Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks

Test results are presented from over-the-air civil GPS spoofing tests from a non-negligible stand-off distance. These tests were performed at White Sands Missile Range (WSMR) against two systems dependent on civil GPS, a civilian unmanned aerial vehicle (UAV) and a GPS time-reference receiver used in “smart grid” measurement devices. The tests against the civil UAV demonstrated that the UAV could be hijacked by a GPS spoofer by altering the UAV’s perceived location. The tests against the time-reference receiver demonstrated the spoofer’s capability of precisely controlling timing from a distance, which means a spoofer could manipulate measurements used for smart grid control without requiring physical access to the measurement devices. Implications of spoofing attacks against each of these systems are also given. Recommendations are presented for regulations regarding GPS receivers used in critical infrastructure applications. These recommendations include creating a certification process by which receivers are declared spoof-resistant if they are able to detect or mitigate spoofing attacks in a set of canned scenarios. The recommendations also call for a mandate that only spoof-resistant receivers be used in applications classified by the Department of Homeland Security (DHS) as national critical infrastructure.