In today's interconnected world, global navigation satellite systems (GNSS) are vital for maintaining essential services like telecommunications, power grids, and rescue services. The United States government's GPS is the foundation for numerous military and civilian applications, such as accurate navigation for trucks, mobile phones and planes. The Galileo system, which was developed in Europe, focuses on civilian applications such as agriculture or search and rescue missions. Both the Galileo and GPS systems are essential for positioning and synchronization, as they have global coverage. However, this dependence poses challenges as uninterrupted GNSS availability cannot be guaranteed, and it is also susceptible to attacks like jamming and spoofing. Consequently, GNSS-based applications are at risk.
The vulnerabilities of GNSS are also regularly exploited by military organizations and cyber criminals. In December 2011, Iran captured an American drone thanks to spoofing techniques. In 2018, a NATO exercise was confronted with significant GPS interference, presumably from Russia. In Australia in 2023, tractors and agricultural machinery broke down for hours due to a satellite malfunction. And in September of this year, there were considerable operational restrictions in Israel as Ben Gurion Airport in Tel Aviv suffered GPS disruptions, presumably due to interference from abroad. All these examples emphasize the importance and necessity of better protection for important and critical applications, infrastructures and industries.
This is where the BlueSky™ GNSS firewall comes in - a robust solution that effectively deals with threats while ensuring the resilience of critical infrastructure.
The BlueSky GNSS Firewall solves the problem of protecting already deployed systems. It provides a cost-effective solution by being installed between existing GNSS antennas and time and synchronization systems. Similar to a network firewall, the BlueSky GNSS firewall protects systems behind the firewall from signals received and categorized as untrustworthy outside the firewall.
Inside the BlueSky GNSS firewall is a software engine that analyzes the received GNSS signals from both GPS and Galileo. In the case of GPS, the data received from each satellite is analyzed to ensure that it complies with GPS standards. This information is used by the firewall to block abnormal GNSS signals and ensure a secure GNSS signal output for downstream GNSS systems.
Most GNSS attacks are triggered by a "knock-off" event. This forces GNSS systems to briefly lose connection to actual GNSS signals and then replace them with fake GNSS signals. The BlueSky GNSS Firewall identifies potential knock-off events by analyzing the signal strength of incoming GNSS signals and other indicators that reveal the presence of potentially spoofed GNSS signals.
If a GNSS incident is detected, the BlueSky GNSS Firewall warns users and automatically takes appropriate measures to prevent the corrupted GNSS signal from propagating to downstream systems. This ensures secure operation of the time and synchronization systems, regardless of the actual GNSS conditions. This is done either via a hardened or a validated GNSS output.
Hardened GPS output is the safest option as it provides synthesized GPS output that is isolated from the live sky environment. If GPS jamming is detected by the BlueSky GNSS Firewall, the hardened GPS output is still available. Downstream systems can also use the hardened GPS signal in the event of GPS jamming or GPS spoofing without affecting their system performance.
The hardened GPS output generates a synthesized version of the GPS L1 signal. As the GPS L1 signal is supported by all current and upcoming GPS-based systems, it offers backwards compatibility and is also future-proof.
The validated GNSS output provides a copy of the actual GNSS signal, which is analyzed by the firewall. If anomalous conditions are detected, the firewall switches off the validated GNSS output and thus protects the user from potentially falsified GNSS signals. As soon as safe conditions are detected again, the validated GNSS output is switched back on.
The BlueSky GNSS Firewall supports a range of atomic clock technologies to ensure stable operation even in the event of GNSS failure over extended periods of time. Even in cases where disruptions last more than 30 days, the system can operate continuously. In addition, an optional internal Rubidium MAC is included, which enables continuous output of the GNSS signal to downstream GNSS receivers in the event of complete loss of the GNSS signal from the sky. Alternatively, it is possible to connect cesium clocks such as the 5071A or TimeCesium to the BlueSky GNSS Firewall to provide UTC traceable time for more than 30 days.
The BlueSky GNSS Firewall is installed in a standard 19-inch rack and can be placed either near the GNSS receiver system or at the point where the GNSS antenna cable enters the building. The GNSS antenna is powered by the BlueSky GNSS Firewall via a software configurable setting for 0, 3.3, 5 or 12 VDC. This means that almost all GNSS antennas currently in use are supported without having to change the existing installation.
Due to the importance of time and synchronization systems in the operation of critical infrastructure, the overview of the systems, the detection, localization, and resolution of problems as well as the simple and reliable administration are of utmost importance. The BlueSky Firewall software environment can be seamlessly integrated into the TimePictra management system. TimePictra is a modular, web-based management system for network elements in the areas of time, frequency, and synchronization. It provides administrators with a comprehensive overview and control of the network components, enables them to receive information or alarms from the systems, control them remotely and manage them from a central point. In addition, new criteria for detecting anomalies can be defined.
Microchip continuously tracks GNSS signal activity. Microchip's global deployment of atomic clocks and GNSS systems serves as a frame of reference for continuously analyzing GNSS data for changes. This includes spoofing and jamming threats, multipath signal interference, atmospheric activity and any other effects that may impact GNSS performance. New GNSS data verification rules are used as part of the BlueSky subscription service. These can be applied either via the TimePictra management software or via the secure web-based interface of the BlueSky GNSS Firewall.
Using the available performance monitoring option in TimePictra, GNSS reception parameters can be captured and geographically displayed for large-scale firewall deployments.
GNSS signal analysis such as GNSS phase deviation, GNSS satellite visibility, signal strength, RF power level, satellite tracking, GNSS position data and phase errors can all be viewed from a central console. Specific time periods can be selected to investigate exactly when and where an anomaly has occurred. This helps critical infrastructure operators to identify and isolate GNSS incidents more quickly.
The BlueSky™ GNSS Firewall is proving to be an indispensable ally in protecting our critical infrastructure in a world where our dependence on GNSS is undisputed. With easy integration and real-time protection against real-world threats to timing and synchronization systems, this innovative solution ensures that essential services for basic services and our daily lives are always available - even in the face of evolving threats.