Resilience assesment
Complex example
The example below describes a more complex and resilient timing system. The purpose of this architecture is to showcase what a PNT system may look like in real life, and to serve as an inspiration by showing how one might answer the questions for this specific case.
This is not an ideal system, nor the most common setup; just an example of some of the functionalities one should search for in their own system to be able to fill in the questionnaire. It does contain significant improvements compared to the simple example given previously.
This example is available for all questions and can be accessed by pressing the “show example” button.
The timing PNT system has two small anti-jamming antennas located on a tall rooftop, rising high above nearby buildings. These devices are not visible from below, and the rooftop is only accessible to authorized personnel. The antennas are capable of receiving signals from multiple frequencies, and constellations (Galileo, GPS, GLONASS, BeiDou).
The GNSS receiver is inside the building in a secure location, connected to the antennas by long wires. It is only accessible to authorized personnel, and authorized devices on the local network. The receiver’s output is securely stored and transferred, and not accessible through the internet or other open channels. The receiver is configured to receive both simple unencrypted GPS signals and OSNMA authenticated Galileo E1 signals for which it verifies that the messages conform to the standard format. The system is configured to listen to multiple frequency bands (Galileo E1 and E5, GPS L1 and L5 signals) which allows for advanced corrections and provides extra redundancy. There are advanced options (integrity monitoring and interference detection) implemented in the receiver, which are enabled. The receiver also checks if the received signal’s strength is in the nominal range (not too high or low) which can be considered a very simple jamming detection method. There is a 10 degrees elevation mask configured in the receiver, meaning that the receiver only considers satellites that are at minimum 10 degrees elevation above the horizon.
The specifics of the hardware (antennas, GNSS receiver) or the processing software are neither public, nor general knowledge in the organization. The location of the PNT system’s components is monitored by security cameras. There is a UPS providing backup power in case of an outage. Authorized personnel may restart the system (for instance reboot the GNSS receiver) in case it is needed.
There is a small group of engineers (with GNSS background) responsible for maintenance, and they regularly check for software/firmware updates on the GNSS receiver’s manufacturer’s website (who continues to provide support for the device).
The system outputs timing information based primarily on GNSS signals, which is cross-checked with a timing-server through the internet, and a local redundant timing source (clock).