Takeaways Commercial Infrastructure IT Managers Need to Know From Recent NIST Guidance

The U.S. National Institute of Standards and Technology (NIST), the government entity responsible for maintaining the national standards for time and frequency in the United States in coordination with the United States Naval Observatory issued two reports in November of last year.

At a combined 254 pages, there was a lot of detail you could have easily missed, but a few items of note for commercial infrastructure IT decision makers caught our attention:

Technical Note 2189: III.E.2. – “Due in part to the success of GPS, which has at least indirectly led to the demise of eLoran and other systems, only a small number of free public access time distribution systems remain that are under U. S. control. All but one of these systems have at least one caveat when considered for critical infrastructure usage, they are either not independent of GPS, not capable of microsecond-level accuracy, or both” 

The notes that follow detail four solutions: CDMA, which receive time codes from Code Division Multiple Access (CDMA) signals transmitted from mobile base stations, Public NTP Servers, NIST Radio Stations (WWVB, WWV, and WWVH), and finally, STL (Satellite Time and Location) service, operated by Orolia partner, Satelles.

From the report, “STL signals are transmitted at frequencies ranging from 1616 MHZ to 1626 MHz from 66 Low Earth Orbit (LEO) satellites that form the Iridium constellation. Iridium was originally designed for use with mobile phones, and like CDMA, STL does not require a rooftop antenna. The altitude of the satellites is just 781 km, as opposed to the 20 200 km altitude of the GPS satellites, and the signals as received on Earth are about 300× to 2400× stronger than GPS, making them usable indoors. The timing accuracy specification for STL is ±500 ns (0.5 µs) which meets critical infrastructure requirements, and published measurements indicate an accuracy of less than 200 ns when compared to a GPSDC.”

The table (below) that follows illustrates the various alternatives’ efficacy of resilience, categorizing them by their ability to achieve microsecond accuracy, a key requirement in many commercial infrastructure applications that should be addressed in every cybersecurity plan, and their independence from GPS.

Technical Note 2187 – Page 170 – “Being closer to Earth is one reason that STL signals received on Earth are much stronger than GNSS signals, and provide STL with the advantage of being more capable than GPS of working inside buildings, in underground locations, and in urban canyons.”

These reports from NIST make the mandate for critical infrastructure managers clear: If the loss of GPS signal would spell trouble for the integrity of your time, you cannot do much better than STL as a backup reference. Pair it with the resiliency that Orolia’s SecureSync Time and Frequency Reference platform with TCXO, OCXO, or rubidium oscillator holdover options  provide, and you have secured your network timing against multiple vectors of attack and all but guaranteed your application’s timing accuracy for the foreseeable future.

If you have a critical application that requires GPS backup and you cannot afford the risk of a system failure due to intentional or unintentional interruption of GPS service, reach out to us to discuss your options.

The risk of attack on GPS is quickly being recognized as an issue of not if, but when. STL remains the only global, encrypted signal reference commercially available today.

You can read the Satelles press release here.