Resilience assesment

Simple example

The example below describes a very simple timing system (based on the Resiliency Level 1 example of the US-framework). The purpose of this architecture is to showcase what a PNT system may look like in real life, and to serve as an inspiration by showing how one might answer the questions for this specific case.

This is not an ideal system, nor the most common setup; just an example of some of the functionalities one should search for in their own system to be able to fill in the questionnaire.

This example is available for all questions and can be accessed by pressing the “show example” button.

The simple timing PNT system in this example is used by a company for time synchronisation of transactions. The primary output of the system is time information, provided to the company network.

The system has a small GNSS antenna located on a tall rooftop, rising high above nearby buildings. This roughly hand sized device is not visible from below, and the rooftop is only accessible to authorized personnel. The antenna is capable of receiving signals from multiple frequencies, and constellations (Galileo, GPS, GLONASS, BeiDou).

Connected to the antenna is a GNSS receiver inside the building in a secure location, connected to the antenna by a long wire. It is only accessible to authorized personnel, and authorized devices on the local network. The receiver’s output is securely stored and transferred, and not accessible through the internet or other open channels. The receiver is configured to receive only simple unencrypted GPS signals for which it verifies that the message conforms to the standard format. The system is configured to only listen to GPS L1 band signals, despite having the hardware and software capabilities to handle multiple constellations and frequency bands. There are advanced options (integrity monitoring and interference detection) implemented in the receiver, but these are not enabled. Although the advanced settings are not enabled, the receiver checks if the received signal’s strength is in the nominal range (not too high or low) which can be considered a very simple jamming detection method. There is a 10 degrees elevation mask configured in the receiver, meaning that the receiver only considers satellites that are at minimum 10 degrees elevation above the horizon.

The specifics of the hardware (antenna, GNSS receiver) or the processing software are neither public, nor general knowledge in the organization. The location of the PNT system’s components is monitored by security cameras. There is a UPS system providing power in case of an outage. Authorized personnel may restart the system (for instance reboot the GNSS receiver) in case it is needed.

There is a small group of engineers (not necessarily with deep GNSS background) responsible for maintenance, and they regularly check for software/firmware updates on the GNSS receiver’s manufacturer’s website (who continues to provide support for the device). If they have no deep GNSS knowledge, these engineers may not be aware of the advanced settings of the receiver, only the maintenance of the already functioning system.

The system outputs timing information based primarily on GPS signals, which is not cross-checked with timing servers on the internet or other local redundant timing sources.