BlueSky GNSS Firewall

Product Information

Protect your GNSS Systems against Spoofing and Jamming Threats with BlueSky GNSS Firewall

The increasing reliance on GNSS for Positioning, Navigation and Timing (PNT) has made critical infrastructures vulnerable to signal disruptions, jamming and spoofing. These risks threaten operational continuity, security and overall reliability.

Microchip’s BlueSky GNSS Firewall offers a cost-effective, easy-to-deploy solution that safeguards your GNSS-dependent systems. It acts as an intelligent barrier between your existing GNSS antenna and systems so that only trusted, reliable signals are delivered, which shield your network from untrusted sky-based threats.

Microchip provides a portfolio of technologies, products, and services that enables operators of critical infrastructure to construct a secure and robust PNT network that is resilient to GNSS errors as well as errors coming from other sky-based delivery channels such as Galileo, GLONASS, BeiDou, or another.  Details of this complete portfolio are described in the vPRTC ³ vPRTC = virtual Primary Reference Time Clock   architecture which can be found here.

BlueSky GNSS Firewall 2200—Second Generation

Integrates seamlessly between existing GNSS antenna and GNSS system(s)

• Monitors RF power of L1, L2 and L5 bands independently
• Full Level 4 compliance with the Department of Homeland Security’s Resilient Positioning, Navigation and Timing (PNT) Conformance Framework

BlueSky GNSS Firewall Software—Release 3.0

• Configurable GNSS thresholds: Carrier to noise, RF power, satellites in view, position deviation, phase deviation and more
• New Trusted Time anomaly detector for comparing network time and GNSS time
• New GPS subframe reference detection for comparing live-sky sub-frame data with sub-frame data received from a remote BlueSky GNSS Firewall

BlueSky GNSS Firewall Software—Release 3.1

• Fortified network interface ensures the security of time in compliance with the fundamental pillars of Zero Trust
• Configurable user and device privileges with two-factor authentication using RADIUS, TACACS+ and LDAP directory services
• Hardened web GUI with X.509 CA-signed certificates and robust Transport Layer Security (TLS) 1.2

Achieve Level Four Resilience

The DHS PNT Conformance Framework document describes four levels of resilience. These resilience levels build upon each other. For example, Level 2 includes all enumerated behaviours in Level 1. You can use the BlueSky GNSS Firewall as a stand-alone security barrier or in combination with Microchip’s high-performance atomic clocks and timing distribution systems to achieve and exceed all four levels of resilience.

Secure Upgradeable Software

A programmable anomaly detector, which detects suspicious time and position inconsistencies, is at the core of the BlueSky GNSS Firewall. This detector validates the GNSS subframes for spoofing incidents based on defined data validation rules built into the BlueSky GNSS Firewall. New validation rules are added to every new BlueSky GNSS Firewall software release.

BlueSky GNSS Firewall’s Performance Monitoring

Integrated within TimePictra software suite, BlueSky GNSS Firewall’s performance monitoring feature provides visibility into GNSS reception parameters across wide scale deployments of the Firewall. You can plot GNSS signal measurements, such as GNSS phase deviation, and GNSS satellites in view and GNSS signal strength, for selected time periods to identify and isolate GNSS incidents quickly.

Optional MAC for Enhanced Threat Detection

Upgrading the BlueSky GNSS Firewall with the MAC enhances anomalous GNSS detection capabilities while also extending holdover performance of the hardened GNSS signal output for multiple days.

Situational Awareness

Just as a network firewall detects and protects against network attacks, a GNSS firewall identified jamming and spoofing threats and alerts transportation operations of untrusted sky-based signals.

Real-Time Jamming and Spoofing Protection

GNSS interruptions can be either unintentional or intentional. Adversaries may attempt to disrupt Positioning, Navigation and Time (PNT) solutions derived from GNSS in one of two ways:

• Spoofing, which makes a GNSS receiver calculate a false position
• Jamming, which overpowers GNSS satellite signals locally so that a receiver can no longer operate

The BlueSky GNSS Firewall provides real-time protection against a wide range of these types of threats.

GNSS Threat Protection for all Critical Infrastructure

Critical infrastructure’s dependence on GNSS-based PNT continues to grow exponentially. Microchip’s BlueSky GNSS Firewall, in combination with network time protocol distribution, atomic clocks, timescale technology and software management and monitoring, provides a comprehensive solution for critical infrastructure operators.

Fortifying Network Management

To enhance the security provided by the BlueSky GNSS Firewall, the network management interface must meet the increasingly stringent security requirements of critical infrastructure. The BlueSky GNSS firewall now offers robust protection against live-sky jamming and spoofing threats, with Microchip’s highly secure Trusted Time network management interface to defend against cyber threats.

The Chronos difference

If GNSS reliability is a priority for your operations, talk to our team about how the BlueSky GNSS Firewall can strengthen your network and provide uninterrupted service. Contact our team today.