• DAVID MITLYNG

Weekly Takeaways-July 8, 2022

Theme of the Week

The Move to Zero Trust

The Zero Trust security model is all the rage in network security. The main concept behind Zero Trust is a "never trust, always verify" security strategy. As part of this, network providers are assessing their reliance on timing signals from GPS. Ideally, a Zero Trust network is completely GPS-independent. The next best option is to build resiliency against GPS outages, known as holdover. Obtaining holdover of 12 hours or more is possible, but very expensive. It requires adding stable clocks and/or pulling in timing from many GNSS sources. But these are temporary solutions on the path toward a true Zero Trust architecture. Last Week's Theme: Frozen in Time

Industry News

  • You already know that “GPS is Easy to Hack and the US has No Backup”: “Although we think of GPS as a handy tool for finding our way to restaurants and meetups, the satellite constellation’s timing function is now a component of every one of the 16 infrastructure sectors deemed “critical” by the Department of Homeland Security (DHS).”

  • The Washington Metropolitan Quantum Network Research Consortium, or DC-QNet, quantum network and test bed for research into quantum technology was announced as a collaboration between the US Naval Research Laboratory, US Army Combat Capabilities Development Command Army Research Laboratory, the US Naval Observatory, the National Institute of Standards and Technology (NIST), the National Security Agency/Central Security Service Directorate of Research, NASA, the US Naval Information Warfare Center Pacific, and the US Air Force Research Laboratory.

  • An NHK broadcast "Ukraine: The New Satellite War" describes how space has influenced military strategy in the Ukraine conflict. As one expert noted, “During the Cold War, this (satellite imagery) would have been super-secret intelligence information. The US would have spent billions of dollars to obtain images like this. I feel we have entered a totally new era.”

  • South Korea and KT Corp are working on an advanced position, navigation, and timing (PNT) service that “aims to reduce GPS signal error to centimeters, [and] is tailored to smartphones, autonomous vehicles, unmanned equipment, drones, and flying taxis.” This is to augment their $3B Korean Positioning System (KPS), which is planned to be operational by 2035.

  • McKinsey's latest “Quantum Technology Monitor” claims that funding for quantum startups more than doubled to $1.4 billion in 2021, with nearly half going to US startups. This is in addition to government funding, where China dominates: "activity in China is accelerating due to reported large government investment (estimated at $15.3 billion), more than double what EU governments are investing ($7.2 billion) and more than eight times that of US government investments ($1.9 billion).”

  • The US has built a dependence on technology, and there is concern that quantum technology has enormous implications for both the commercial and defense sectors.

  • The fear of a Carrington Event, a solar storm that “could cause trillions of dollars in damage globally,” continues to grow after a surprise geomagnetic storm hit the Earth last week.

Conferences

The More You Know...

The Zero Trust Architecture, as defined in recent papers by NIST in the US and the National Cyber Security Centre (NCSC) in the UK, is really an outline of best practices. But there is a push toward implementing these guidelines. Last year, all US agencies were encouraged to “develop a plan to implement Zero Trust Architecture,” with the Federal Aviation Administration (FAA) recently outlining their Zero Trust plans. Yet, Zero Trust does not specifically address a major weakness in the “never trust, always verify” architecture - the reliance on GPS timing for a functioning network. As mentioned many times in this newsletter, it is trivially easy to jam a GPS signal. Spoofing - the ability to convince a user that the source is someone else - is harder. But not that hard. There are even instructional videos on detecting and spoofing GPS signals.