CyberWire Daily - GPS: A backbone for critical infrastructure. [T-Minus: Space-Cyber Briefing]
Episode Date: May 31, 2026Since its original creation in the 1970s, GPS has evolved from a technology primarily used by the military to a foundation for modern society. After the removal of selective availability for civili...ans in 2000, GPS’s value has significantly expanded. In the past two decades, nearly every critical infrastructure sector–telecommunications, transportation, energy, agriculture, emergency services, and financial services–relies on GPS constellations to ensure that timing and location accuracy are precise. Though many do not see its utility in day-to-day efforts, GPS has become entrenched in modern networks and services. Key sources: Removal of selective availability. Satellite Navigation - GPS - How It Works. What can GPS do? Like what you heard? Be sure to subscribe to our free Signals and Space Briefing, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to space@n2k.com. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Looking to understand the cybersecurity risks emerging beyond Earth's atmosphere?
In the weekly Signals in Space newsletter, T-minus host Maria Vermazas and producer Ethan Cook connect the dots between terrestrial infrastructure and the growing attack surface in space.
Each week, you'll get the latest space cyber headlines, direct access to the week's T-minus podcast conversation, plus everything.
expert insights and resources to help security professionals better understand this rapidly
evolving domain. Space systems are becoming critical infrastructure. Signals in space helps you stay ahead
of the threats shaping the next frontier. Subscribe now to the Signals and Space newsletter.
When it comes to mobile application security, good enough is a risk. A recent survey shows that
72% of organizations reported at least one mobile application security incident last year,
and 92% of responders reported threat levels have increased in the past two years.
Guard Square delivers the highest level of security for your mobile apps
without compromising performance, time to market, or user experience.
Discover how Guard Square provides industry-leading security for your Android and iOS apps
at www.gardesquare.com.
I googled how does GPS work.
Yeah.
And the technical definition that I got was
a receiver measured the time it takes
for a signal to travel from multiple satellites
to your device. Then it measures
that it multiplies the travel time by the speed of light
to calculate the precise distance to each satellite.
And then by analyzing them from at least four different satellites,
the receiver then determines the three-dimensional position,
latitude, longitude, and altitude, and time.
And time.
is really important, yes.
Welcome, I'm Maria Vermazes, and you're listening to T-minus space cyber briefing.
In this show, we examine the evolution of cybersecurity in the global and orbital infrastructure
that powers, protects, and connects our lives.
Hi, everybody, and thank you for joining me today.
In last week's show, we spent some time thinking about the future of GPS and how to secure it.
This week and next, we thought we'd take a little step back and spend some more time looking at
GPS in general, and why in the heck it matters in a space cyber context. Spoiler alert, it matters a lot,
perhaps a lot more than you would think. So let's dive in. And by the end of this episode,
you'll have a better understanding of where and how attacks against GPS signals fit into
the modern threat landscape. Producer Ethan Cook joins me once again to break it all down.
All right, so hi, Ethan. Welcome back. I didn't scare you away last time. No, you did not. I
here. I'm back. All right. So we've been talking a lot about GPS, good old GPS in our editorial
discussions. And when we're talking about like booking people for the show, it feels very inevitable
that we're going to go back to it a bunch. It's kind of important. Kind of important. Also,
I think people think they know a lot about it and maybe have a different idea of what the actual
reality is. But anyway, before we get into all that, for context for our listeners, I've been
in this space world and the GPS world, like pretty hands-on, pretty heavily the last few years.
You've been doing a ton of research as we've been sort of figuring out how we're going to
cover GPS over the next couple episodes.
So you're a little newer to it.
And I'm very interested in hearing as we go through sort of our conversation, what surprised you,
you know, things that you thought were one thing but actually were another.
I think a lot of people are going to be with you on that.
Yeah, I've been, you know, dusting off those old college research skills, crazy stuff.
Yeah. Yeah, it's every time I think I know something about GPS, I often find that I was just straight up wrong.
So I guess let's take people on that journey with us.
Let's learn about GPS because it's, I mean, it's not just the thing on your phone.
It's not just like the old school Tom Tom or Garmin that you had in your car.
Yeah, it's not a math feature.
Yeah, so I feel like the best way to start talking about GPS.
My favorite thing to do is just ask people randomly, how does GPS,
work and just hear their responses.
And I feel like it's cheating asking you this
because you kind of know how it works now.
A little bit.
The week ago explanation would have been
phone connects to satellite.
Satellite tells me where I am
and then magic happens and I go to a location.
That is how everyone describes it.
You know, like a week ago, I was like,
why do I need to know anything more than that?
What could ever be relevant to that?
Yes.
For example, I guess a good way to think about
that would be if you are, let's say,
driving using a map feature or navigation feature.
It's being able to tell you not only actively where you're moving to and in live real time
and the positioning aspect, but like how far away you are and estimating is the kind of concept
I got, as well as in a time sensitive system being able to be like, let's say for finances,
being able to say like, okay, this person is in the correct location and they're paying within a
sensitive time frame that's to make sure that this is an authentic use of GPS.
That's the rough concepts that I've gotten over the past, like, three days of shotgun research.
Okay.
I hear some things in there that sound right and a few things that I'm like, I'm not sure that's correct.
So I...
Okay, well, let's go for it.
Because I...
So my main thing is we're not talking to the satellites with GPS.
That's the thing that I think everybody thinks is like we're communicating with them.
It's like, we're just listening to what they're telling us.
And that people think that the satellite also tells you how to navigate.
And it's like, nope, satellite doesn't tell you any of that.
That's all your phone and your phone plus the cellular networks all working together.
There's a lot of stuff happening on the software level on your phone that's doing all that navigation.
The GPS is not thinking that part for you.
That is a totally different world.
All right, so we've just said, like, what it isn't.
Okay, well, there we go.
So maybe, should we start with what the heck GPS actually is?
Yeah, absolutely, yeah.
That's a good start.
I've learned it's a port of, it's a very small port of a very small port of a very,
very large ecosystem.
It truly is.
So this is Maria's putting on her explaining hat now.
So Professor Maria has entered the building.
So there are a lot of different satellite constellations or groups of satellites that exist in what's called like geostationary orbit or like way out there in orbit.
Not as close to Earth as lower orbit is.
Yes.
So essentially like the stuff like we talked about with Starlink or the international.
International Space Station. Those are in low Earth orbit. That's pretty close to Earth. That's like a couple hundred kilometers from Earth.
All these global navigation satellite systems, and there are many around the world operated by many different countries, of which GPS from the United States is the first.
They're way, way, way far out there. But like the United States, we have GPS.
Europe has Galileo, so that's their own version. And they're all slightly different from how we do things.
Russia has one called Glonas. India has Navi. China has Beto.
And Japan has QZSS, and like, we all use each others.
We all ping off of each others.
And all of these different global navigation satellite services are GNSS.
GNSSS is.
Like, we can see all of those signals.
They all work slightly differently, but they're all just blasting the signal out.
Just kind of going, here I am.
So there is a lot of physics that goes into this.
And yes, the speed of light comes into this.
And if people go, what, how does any of that relevant?
It's super relevant.
part about GPS satellites being far away from Earth is actually really important because there's a delay between when the satellites send their signal about where they are and what time they think it is versus when we receive that here on Earth.
And that delay is super duper duper minuscule, but it is there.
It is important. Yeah. And it's like we humans can't perceive it, but our machines sure can.
If you ever asked any cyber professional about RTP and, you know, the impacts that desynchronizing that could have on just an individual network.
Yes.
Catastrophic would be the answer depending on how big that network.
I mean, that right there, what you said, Ethan, is like the whole reason why we on a space cyber
podcast are talking about GPS, because as cool as GPS is, in terms of global infrastructure
and the things that cybersecurity professionals are going to be really interested in, it's not the
location stuff, it's the timing.
The timing is so crucial.
And yes, as you said, if you mess with that, you monkey with that in any way, a lot of stuff's
boned.
I don't know how to put it.
It's a catastrophic, you know, impact on a lot.
It is. It truly, truly is. And I think when we have our next episode, we're going to get into a lot of how that works a little more specifically. So,
I'll spoil our work for that one. But that is a bit of a preview of what we're going to get into. But yeah, so essentially, going back to the physics of all this works, the key thing is that, again, as you said, the satellite is blasting out a location, the latitude, longitude, altitude, and time. That's it. And then from there, we can do a whole bunch of trilobes.
Our devices can do that.
The receivers on the ground can do that.
So that can be our phone that's receiving that.
If you're on a boat, your boat's receiver can do that.
It can do that.
Yes, very importantly.
And so all that heavy thinking is being done by the device
once it receives that key information.
And so we receive in the United States signals from GPS.
If you're in Europe, you're probably getting them from Galileo.
But we can actually get signals from a whole bunch of different GNS systems at once.
basically the key thing is we're getting these signals
and that tiny tiny delay
from the radio waves
the way the signals are getting to Earth
since radio waves are a form of light
we can use the tiny delay
with the speed of light
to figure out okay if the delay is this
and it says this and that
we've got a whole bunch of overlapping spheres
of where the satellites are
we can sort of figure out position from there
that is a very poor physics explainer
about that works but like
it's better than trying to go through
as what I did
which is read 10 articles or they're throwing out very big words,
and I'm like, I don't know what's happening.
Yeah, the moment you see a formula, you're like, oh, no.
I'm like, oh, no.
The physics is beautifully explained on the internet
by people much more in depth on the physics side of things than us,
so we'll just hand-wave that a little bit.
But that whole process is trilateration.
Yeah.
Not triangulation.
No.
Trilateration.
Yeah.
And crucially, these signals are actually pinged out in a sphere from the GPS.
So they're kind of, you know, because they're in space.
They're not just blasting it down in a line.
They're putting out all these signals spherically.
So you can actually do some really interesting things with that if you're not just on Earth.
But that might be a different show entirely.
You know what?
We should probably take a quick break.
I agree.
All right.
So dust off those pogs and bust out a can of Sovi because we are going back to the 90s after this break.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave,
and with Threat Locker DAC, defense against configurations,
you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility,
real control and real peace of mind.
Threat Locker make zero trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
In Toronto, every arrival is a statement, and nothing says it better than this.
Cadillac Optic was the number one selling luxury EV in Canada for 2025.
Find your rhythm across a seamless 33-inch display and an immersive 19-speaker AKG surround audio system.
This city demands agility and optic delivers with precision to make every drive extraordinary.
Let's take the Cadillac. Find out more at Cadillac Canada.ca.
Luxury sales claim based on S&P Global Mobility Canadian New Vehicle Total Registrations for calendar year 2025 for the Cadillac definition of luxury.
Okay, and we're back.
But if you imagine these signals
from at least three different
GPS satellites sort of overlapping like a Venn diagram
you can imagine pretty quickly
depending on where you are
you're at the intersection of a whole bunch of different signals
and you're using the delay to be like
oh, here I am.
If you were in the military in the 70s
and 80s and 90s especially that put you way ahead
I'm being able to figure out where you were
that's actually why the whole thing
was invented was for military use.
As with everything.
As with everything. And this is actually something
it surprised me. It started in 1978.
Yeah, you know, I, it makes sense from like, just like, I'm a big history guy, you know,
from the time period being how much we were investing in space and the amount of moon laundries,
etc., that satellites, especially with the race with the Soviets at the time, being a very,
very competitive dynamic, especially with, you know, some minor proxy wars going on.
Yeah, Cold War, what the heck is that? Yeah, yeah. It does.
makes sense, doesn't it, given the time? And I mean, we were just starting to see, I mean,
that we had been to the moon by that point. The space shuttle program was starting to ramp up at that
point. And Skylab, I think, had already happened. So cool stuff was happening in space at that time
in the late 70s. And we weren't just going, satellites are really good for taking pictures from far
away and making beep beep sounds and maybe transmitting things. They're like, oh, maybe they can do other
stuff. So, but yeah, I would not have guessed 1978. That's still way or back, further back than I would
have guessed. Yeah, I would probably have, I would have said 80s would be my gut instinct if I had to put a pen down
on it. But I could see late 70s being like the tail edge of where I would have gone for.
I think from, at least now, from my research, what was interesting was, you know, as with everything,
the military does some massive investment, has this a very advanced technology and then inevitably
gets a new one, but the previous one has a ton of both commercial and civic uses that can do
a ton of wonders for us. The internet is one of them, for example. Thank you, DARPA. Yeah, exactly.
I'm pretty sure on my tombstone, it's just going to say thank you DARPA for the internet,
because I say it all the time, which is the weirdest thing to put on your tombstone, but I love
the internet. You know, it's quite wonderful, but I think I didn't realize, I knew that GPS was
originally started by the military, but I didn't realize that it was Clinton and, uh,
Gore who, like, it seems like, opened it up for commercial use.
Isn't that the weirdest thing?
So I didn't realize that either.
And I was alive at this time.
I feel like I should have remembered this.
Technically so was I.
I was like three or four.
Yeah, I was going to remember.
I was old enough to remember this.
I was like, but yeah, 1994 GPS got opened up for civilian use technically.
Like, technically, but nobody was using it in the 90s for a couple of reasons.
I mean, okay, not nobody.
It wasn't really widely used.
We didn't have smartphones at that time.
So, I mean, there's that.
GPS being open in 94 by the Clinton administration was what they called selective availability for civilians.
And so the accuracy was down to 100 meters, which I think basically told you essentially what state you're in.
You know, you could be in one of the tri-state area locations.
Yeah, I'm like, I'm in New England.
So I'm in one of the five New England states.
It doesn't do much for me.
Like, okay, great.
That doesn't really help.
I guess you're in Center, Texas.
It still knows that you're in Center, Texas.
Texas. Yeah, yeah, you're still in Houston. You're still in Houston. You're still in Houston. Yeah, that's
really, I mean, it's better than nothing, but certainly was not the accuracy level that the military
was getting, but I understand why they didn't open it up. But yeah, it was like one of the last things
I think Clinton did on his way out the door in 2000 was saying, you know what? I think actually
this would be more helpful if we get rid of the selective availability. Yeah, let's go crazy with it.
Let's go crazy. And then we civilians got 10 meters of accuracy from GPS signals. Which is, you know,
that's a pretty big improvement.
From 100 to 10?
Do the math.
It works.
Do the math.
So, yeah, that, I mean, we still didn't have, we did not have smartphones at that time,
but we did have cell phones-ish, kind of in 2000.
I mean, I had a cell phone.
They were devices.
I had a Nokia brick.
I don't think it had anything GPS at that time.
It probably still function, though.
If I could find it.
If you found it, it probably still works.
Oh, man.
Oh, I did so much work on, like, programming my ringtones in that thing.
It was a whole, yeah.
And like I had a little charm that would light up
when the phone was about to get a call.
Incredible.
Yeah, I'm sure that was great for my body to have that.
Anyway, but yeah.
Yeah, I mean, it did not have a GPS receiver on that phone
that I remember back then.
But once we started getting smartphones in, what, 2006?
Was that the year officially iPhone came out?
Something like that.
Around then.
Around then?
Yeah, late to early 2000.
Late to mid-early 2000.
era.
Yeah, around there.
Yeah.
Somewhere.
I mean,
and concurrently,
we also had devices
like the Garmins and the Tomtoms
and the Satnav.
I remember people had the
stat nav devices that would sit
on the dashboard of their car
that was like a whole separate thing.
You're Googling it out right now, aren't you?
Yeah, the first iPhone was released in 2007.
2007, I was off by one.
What can you do?
You piqued my curiosity.
Yeah, yeah.
But, yeah, I mean, once we started getting it
in our phones,
because we had smartphones
that were capable of really doing,
something with it. I mean, then it really took off.
But I think industries that became dependent on it,
I want to say that that started a little earlier, but it was much more behind the scenes.
But that said, I mean, where we're at right now, now that civilian use is basically at the
same level of military use as far as we all know anyway. I mean, agriculture, you mentioned
it earlier, like so much of agriculture depends on being able to locate where your machinery
is in the world and how it's how it's you know plotting its way around the fields uh the energy sector
uses gps for a whole lot of stuff like pipelines uh you know just being able to monitor situations
and get a sense of how things are going um surveying uses it a lot i mean finance
finance uses it for timing transactions if if we mess up gps signals uh in the the arena of
how finance uses it um the global finance sector could collapse pretty quickly has a minor hiccope day
Probably not good for everyone.
Yeah, not great.
So for the Infosec professional, who's like,
why on earth are you spending all this time talking about GPS?
The ephemorous data that GPS sends,
the latitude, longitude, and altitude and the time,
all very good stuff, but it's the timing.
Taking into a cyber actor level,
being able to commit fraudulent transactions
that look legitimate would be devastating.
See, if you have the right credentials
and are able to them manipulate the timing,
you could get in, make it look legit,
make it look all real and you would probably also go undetected for some time because it looks so real.
Yeah, you could overwrite something by just kind of essentially time traveling with your transaction.
Exactly.
Yeah, yeah.
It's pretty dastardly when you start thinking about it like, oh, I'm sure financial folks are like, yeah,
listen, we're 20 years ahead of you.
We've been working on this to prove ourselves against this.
But yeah, just the potential there, if successful.
You would hope at least.
Yeah, well, I mean, otherwise we'd be.
just gave a lot of people a whole retirement plan and a really good idea. But no, it's
yeah. Yeah, I mean, the financial systems alone, they have, I know, a whole bunch of fail-safs
against this kind of thing, but it is a, it is a pertinent threat. The other one that I didn't
quite realize was for us civilians, our cellular networks, if they get out of synchronization,
again, this has nothing to do with how we navigate in the world. This is just like how our
phones work. Data throughput could degrade, calls would drop, and then, you know, and then
also become out of sync, which at the very least would be extremely annoying.
Yes.
But I could imagine, I mean, like, that is annoying when it happens.
But we need to scale it up to the business level, right?
Yeah.
Like if you say, okay, yeah, on the individual, like, my daily needs probably would be annoying.
You know, when it's, I would equated to like a standard sell outage, you're like, man, that's really irritating.
I wish this wasn't happening, but you're fine.
But then you take that and you scale that up to, okay, let's say it impacts, you know, a whole state.
The whole state government can't function now for a day.
like that's unacceptable.
Like we can't have that happening or a power grid, you know, it goes down.
Or let's even take it worse scenario.
Emergency happens.
Flooding, earthquake, tornado.
Now we can't get emergency services out.
We don't know where people need to go.
It just scales that up and the risk factor up for providing support
and being able to ensure that services that we have available
or actually able to function the way we want them to.
Load balancing, apparently, for power grids and phase synchronization, which I don't quite
understand what those are aside from. Those sound important to me, and I don't want those things to
not work. Those need GPS timing signals. So grid goes down, that's bad. I mean, I can understand
on that level, I need power. Yeah, it's kind of important for the modern society.
Yeah, and then I think the most obvious one, and probably ties into what you said at the very top
this episode was data centers, server farms, you know, synchronization. Yeah, RTP.T.
When I think you hop into the cloud and, you know, the more we have gotten away from,
and for very good reasons, by the way, this is not me's poo-pooing, you know, cloud environment.
Bring back everyone owning their own server farms. Exactly. No, no. I mean.
You know, like, for very valid reasons that we have migrated to the cloud for many, many organizations,
and obviously as AI continues to expand up
and that even further invest in these massive data centers
that are not internalized at all,
that is going to, while give us a ton of technological advancements,
also does very much open the door to single points of failures.
And that is something that is obviously not something that people are unaware of,
people talk about it.
Yeah, every time AWS East goes down,
pretty much all of us get a day off from work.
Exactly, right?
But that's going to be one of those things that I think when you talk about GPS,
it's a conversational point that has to be included.
And it will only grow more included because those impacts are now going to be felt way, way more.
And it's why some of these concerns have been growing over the past five years.
I think we're going to end this episode right there.
We've talked a little bit about the nature of what could go wrong and why that would be very bad.
So what are the actual threats and how would they work against GPS signals?
We'll get into that in the next episode.
So stick around for that.
Look forward to seeing you then.
And that's T-minus space cyber briefing, brought to you by N2K Cyberwire.
If you like what you heard today, you will also enjoy our newsletter, Signals and Space.
There was a lot of research that goes into talking about something as complex as GPS.
It has a fascinating history, and we just could not fit all of it into this episode.
but we made sure to include more historical context on GPS in our newsletter,
so you can dive even deeper and understand how this crucial system came to be what we know and love and rely on today.
Our companion newsletter Signals in Space has the research and notes pulled together by our producer Ethan Cook and me,
along with this week's top space cyber news stories.
So make sure to subscribe by visiting thecyberwire.com slash
newsletters. That's newsletters with an S. We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing
cybersecurity landscape. If you like the show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to space at n2k.com.
We're proud that N2K Cyberwire is part of the daily routine of the most influential leaders and
operators in the public and private sector from the Fortune 500 to many of the world's preeminent
intelligence and law enforcement agencies. N2K helps cybersecurity professionals grow, learn,
and stay informed. As the nexus for discovery and connection, we bring you the people, technology,
and ideas shaping the future of secure innovation. Learn how at N2K.com. Thanks again for listening to
T-minus. I am your host, Maria Vermazas. The show is produced by Ethan Cook and Liz Stokes.
We're mixed by Elliot Peltzman and Trey Hester
with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin,
with content strategy by Mayon Plout.
Peter Kilpe is our publisher.
See you next week.
Hey, y'all. It's Kelly Clarkson with Wayfair.
Ever order furniture online and wonder, what if?
Like, what if it doesn't hold up?
That sofa was four days old.
You should have ordered from Wayfair.
With Wayfair, there's no what-if.
Just style you love and quality you can trust.
Visit Wayfair.ca.cair, every style, every home.