BlueSky GNSS Firewall

Bluesky GNSS Firewall

Product Information

Protecting GNSS Systems against Spoofing and Jamming Threats

The number of reported GNSS 1 GNSS = Global Navigation Satellite System incidents such as jamming, spoofing and complete outage continues to increase dramatically causing critical infrastructure services such as telecommunications, energy, transportation, emergency services and data centres to evaluate the security, reliability, and resiliency of their GNSS-based PNT 2 PNT = Positioning Navigation and Timing dependency.

Microchip provides a portfolio of technologies, products, and services that enables operators of Critical Infrastructure to construct a secure and robust PNT network that is resilient to GNSS errors as well as errors coming from other sky-based delivery channels such as Galileo, GLONASS, BeiDou, or another.  Details of this complete portfolio are described in the vPRTC 3 vPRTC = Virtual Primary Reference Time Clock   architecture which can be found here.

Seamless integration into existing GNSS antennas and GNSS systems

The BlueSky GNSS Firewall protects already deployed GNSS systems by providing a cost-effective overlay solution installed between existing GNSS antennas and GNSS systems. Like a network firewall, the BlueSky GNSS Firewall protects systems inside the firewall from untrusted sky-based signals outside the firewall.

Defending against GNSS Threats needs to be part of a Cybersecurity Plan

Systems which rely on GNSS for reception of Position, Navigation and Time (PNT), have been determined by national security agencies across the globe as potential cybersecurity attack vectors. The Department of Homeland Security (DHS) recently published the Resilient Positioning, Navigation, and Timing Conformance Framework document providing a common reference point to help critical infrastructure become more resilient to PNT disruptions.  Described in the DHS Resilient PNT Conformance Framework, a cybersecurity approach has been proposed:

Prevent: The first layer of defence. Ideally threats are prevented from entering a system, however, it must be assumed that it will not be possible to stop all threats.

Respond: Detect atypical errors or anomalies and then take action such as mitigation, containment and reporting. The system should ensure an adequate response to externally induced, atypical errors before recovery is needed.

Recover: Return to a proper working state and defined performance. It serves as the last line of defence.

Four Levels of Resilience

Based on the Prevent-Respond-Recover cybersecurity model, the PNT Conformance Framework document describes 4 levels of resilience. Note that the resilience levels build upon each other, that is, Level 2 includes all enumerated behaviours in Level 1, and so forth. Using the BlueSky GNSS Firewall either as a standalone security barrier or in combination with Microchip’s high-performance atomic clocks and timing distribution systems, all four levels of resilience can be achieved and exceeded. 

The new BlueSky GNSS Firewall Software Release 3.0

Contained within the BlueSky GNSS Firewall is a software platform that analyses GNSS signal reception.  GNSS signal data is received and evaluated from each satellite to ensure compliance along with analysing received signal characteristics.  Release 3.0 further enhances the BlueSky GNSS Firewall’s already field proven GNSS protection capabilities with new features such as Trusted Time Anomaly Detection, GPS Subframe Reference Detection, embedded GNSS observable tools combined with new TimePictra Performance Monitoring features to better secure, monitor, prevent, respond, and recover to GNSS threats.  Critical Infrastructure providers now have the most advanced set of tools for defending against all intentional or unintentional vulnerabilities and threats and achieving Level 4 Resilience as defined by the DHS PNT Conformance Framework.

Integrates seamlessly between existing GNSS Antenna and GNSS system

Microchip’s BlueSky GNSS Firewall is deployed in-line between an existing GNSS antenna and GNSS receiver system and can be placed near the GNSS receiver system or near the point at which the GNSS antenna cable enters the building.  Thus, nearly all currently deployed GNSS antennas are supported without modifying the existing installation.

Optional Rubidium MAC (Miniature Atomic Clock) for enhanced Threat Detection and Holdover

Upgrading the BlueSky GNSS Firewall with the MAC enhances anomalous GNSS detection capabilities while also extending holdover performance of the hardened GNSS signal output for multiple days.

1PPS and 10MHz Timing Reference inputs for extended Holdover

10MHz or 1PPS inputs allows for connection of autonomous references sources such as Microchip’s 5071A or TimeCesium products to extend the holdover performance in case of a complete loss of GNSS reception for long periods of time.

Upgradeable Software in addition to secure and easy-to-use web interface

At the core of the BlueSky GNSS Firewall is a programmable anomaly detector that validates the GNSS subframes for spoofing incidents based on defined data validation rules. A wide range of rules have already been built into the BlueSky GNSS Firewall to detect suspicious time and position inconsistencies. As with traditional security firewalls, new validation rules are made available with each new release of software for the BlueSky GNSS Firewall to defend against new threats that are identified.

Wide Scale Management using TimePictra platform

Management of wide scale deployment of 10s, 100s or 1000s of BlueSky GNSS Firewall units is simplified using Microsemi’s TimePictra management system. TimePictra enables a regional, national, or a global view of your PNT infrastructure to provide early alerting of threats before your PNT network is violated.

BlueSky Performance Monitoring

Integrated within TimePictra, BlueSky Performance Monitoring enables visibility of GNSS reception parameters across a wide-scale deployment of BlueSky GNSS Firewalls.  GNSS signal measurements such as GNSS phase deviation, GNSS satellites in view, and GNSS signal strength can be plotted for selected time periods.  This aids critical infrastructure operations to more quickly identify and isolate GNSS incidents.

The Chronos difference

Chronos continues to take a lead on addressing the ever more important issue for telecom carriers, broadcasters, utilities, and other critical national infrastructure providers of GNSS spoofing and interference, whether deliberate or not. Microchip’s BlueSky GNSS Firewall provides protections across constellations against these threats, for your critical Positioning, Navigation, and Timing (PNT) and is readily integrated into your timing network management system. Contact our team today.

Key Features

  • Identifies and protects GNSS systems from spoofing and jamming
  • Integrates seamlessly between existing GNSS antenna and GNSS system
  • Optional Rubidium Miniature Atomic Clock (MAC) can be installed inside unit
  • 1PPS and 10MHz timing reference inputs for extended holdover (for example, connection of external cesium reference)
  • Redundant AC or DC power options with power monitoring and load sharing
  • Local and remote Command Line Interface (CLI) in addition to secure and easy-to-use web interface
  • BlueSky GNSS Firewall embedded software is field upgradeable with new GNSS validation rules
  • Seamless integration with TimePictra provides end-to-end management of 10s, 100s or 1000s of units from a single server
  • BlueSky Performance Monitoring integrated into TimePictra provides GNSS reception measurement and visibility