Episode 147: Forty Year Old GPS Satellites offer a Warning about securing the Internet of Things

A programming glitch in GPS satellite software grounded planes in China and other countries. But what does it tell us about the security of the Internet of Things? Bill Malik of Trend Micro joins us to discuss.

You’ve  no doubt heard about (or lived through) the Y2K crisis. You remember: Y2K was the software “dragon” that lurked just beyond midnight on December 31st 1999, threatening to destroy civilization as date counters rolled over from 99 to 00. Maybe you spent New Year’s Eve in a bunker instead of at a party.

A shot of a rolled over date counter on a Boeing plane in China in April. (Image courtesy of Simpleflying.com)

But have you been following the Y2019 scare? That went down (quietly) on April 6 of this year, when older Global Positioning System (GPS) satellites rolled over a critical date counter that is used to calculate the satellite’s position in orbit.

The rollover prompted the satellites to feed unreliable data to earthbound systems, grounding Boeing 787 planes in China and causing other disruptions globally.  

Disaster averted?

As it turned out the Y2019 issue wasn’t the disaster some expected. That might be due to the fact that it wasn’t the first time the world had encountered this problem. An identical rollover occurred in the fall of 1999. Also: many, newer GPS satellites use a much more robust date counter and were not affected by the flaw.

Bill Malik is the Vice President of Infrastructure Strategies at Trend Micro.

How Digital Transformation is forcing GRC to evolve

But don’t get too comfortable. Our guest this week, William Malik, the Vice President of Infrastructure Strategies with Trend Micro, says that the rollover problem with GPS satellites is a small example of a much more widespread problem. Namely: poorly architected cyber-physical systems. Decisions about architecture made decades ago can have long term and often unexpected consequences today, he notes. Even worse: poor decision making in the design of connected products today could bite the world on the backside decades hence.  

Spotlight Podcast: Managing the Digital Risk in your Digital Transformation

Lurking problems

The big question going forward, says Malik, is what other date counters or similar features are out there ready to rollover, expire or otherwise barf? As we move to the Internet of Things, we are living more and more in a system of systems in which any malfunction can have a cascading effect and cyber-physical consequences. 

RSA Recap: CTO Zulfikar Ramzan talks about Trust, Zero Trust and the Debate over Going Dark

In this conversation with The Security Ledger, Bill and I talk about the recent GPS rollover and the bigger problem of securing operational systems for the long term. 

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more.

Comments are closed.