Tuesday, January 25, 2011

Reader Comment – ICS and GPS

Earlier today Brad Calbick left a comment on today’s earlier blog about the ICS-CERT Alert on the GPS outage. While generally supportive of my comments about the late reporting, he took objection to my negative comments on using the GPS for critical system support; writing: “What is your proposed alternative to utilizing GPS for critical systems? I'm not aware of a solution that improves on the reliability and cost of GPS.”

I must admit that I don’t have an alternative, particularly since I don’t really understand what the GPS timing signal is used for. I would guess that it is used in synchronizing operations separated by enough distance that transmission time lag can cause problems. I am not a systems engineer so any thoughts that I would have on a substitute would be suspect at best.

GPS is a Military System

What I do know is politics and government. The GPS system was designed for and by the US Military for their use. A number of entities have complained over the years about the DOD control of the system, but since DOD paid for the system it is theirs to operate as they please.

I remember when civilian GPS devices were first introduced. Most people focused on the military’s initial refusal to allow civilian users full access to the system, access that would have allowed for more accurate position data. What most people failed to notice, or certainly remember, was that the military made a point of telling everyone that they would not guarantee future access to the signals.

The problem with ICS vendors using a pirated (I know, you can’t really consider receiving a broadcast signal as pirating) GPS signal for their own purposes is that they are using the signal without the military’s knowledge or ‘approval’. Thus, when the military plays with the signal for their purposes there is no mechanism (or reason) for the military to inform the ICS users.

Now, obviously the FAA has an agreement with DOD about their use of the GPS signals (almost certainly an memorandum of understanding). That agreement required DOD to provide the FAA with advance notice, and the FAA forwarded that advance notice to their GPS system users.

Protecting ICS use of GPS

If the ICS community is widely using the GPS signal for control purposes (and I don’t know how wide spread the use is) then someone is going to have to ensure that the military informs that community in advance of any modifications to the signal. I suppose that individual vendors could try to negotiate that agreement, but I doubt that that would be the most successful way of dealing with the situation.

I would suggest that DHS ICS-CERT would be the logical government organization to negotiate an MOU requiring advance notification of GPS signal modifications on behalf of the ICS community. Just like the FAA did in these two situations, ICS-CERT would then notify the community of the modifications so that facilities could take appropriate actions to protect their systems that use that signal.

Of course that brings up another problem, ICS-CERT is a passive communicator. They post information on their web site, but have no mechanism to point people to the new information. There are a few people like my self that actively monitor the ICS-CERT web site and then broadcast that information on blogs and tweets.

While that is more active than what ICS-CERT does with its information, it still doesn’t ensure that the information gets out to all affected parties. Someone is going to have to develop a communications system for these alerts that pushes the information far enough down the communication’s tree that everyone who needs the information will get it. At the same time the system would have to be careful about not blasting information out to people that don’t need it.

Again, I am not an engineer (a communications engineer in this case) so I can’t begin to describe how such a system might work. My part of the puzzle is to identify the problems and prod people into taking care of them.

No comments:

/* Use this with templates/template-twocol.html */