David Mitlyng for Xairos
The Move to Zero Trust
The Zero Trust security model is all the rage in network security.
The main concept behind Zero Trust is a "never trust, always verify" security strategy.
As part of this, network providers are assessing their reliance on timing signal from GPS.
Ideally, a Zero Trust network is completely GPS-independent.
The next best option is to build in resiliency against GPS outages, known as holdover.
Obtaining holdover of 12 hours or more is possible, but very expensive.
It requires adding stable clocks and/or pulling in timing from many GNSS sources.
But these are temporary solutions on the path towards a true Zero Trust architecture.
Last Week's Theme: Frozen in Time
- Working to expand the team and add Quantum and Timing experts to our Board of Advisors. Announcements coming soon.
- Looking at office/lab space and opening our first overseas office.
- Progress on the proof-of-concept (POC) hardware development continues. Working towards hitting some key development milestones within this month.
- Kicking off the Xairos summer internship program next week. While too late for the summer program, let us know if you have candidates for Fall and Winter.
- Developing commercial partnerships with space, timing and quantum companies.
- You already know that “GPS is Easy to Hack and the US has No Backup”: “Although we think of GPS as a handy tool for finding our way to restaurants and meetups, the satellite constellation’s timing function is now a component of every one of the 16 infrastructure sectors deemed “critical” by the Department of Homeland Security (DHS).”
- The Washington Metropolitan Quantum Network Research Consortium, or DC-QNet, quantum network and test bed for research into quantum technology was announced as a collaboration between the US Naval Research Laboratory, US Army Combat Capabilities Development Command Army Research Laboratory, the US Naval Observatory, the National Institute of Standards and Technology (NIST), the National Security Agency/Central Security Service Directorate of Research, NASA, the US Naval Information Warfare Center Pacific, and the US Air Force Research Laboratory.
- A NHK broadcast "Ukraine: The New Satellite War" describes how space has influenced military strategy in the Ukraine conflict. As one expert noted, “During the Cold War, this (satellite imagery) would have been super secret intelligence information. The US would have spent billions of dollars to obtain images like this. I feel we have entered a totally new era.”
- South Korea and KT Corp are working on an advanced position, navigation, and timing (PNT) service which “aims to reduce GPS signal error to centimeters, [and] is tailored to smartphones, autonomous vehicles, unmanned equipment, drones and flying taxis.” This is to augment their $3B Korean Positioning System (KPS), which is planned to be operational by 2035.
- McKinsey's latest “Quantum Technology Monitor” claims that funding for quantum startups more than doubled to $1.4 billion in 2021, with nearly half going to US startups. This is in addition to government funding, where China dominates: "activity in China is accelerating due to reported large government investment (estimated at $15.3 billion), more than double what EU governments are investing ($7.2 billion) and more than eight times that of US government investments ($1.9 billion).”
- The US has built a dependence on technology, and there is concern that quantum technology has enormous implications for both the commercial and defense sectors.
- The fear of a Carrington Event, a solar storm that “could cause trillions of dollars in damage globally,” continues to grow after a surprise geomagnetic storm hit the Earth last week.
- Quantum Information Science International Workshop, July 12-14, Rome, NY
- Small Satellite Conference, August 6 - 11, Logan, Utah
- Optics + Photonics, August 21 - 25, San Diego, CA
- ION GNSS+ 2022, September 19 - 23, Denver, CO
- IEEE Quantum Week 2022, September 18 - 23, Broomfield, CO
- APSCC 2022, October 18 - 20, Seoul, Korea
- Tough Tech Summit, October 27 - 28, Boston, MA
- International Timing and Sync Forum, November 7 - 10, Dusseldorf, Germany
The Zero Trust Architecture, as defined in recent papers by NIST in the US and the National Cyber Security Centre (NCSC) in the UK, is really an outline of best practices.
But there is a push towards implementing these guidelines.
Last year, all US agencies were encouraged to “develop a plan to implement Zero Trust Architecture,” with the Federal Aviation Administration (FAA) recently outlining their Zero Trust plans.
Yet, Zero Trust does not specifically address a major weakness in the “never trust, always verify” architecture - the reliance on GPS timing for a functioning network.
As mentioned many times in this newsletter, it is trivially easy to jam a GPS signal.
Spoofing - the ability to convince a user that the source is someone else - is harder.
But not that hard.
There are even instructional videos on detecting and spoofing GPS signals.
To learn more, please email us or schedule a meeting here.