GPS, a Weak Link in Cybersecurity?
The news last month that LightSquared, a company attempting to deliver broadband internet via satellite, had filed for bankruptcy, settled a long-simmering but little noticed debate with far-reaching impacts on militaries, governments, businesses—and plain old folks like you and me.
Why? Because the global positioning system—better known as GPS—industry feared that LightSquared’s technology would interfere with the GPS signal, a service on which the world has become increasingly dependent but which it also takes almost completely taken for granted. The LIghtSquared decision a pretty big deal in and of itself—but it also opens a window into the larger debate on cyber security which is now being argued both inside the Beltway and around the world.
GPS has become a part of everyday life around the world. Because as many geographers like to say, everything happens somewhere. And while GPS may not be as important as the internet as a whole, but it is an essential part of systems that effect every part of our lives. It’s used by almost every component of the shipping industry that connects the planet, whether it be on land, at sea, or in the air. It’s used in sensors and machines that monitor the weather and the environment. And it’s used by you and me when we need to go to a new grocery store. It connects us to the physical world in a way we’ve never been connected before. If the United Nations has declared the internet a human right, could they declare GPS a human right, too?
They could certainly try, except that it’s a system that is entirely run by the United States military (there are similar systems to GPS, but nothing that has the same coverage). GPS was originally designed to help the military keep track of where it’s service members and equipment is, and where to target weapons, and not where to find a Chipotle when you’re hungry for a burrito. So as much as GPS is used all over the world for so many things, it’s also a piece of America’s critical infrastructure. Like the power grid, or communications networks, or gas pipelines, or interstate highways. So the United States government, along with the GPS industry, take strong steps to protect the system, both in terms of its physical and digital infrastructure and also the legislative and regulatory environment that makes it possible.
Sadly, industry that represents other critical infrastructures in America frequently resists efforts to shore up cyber defenses. The arguments trotted out by industry flacks frequently follow the party line that cyber defense cuts into the bottom line, which stifles growth and innovation. Even in the light of recent cyber attacks against Iranian oil industry, much of the United States’ business community still thinks that it doesn’t need comprehensive guidelines to direct cybersecurity efforts.
Here’s the problem with that argument. Two of the most powerful organizations in America have already been hacked again and again: the United States military, and Google. And if the military and Google can be hacked, then how can anyone honestly believe that their business can’t be hacked, too?
The LightSquared case shows us that in order to stay safe we need to look at comprehensive views of our infrastructure and its vulnerabilities. With LightSquared, the government deemed that the risk that its experimental technology could interfere with a critical system like GPS was deemed too great to allow the project to go forward. By a similar token, shouldn’t it be reasonable for the government to create guidelines that help companies know what cybersecurity best practices they should follow? If wouldn’t want experimental technology to threaten GPS, why would we let experimental or incomplete security technology threaten critical energy, transportation, or communications systems?
Something to consider next time you search GoogleMaps on your smart phone for “burritos.”
Richard Wheeler is a Truman Fellow.