An apparent mass and blatant, GPS spoofing attack involving over 20 vessels in the Black Sea last month has navigation experts and maritime executives scratching their heads.

The event first came to public notice via a relatively innocuous safety alert from the U.S. Maritime Administration:

A maritime incident has been reported in the Black Sea in the vicinity of position 44-15.7N, 037-32.9E on June 22, 2017 at 0710 GMT. This incident has not been confirmed. The nature of the incident is reported as GPS interference. Exercise caution when transiting this area.

But the backstory is way more interesting and disturbing. On June 22 a vessel reported to the U.S. Coast Guard Navigation Center:

GPS equipment unable to obtain GPS signal intermittently since nearing coast of Novorossiysk, Russia. Now displays HDOP 0.8 accuracy within 100m, but given location is actually 25 nautical miles off; GPS display…

For few days, on 20 ships, GPS gave a position inland (near Gelendyhik aiport) but vessel was actually drifting more than 25 NM from it.


Mass GPS Spoofing Attack in Black Sea? (http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea)

Before I get started, my background is ex-FAA aircraft Dispatcher and ramp rat, now a physicist employed as a GPS Security Technologist working for a major GPS simulation/test company.

I've been monitoring the reports from the Black Sea - there were reports from Moscow and St Petersburg in late 2016 of possible GPS spoofing taking place - in Moscow, users near the Kremlin reported that their GPS receivers were indicating that they were at Vnukovo airport, a significant error.
Here's one of the reports: - Getting lost near the Kremlin? Russia could be 'GPS spoofing' - Dec. 2, 2016 (http://money.cnn.com/2016/12/02/technology/kremlin-gps-signals/index.html)

But we do have to treat all of these reports with a little bit of caution - we do know from work that was done in the UK that GPS jamming can cause GPS receivers to output misleading position and timing information - this happens when the interference level is significant enough to affect the operation of the GPS receiver but not enough to saturate the RF front end and stop it working completely. The project in the UK showed this graphically - with some unexpected results...

https://rntfnd.org/wp-content/uploads/Dixon_et_al-Spec__Test_of_GNSS_Vulnerab-ENC-GNSS-2013.pdf

So there's a lot to consider here before we could say what is going on with much certainty. Some of the reports (the 22 June report to USCG) is interesting as it does suggest something a bit more than simple jamming might be going on.

Very interesting ex_d & useful.......

There was an official warning for the duration of the G20 summit in hamburg a few weeks back about possible GPS problems in the wider hamburg area, as apparently some of the security personnel of some of those leaders were actively jamming/spoofing GPS.

A relatively simple hack, given that the spoof was to a fixed position, might be to place a wideband GPS receiver at the fixed position, then relay the signal to the black sea, at a somewhat higher power. The time will be incorrect, but I venture that there are few GPS receivers with a built-in atomic clock that could detect that offset. Nor would they be able to detect the actual signal location (via DF).

Jamming it and misdirecting it are much different animals.

Very few recievers would, or even could, use one signal to triangulate and locate.

At sea is a slow moving target.

Thank you X-D...

#1 test, a YAGI ant, which is a focused main lobe, that while effective near shore and with tracking, would have to be very powerful to reach an aircraft. (and would still have to track) likely not able to affect widespread issues.

#2 test results, the jammers were 5m and 15m from the GPS antennes?

Surface vessels have INS, so while a temporay disrution would affect the GPS location, the INS would not be affected until the disruption lasted 15 mins or more, and then IRS drift degredation of location would occur.

I had the GPS on the 777 go a-wandering last year when over Russia, was on inertial/radio for about 40mins. Confirmed later as genuine outside interference...

So, time to double check that your radio update inhibit remains off until you're planning to fly a GNSS approach and to confirm your position whenever able with navaids along your route.... what's new? :E
The complete reliance on a service provided out of benevolence by a nation's military is a little worrying - I would not be surprised in the slightest if selective availability is reintroduced as the North Korean conflict heats up:ouch:

There used often to be NOTAMs for the area round China Lake (big US Navy research base in the desert in SoCal*) concerning GPS disruption. I believe they were testing this kind of capability. Haven't seen any for a while, I guess that now aviation depends on GPS it would be kind of embarrassing to send all the LAX arrivals to Hawaii. If the US can do it, I'm sure the Russians can too.

*(Don't ask me why the US Navy has a research centre in the middle of the desert, I have no idea).

There used often to be NOTAMs for the area round China Lake (big US Navy research base in the desert in SoCal*) concerning GPS disruption. I believe they were testing this kind of capability. Haven't seen any for a while, I guess that now aviation depends on GPS it would be kind of embarrassing to send all the LAX arrivals to Hawaii. If the US can do it, I'm sure the Russians can too.
They're constantly testing, at China Lake and throughout the country:

https://www.faasafety.gov/files/notices/2017/Aug/CHLK_17-05_GPS_Flight_Advisory.pdf

FLIGHT ADVISORY
GPS INTERFERENCE TESTING
CHLK GPS 17-05
5-31 August, 2017
China Lake, CA

GPS testing is scheduled as follows and may result in unreliable or unavailable GPS signal.

A. Location: Centered at 360759N1173215W or the BTY VOR 210 degree radial at 055 NM.

B. Dates and times:
5 – 6 AUG 17 1630Z – 2359Z
22 – 24 AUG 17 1630Z – 2359Z
29 – 31 AUG 17 1630Z – 2359Z

What am I missing here folks?

My Boeing is not going to fly 25NM off course if it's GPS suddenly starts reading 25NM off course.

My Boeing is also quite capable of flying to destination without GPS (unless I need it for approach, but I plan contingencies for that).

Interesting article on the GPS spoofing which the government in Russia has around the Kremlin.

Puzzling Moscow GPS Anomaly - Articles - Get Russia (http://getrussia.com/articles/moscow_gps_anomaly/)

My Boeing is not going to fly 25NM off course if it's GPS suddenly starts reading 25NM off course.
I think not all aircraft have INS. And under NextGen, having all aircraft report the same position via ADS-B might be worrying.

Nearly ever GPS chipset on the market will use some sort of Kalman/State space filtering. At it's most basic level this means that the GPS will know (via a mathematical model) what it expects it's next location value to be based on current velocity vector, if the calculated value (based on radio signals) is different then an error 'weighting' (Kalman gain) is applied to that calculated value to indicate that it might be erroneus and it is not used in the mathematical model of the current location.

In short, if your aircraft GPS detects a sudden step change in location data your GPS system /should/ detect that it is erroneus. If the change is small and progressive, that is more difficult to handle.

Yes, this has been discussed at length on other threads. On the ac, the GPS knows where it was, not where it is. The Kalman filter provides the estimated location.
Along with RAIM, and RAIM checks in the avionics, this will leave out erroneous signals.
If nothing else, on a complete jam, it will go to the IRS until it acquires enough GPS data to continue.

it will go to the IRS
That's a new one to me. I've never heard of an IRS approach. Do you get a penalty if you go below minimums? Can it be audited?

At the IAF it says "I'm from the government and I'm here to help you".

That's a new one to me. I've never heard of an IRS approach. Do you get a penalty if you go below minimums? Can it be audited?

Not sure what you mean. Technically, it is always an INS/IRS approach, one cannot use raw GPS data.
Depending on the RNP level of the approach, you may not be able to use the approach in the degraded mode.

The system will tell you the RAIM and availablity. Depending on the system you have different capabilities.

To answer your question, yes, with IRS drift and other issues, you will get penalties, ie reduced RNP levels or GPS N/A.

You will not get a varied minima depending on GPS avail, it is a A or NA...

I'm guessing the smart GPS jamming techniques will be using similar techniques to range gate stealing and operating within receiver's failure tolerances?

I suspect that neither RAIM nor a KF would prevent spoofing, in fact a KF would perhaps help the spoofer.

Techniques such as those employed to carry out a range pull off are relevant but I think there is a lot more involved than would be in spoofing a radar.

An aircraft's greatest defence is the fact that it is flying.

I suspect that neither RAIM nor a KF would prevent spoofing, in fact a KF would perhaps help the spoofer.


Some very good discussions here - earlier I (hope) I provided some useful info on the incident.
Again - hopefully this will help when looking at defences...The military often use what they call a CRPA (Conformal Radiation (some use "Reception" if you want to look online) Pattern antennas. Principle of these is that the antenna pattern steers nulls in the field in the direction of Radio Frequency interference at GPS frequencies. The antennas are typically 4 or 7 elements (determines number of nulls which is N-1 (where N=number of elements). As GPS signals come in below thermal noise - any signal the CRPA detects is regarded as interference and a null is formed in the direction of the source. They work really well and make it much harder for a spoofer (who now has to worry about setting very precise power levels which is difficult for all but most determined). I've been an advocate of these systems being made available to Commercial aviation( but only from my ground based knowledge of aviation) for a long time but so far restricted for military use only.. following is a very technical paper on how they work but I think explains some of the principals. I'd be interested in hearing your views on whether this kind of solution could work well enough for you on the flight deck....

https://web.stanford.edu/group/scpnt/gpslab/pubs/papers/Mcmilin_IONPNT_2015_Anti-Jam_final.pdf

That's a new one to me. I've never heard of an IRS approach. Do you get a penalty if you go below minimums? Can it be audited?

On my aircraft the assumed ADIRU drift if GPS is lost is 8 NM per hour. If you’re already on an RNAV approach when you lose GPS, it’s perfectly feasible to complete the approach before you get NAV UNABLE RNP.

8NM per hour!!!

are you sure?
That rate might be ok for the first 30 minutes of a flight but is too high for anything over an hour.

I believe 8 nm per hour is the typical assumed limit with no updating at all (no GPS, no DME/DME). This is a conservative limit.

Otherwise, Part 121 requires 2 nm per hour IRS system accuracy for flights up to 10 hours.

Hoppy is right IMHO. I'm accustomed to 3+3T and almost invariably the results after even longish sectors came in way under that on the B747 classic to which I was then assigned.

Not sure what you mean. Technically, it is always an INS/IRS approach, one cannot use raw GPS data

Strange then that so many IFR equipped GA aircraft are carrying out RNAV GPS approaches without any inertial reference whatsoever.

Strange then that so many IFR equipped GA aircraft are carrying out RNAV GPS approaches without any inertial reference whatsoever.

It's very common not to have inertial in the smaller business jets too, and they also fly RNAV and RNP with approvals.

Hoppy is right IMHO. I'm accustomed to 3+3T and almost invariably the results after even longish sectors came in way under that on the B747 classic to which I was then assigned.

Apples and oranges maybe?

The IRU drift rate isn't constant. The IRU will potentially have high drift rates during the taxi out / takeoff / departure climb and also on the way down during the descent, approach, landing and taxi back to the gate.

Conversely, the IRU should be relatively stable during cruise.

On trans-oceanic flights with long stable cruise times, 3 + 3T is a good rule of thumb for approximating the drift limit. But 3 + 3T isn't a good approximation for very short flights.

And during an active approach, especially with a go-around or missed approach, the IRU can drift at much higher rates than 3 + 3T, generally assumed to be 2 nm per 15 minutes (which is 8 nm per hour) based on empirical testing.

For RNAV GPS approaches, if the GPS is lost then (typically) the system is not certified to fall back to DME/DME updating and will only rely on the IRUs.

So for safety reasons, during procedure design in case of GPS loss the IRU is assumed to be exhibiting high drift (8 nm/hr) for N minutes of activity before stabilizing back to 2 nm/hr (with N being a variable depending on what is being designed.)