munitions sent to aid Ukraine's fight have encountered a big problem on the battlefield: Russian jammers are knocking them off course and the setback prompted Ukrainian forces to stop using the weapons, according to Ukrainian military officials and confidential Ukrainian military reports obtained by The Washington Post.

— But it’s not just weapon systems: Starlink satellites have also been affected by Russian jammings, as well as disruptions to electrical power grids and communication networks.

“GPS jamming could not be a bigger issue right now,” said Steve Poizner, the CEO of oneNav, a global navigation satellite system technology developer. “It's very difficult to use any receiver now in Europe because of the extent of Russian jamming.”

— Where else?: According to data from GPSJam.org, there are high levels of GPS interference currently in Estonia, Latvia, eastern Finland and southern Ukraine near the Black Sea. The Middle East has also been swarmed with interference, the focal point being the majority of Israel and its borders on all sides, including the Mediterranean Sea.

The most visible perpetrator has been Russia — using low-cost GPS jamming devices to disrupt aviation, interfere with military operations and even target civilian infrastructure.

Israel is also using similar technology extensively in the Middle East, including recently preemptively shifting the locations for Tel Aviv residents over a hundred miles due north to Beirut in anticipation of potential retaliatory drone strikes from Iran in April.

— The tactics: Targeting the L1 signal that all GPS devices require to initially lock onto satellite signals. L1 is the civilian-use primary frequency for GPS, making it an enticing target for attackers and heavily used by critical infrastructure providers. While there are other more modern and secure signals like the L5 frequency, the entire system is in peril if L1 is disrupted.

“Take L1 out and everything stops operating,” said Poizner, who previously worked as a White House fellow in an anti-cyberterrorism role. “Every receiver today must acquire L1 first, so if you disrupt that signal, the whole system grinds to a halt."

— Time to retire: The outdated GPS technology in the U.S. is itself a major component of the problem. Satellites in the late 1990s were launched with limited security in mind and lack the anti-jamming defense baked into other nations’ newer satellite navigation systems, such as China’s BeiDou system which reached full global coverage in 2020 and is being pitched to foreign countries for civilian usage.

And U.S. satellites launched in both the 90s and mid-to-late 2000s designed to have a 7.5 year life span are still operational to this day. GPS experts like Steve warn that even a limited jamming strike on an American city could trigger cascading problems across critical infrastructure domains — and that’s why it’s past time to fully upgrade to L5 signals.

"Jamming is happening extensively — it's a huge vulnerability," Poizner said. "And what's happening in Ukraine can happen in the United States."

The International Scene

CYBERSECURITY (STILL) ON LEADERS’ MINDS — The European Union’s leaders are finalizing their Strategic Agenda document in the EU Council and cybersecurity is still earmarked as a priority to boost joint EU defense capabilities, writes POLITICO’s Laurens Cerulus and Barbara Moens.

New financing instruments including “a new defense fund,” “expanding the [European Investment Bank]’s mandate” and “the possibility of EU defense bonds” could help support “large-scale European flagship projects” in air defense and EU cybersecurity, a text seen by POLITICO that reflected recent leaders’ dinner discussions said.

Foreign disinformation and manipulation also popped up in the latest text, seen by POLITICO, as a key challenge. That follows an effort by European Commission President Ursula von der Leyen to lift the issue to one of her main talking points in the EU election campaign.

EU citizens “are increasingly vulnerable” to disinformation and manipulation, and their effects “are often underestimated,” the text said, showing consensus among leaders to crack down on these attacks.

An earlier version of the agenda items already flagged joint cyber defense capabilities as an EU priority.

SECRET CABLES — The Chinese government is firing back at the Biden administration over claims that Beijing could tamper with vital undersea internet cables, accusing the U.S. of vilifying Chinese companies to maintain an eavesdropping monopoly.

The pushback comes after The Wall Street Journal reported last week that U.S. officials had privately warned American tech giants like Google and Meta that Chinese ships repairing undersea cables could be engaged in clandestine mapping or tapping activities.

According to the report, U.S. agencies alleged that cable repair vessels operated by the Chinese firm S.B. Submarine Systems had periodically gone missing from ship tracking data, raising concerns they could be conducting reconnaissance on military communication lines or stealing trade secrets.

— That’s one way to put it: Chinese Foreign Ministry spokesperson Mao Ning blasted the allegations on Monday as "completely baseless and constitute ill-intentioned vilification of Chinese companies." She said the claims are part of a broader U.S. effort "to build a global monitoring system dominated by the US with no rival and under no oversight."

TECH LEADERS TO CONVENE — This week's hot ticket is in Geneva, where a who's who of the AI world is gathering for the International Telecommunication Union's annual three-day summit.

— Who’s who: Reps from Microsoft, Google, OpenAI, the Center for Humane Technology, the Future of Life Institute and U.S. government agencies will debate paths for regulating AI while touting how to harness the tech for global good.

— The hard part: The summit will kick off on Wednesday with “AI Governance Day,” featuring panel discussions and closed-door roundtables with a lineup of industry and civil society reps and AI researchers to help government leaders navigate the transition from theorizing to implementing regulatory frameworks.

— What we’re watching (from outside the club): While billed as a forum to explore using AI for sustainable development goals and other international issues, a major part of the summit will scrutinize emerging regulatory frameworks worldwide.

An invitation-only, daylong event on Wednesday will take a hard look at both successful and flawed attempts to impose regulations on AI to identify gaps in existing frameworks.

The guest list tops 150 people worldwide, including the State Department’s deputy envoy for critical and emerging tech Seth Center, World Trade Organization Director-General Ngozi Okonjo-Iweala and secretary-general for China’s World Internet Conference Ren Xianliang. Government leaders from across the European Union, Asia and Africa, as well as reps from Meta, IBM, the Wikimedia Foundation and Stanford University are also set to be there.

Tweet of the Day

The FBI was really (really) committed to the case for the eventual arrest of former CIA officer Alexander Yuk Ching Ma. But now I’m curious about how his performance reviews went …

Source: https://x.com/jsrailton/status/1794699314096451949

Quick Bytes

BIG TIME BREACH — Sav-Rx, a prescription management company, is notifying over 2.8 million people that their personal data was exposed in a 2023 cyberattack, writes Bill Toulas for BleepingComputer.

INCOMING CLASS — A Tennessee hospital patient is suing Ascension for a data breach caused by a ransomware attack in May, alleging the hospital failed to protect patient information, reports WKRN’s Erin McCullough.

ICYMI — A hacker breached spyware app pcTattletale and published victims' data on the company's website. TechCrunch’s Zack Whittaker has the story.

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).