A concerning increase in incidents involving the electro-magnetic spectrum (EMS) is being reported in Eastern Europe, the Baltics and the Eastern Mediterranean. Interrupted GPS signals for aircraft, ships, drones and munitions in Ukraine have been commonplace throughout that conflict, but increasingly, civilian equipment not affiliated with the conflict are reporting issues. Since 2018, there has been a 2000% increase in radio frequency interruption incidents to global navigation systems.
Since August of 2023, 46,000 aircraft have reported GPS jamming or spoofing while in flight over Eastern Europe. Recently, ships in the Black Sea and Mediterranean have reported GPS spoofing. The risks of these interruptions are high. The culprit in Europe? Russia – far and away beyond any other suspects. Critical infrastructure and control systems being hacked, spoofed or jammed can have catastrophic results. To better understand the risks, let’s look at what EMS attacks are, the risks involved and how we can better protect ourselves and our organizations.
What Are EMS Attacks?
Militaries conduct Electronic Warfare (EW) for both defense and offense through jamming and spoofing techniques. Jamming is when a transmitter is used to overwhelm or interrupt another transmitter. Spoofing is when a receiver, typically a GPS receiver, is fooled into giving a false location by receiving incorrect signals. Both jamming and spoofing can interrupt the Position-Navigation and Timing (PNT) data flowing over many types of networks. Good PNT data is critical to not only land, air and sea navigation systems, but also to computer networks, communications infrastructure and mobile networks. GPS is a commonly used commercial capability that can be inadvertently impacted by electronic warfare.
Since GPS satellite signals can be relatively weak depending on the position of the GPS receiver and the satellite, jamming can be done easily or even inadvertently. Recent issues with GPS in the Baltic appear to be emanating from Russian emitters in Kaliningrad — not targeted at civilian aircraft, but interfering just the same.
Why Are the Russians Doing This?
In Europe, Russia constitutes the biggest threat from electronic warfare (EW). Russia has historically invested heavily in EW, along with other means of deception, disinformation, camouflage and concealment. Most recently, EW has been one of the means of “Gray Zone” warfare, Russia’s attempt to fight below the threshold of overt armed conflict. EW is used along with non-uniformed forces, information warfare and espionage to subvert international norms and escalate a situation, before deescalating to a new state of affairs more preferable to Russia’s worldview. Currently, Russia is likely using GPS spoofing and jamming around its periphery, in the Baltics and Black Sea, and over Poland to intimidate and harass NATO countries. The entry of Sweden and Finland into NATO are likely contributors to increased Russian use of EW. The Russians are also likely concerned about Ukrainian horizontal escalation of that conflict through targeting of Russian facilities in Kaliningrad and elsewhere (See our recent blog on Escalation Dynamics for more information).
What Are the Risks?
The biggest risk from EW is the loss of electronic navigation on a commercial plane or vessel, but EW can also cause critical facilities or platforms to shut down or malfunction. A crash from an EW jammed or spoofed asset could shut down port facilities or airports or cause other critical chokepoints. In an area like the Baltics, where each country is small and relies on a few key facilities to move goods and materials, this could be a catastrophic event. Fortunately, actual events have thus far only resulted in confusion or the loss of equipment.
Although events might be low, the sheer volume of GPS interference is troubling. EW events could cause a loss of confidence in business by customers and employees. This risk goes part and parcel with Russian tactics. If people lose confidence in the organization to provide services or safety — government or commercial — it becomes more likely that the average user is susceptible to disinformation or skepticism. EW attacks could raise the likelihood of government intervention, particularly in areas near conflict zones. This can have a constraining effect on the ability of the business to operate and slow down production and supply chains.
How Can I Protect My Organization?
Commercial businesses can't actively prevent jamming or spoofing by state actors. However, they can take measures to increase awareness and be proactive. Businesses can assess vulnerabilities and risks based on geography, facilities, systems and geopolitical conflict. Cataloging vulnerable systems and prioritizing risk areas can make businesses more aware of EW risks and orient security managers to response measures.
Reliable risk data is the foundation of any threat and vulnerability assessment. Understanding where EW has been occurring in the world and the patterns of events near specific locations and assets will help businesses better respond and mitigate these risks. The ADS-B Exchange generates map layers of likely GPS interference based on aircraft reports of their navigation system accuracy. One good source for this map data is John Wiseman’s GPS Jam.
Comparing impacts of previous threats with existing protocols for response and mitigation can facilitate a more accurate analysis of preparedness, even for threats businesses haven’t encountered before. Developing a streamlined standard operating procedure for loss of navigation can speed up the response time for businesses and authorities. In the recent Baltimore Key Bridge Disaster, quick reactions by the ship’s navigator and pilot dispatcher managed to halt traffic onto the bridge, preventing the loss of more lives.
Set policies and procedures to ensure a proactive security approach and consistent best practices for responding to and mitigating the impact of state-sponsored conflict, including EW. Well-designed tabletop exercises can ensure that informational siloes are removed and process gaps are filled. Consider incorporating targeted or accidental electronic interference into the next exercise scenario. Organizations can simulate responses to GPS interference on their facilities or assets and develop response procedures.
The mission can feel daunting and the path forward unclear. If you’d like to continue this discussion, provide feedback, or are looking for assistance, OnSolve is here to help.