Critical National Infrastructure is, by definition, critical. As such, there are groups tasked with protecting and defending the infrastructure against external attacks and mitigating against any failures or flaws.
John Walker has been one of those people for most of his working life. In this important article he lifts the lid on how decisions taken by the government to achieve their Brexit has led to the UK being reliant on the goodwill of other countries to keep its Critical National Infrastructure – and defence capability – operational.
These days, as we become more connected, integrated and dependent on networks, the more difficult it is to understand the fault-lines in our defence. So, we leave it to the professionals to manage our response, while the public, politicians, and investigative media struggle to keep up with the complexities.
This is a struggle even when the data is open-source and available. But the most critical infrastructures are protected under a cover of secrecy, so vulnerabilities are not exposed to hostile attackers.
The obvious targets, such as our nuclear deterrent, are well protected. In these cases, we trust the professionals to manage the risks and vulnerabilities for us, and to act responsibly to maintain our systems as safely and securely as possible.
Until recently, this has mostly worked. Things happen but, from them, we have generally learned how to minimise the risks of further incidents. However, we are now entering a period of instability – one where the professionals are ignored and the needs of politicians to defend an indefensible position, in defiance of logic, are hugely increasing our vulnerability
Consider our reliance on GPS. To most of us, it is a means of navigating. Most new cars have it as standard. It is as useful a feature on a smartphone as the phone feature itself.
Technically, GPS only means the US system. The correct term for any system is GNSS (Global Navigation Satellite System) and our devices no longer just use the American GPS satellite constellation but switch between other systems to find the most convenient available.
Mostly, we don’t know if we are being guided to the nearest petrol station by the American GPS network, the Russian Glonass network, the Chinese Beidou network or the European Galileo network.And truly, it doesn’t matter. They don’t provide the maps or routing algorithms. Rather they provide a time signal – a highly accurate timestamp derived from atomic clocks on board each satellite. The rest is done in our smartphones or cars. This timestamp has become so useful that it has become critical for far more than finding a fast route to a holiday destination.
The precision mode, known as the P-code, is an encrypted version of the timestamp and is generally only used by the military. Indeed, the original function of GPS was to help in the targeting of nuclear missiles and that function remains.
But it is not the precision that is the primary interest. After all, if the standard signal is accurate to within 10m, why would a megaton thermonuclear bomb need tighter targeting precision? The answer is not the absolute precision, but the availability of position and navigation information over and above the height of commercial aircraft (as needed by ICBMs) and for fast objects (such as smart artillery shells).
As allies of the Americans, we have access to the full capabilities of GPS. The assumption is that this will continue. The worry is that it will not.
Hence, we participated in a European system, named Galileo. Funded by the EU, the main beneficiaries of the military signal are those countries with the greatest military capability. At the top of that list were the UK and France, with their need to independently guide their nuclear weapons, among other things.
True, the UK put in a fair wad of cash to get this off the ground. But from this it has obtained a great deal of business both for our indigenous satellite industry (meaning much of the cost was returned to UK business) and, through the UK’s globally recognised expertise, the contract to specify, design and manage the encryption.
As we can no longer participate in Galileo all that capability is now lost. We are back to a dependency on the goodwill of the Americans.
In some sense it is not pure goodwill and we pay through our purchase of the Trident missile system, and perhaps as paying clients we have some rights. Unimaginable as it might seem that we would contemplate using these weapons of mass destruction, we still have to ask what we would and could do if we were wanting to attack an enemy. Maybe an enemy that has the approval and confidence of Washington.
If that seems unimaginable, remember Suez. In truth the independence of our independent nuclear arsenal is not as independent as we might like – and we are led to believe. We have just given up the main element of insuring the highest level of independence.
Other elements of our Critical National Infrastructure are also highly dependent on GPS. Take the National Grid. In the past there was a degree of regionalisation, with power stations serving their local regions. This minimised the technical difficulties of feeding power between semi-independent parts of the grid. But we now have a truly national grid that allows load-spreading and resilience if a power station fails.
What has made this possible is not the distribution of power lines, but the synchronisation of the phase of the power. If one power station were to feed a common grid out of phase with the grid, a disaster could happen. The GPS timestamp ensures that all power stations are in phase with each other. Furthermore, if we want to support micro-generation (say, individual homes with solar panels on the roof feeding the grid), then ensuring phase-matching using GPS is essential for all those generators.
Some ask if this is really a problem beyond the theoretical – claiming any sequence of events leading up to the deliberate shutting down of all GPS systems would be highly improbable and could probably only result from a greater disaster than a national power outage.
But there are thousands of critical systems requiring GPS, for example:
- Trading in stocks and shares or, indeed, any electronic banking contract, uses timestamping to ensure priority and validity.
- Traffic control, both in terms of road transport and air traffic, needs GPS for many internal systems.
Most of these needs are below the radar – functioning, but not seen nor even hinting at their presence. And, for many, the lack of direct control is moot. The systems will work on the freely available satellite networks without the need for independently guaranteed resilience.
However, the fact remains that we had full control previously, and can now only use our diplomatic skills to negotiate our way out of it. Although we were promised that we could “Take Back Control”, in fact we gave it away.
John has been working in the field of electronic security for a longer time than he would ever admit. This has included spells in academic roles and for commercial organisations. He should be retired but is sometimes pestered to do consultancy work.