Microchip Technology BlueSky GNSS Firewall
Protects GNSS Systems against spoofing and jamming threats
The vulnerability of GNSS systems to various signal incidents is well documented. The rapid proliferation of GNSS systems has embedded these vulnerabilities into critical national infrastructure as well as corporate infrastructures that rely on GNSS-delivered position, navigation and timing (PNT) for daily operations. The widespread deployment of GNSS makes it impractical to replace all fielded GNSS systems in a timely or cost-effective manner.
Microchip provides a portfolio of technologies, products, and services that enables operators of Critical Infrastructure to construct a secure and robust PNT network that is resilient to GNSS errors as well as errors coming from other sky-based delivery channels such as Galileo, GLONASS, BeiDou, or another. Details of this complete portfolio are described in the Virtual Primary Reference Time Clock (vPRTC) architecture which can be found here.
The BlueSkyTM GNSS Firewall protects already deployed GNSS systems by providing a cost-effective overlay solution installed between existing GNSS antennas and GNSS systems. Similar to a network firewall, the BlueSky GNSS Firewall protects systems inside the firewall from untrusted sky-based signals outside the firewall.
Defending against GNSS Threats needs to be part of a Cybersecurity Plan
Systems which rely on GNSS for reception of Position, Navigation and Time (PNT), have been determined by national security agencies across the globe as potential cybersecurity attack vectors. The Department of Homeland Security (DHS) recently published the Resilient Positioning, Navigation, and Timing Conformance Framework document providing a common reference point to help critical infrastructure become more resilient to PNT disruptions. Described in the DHS Resilient PNT Conformance Framework, a cybersecurity approach has been proposed:
Prevent: The first layer of defense. Ideally threats are prevented from entering a system, however, it must be assumed that it will not be possible to stop all threats.
Respond: Detect atypical errors or anomalies and then take action such as mitigation, containment and reporting. The system should ensure an adequate response to externally induced, atypical errors before recovery is needed.
Recover: Return to a proper working state and defined performance. It serves as the last line of defense.
Four Levels of Resilience
Based on the Prevent-Respond-Recover cybersecurity model, the PNT Conformance Framework document describes 4 levels of resilience. Note that the resilience levels build upon each other, that is, Level 2 includes all enumerated behaviors in Level 1, and so forth. Using the BlueSky GNSS Firewall either as a standalone security barrier or in combination with Microchip’s high-performance atomic clocks and timing distribution systems, all four levels of resilience can be achieved and exceeded.
The new BlueSky GNSS Firewall Software Release 3.0
Contained within the BlueSky GNSS Firewall is a software platform that analyzes GNSS signal reception. GNSS signal data is received and evaluated from each satellite to ensure compliance along with analyzing received signal characteristics. Release 3.0 further enhances the BlueSky GNSS Firewall's already field proven GNSS protection capabilities with new features such as Trusted Time Anomaly Detection, GPS Subframe Reference Detection, embedded GNSS observable tools combined with new TimePictra Performance Monitoring features to better secure, monitor, prevent, respond and recover to GNSS threats. Critical Infrastructure providers now have the most advanced set of tools for defending against all intentional or unintentional vulnerabilities and threats and achieving Level 4 Resilience as defined by the DHS PNT Conformance Framework.
Integrates seamlessly between existing GNSS Antenna and GNSS system
Microchip’s BlueSky GNSS Firewall is deployed in-line between an existing GNSS antenna and GNSS receiver system and can be placed near the GNSS receiver system or near the point at which the GNSS antenna cable enters the building. Thus, nearly all currently deployed GNSS antennas are supported without modifying the existing installation.
Optional Rubidium MAC (Miniature Atomic Clock) for enhanced threat detection and holdover
Upgrading the BlueSky GNSS Firewall with the MAC enhances anomalous GNSS detection capabilities while also extending holdover performance of the hardened GNSS signal output for multiple days.
1PPS and 10 MHz timing reference inputs for extended holdover
10 MHz or 1 PPS inputs allows for connection of autonomous references sources such as Microsemi's 5071A or TimeCesium products to extend the holdover performance in case of a complete loss of GNSS reception for long periods of time.
Upgradeable Software in addition to secure and easy-to-use web interface
At the core of the BlueSky GNSS Firewall is a programmable anomaly detector that validates the GNSS subframes for spoofing incidents based on defined data validation rules. A wide range of rules have already been built into the BlueSky GNSS Firewall to detect suspicious time and position inconsistencies. As with traditional security firewalls, new validation rules are made available with each new release of software for the BlueSky GNSS Firewall to defend against new threats that are identified.
Wide scale management using TimePictra platform
Management of wide scale deployment of 10's, 100's or 1000's of BlueSky GNSS Firewall units is simplified using Microsemi's TimePictra management system. TimePictra enables a regional, national, or a global view of your PNT infrastructure to provide early alerting of threats before your PNT network is violated.
BlueSky Performance Monitoring
Integrated within TimePictra, BlueSky Performance Monitoring enables visibility of GNSS reception parameters across a wide-scale deployment of BlueSky GNSS Firewalls. GNSS signal measurements such as GNSS phase deviation, GNSS satellites in view, and GNSS signal strength can be plotted for selected time periods. This aids critical infrastructure operations to more quickly identify and isolate GNSS incidents.