Journalists who suggested planes would fall out of the sky on 6th April may have found the GPS week rollover event a ‘massive letdown’, but the many less-catastrophic incidents it caused still contain useful lessons for GPS users.
To recap, on 6th April 2019 the GPS satellite system reached the end of its second epoch, with the 10-bit week number encoded in its data stream resetting from 1,024 to zero. This was a feature of GPS rather than a bug, and is a known issue explained in my earlier blog.
Older GPS receivers that had not been updated to handle this event generally responded by reporting a date in 1999, the start of the second epoch. While time and position reporting would have been unaffected, reports suggest that the week reset caused all kinds of systems and equipment to malfunction.
Four conclusions from rollover-related incidents reported so far
From the reports I’ve seen so far, we can draw quite a few conclusions about how the week number rollover has affected the smooth running of systems and devices across many different sectors. My initial observations are as follows:
Many commercial and consumer users failed to update their devices in time: From media reports, social media posts, help forum postings and reports to the US Coast Guard’s GPS problem reporting database, we get glimpses of a large GPS user community who were unaware of the week rollover issue, and who therefore didn’t update their receivers to handle it.
While some might have been expected – like consumers finding certain smartphone apps displaying the wrong date – others were more concerning. There were numerous, although largely uncorroborated, reports of commercial aircraft being grounded or flights being delayed due to the issue – perhaps because individual airlines had neglected to apply the requisite patches or receiver updates.
Commercial users from around the world also reported an array of rollover-related issues to the GPS Problem Reporting site, affecting sectors ranging from transportation to surveying and telecommunications. While none seem to have caused any critical problems, it’s clear that these users were unprepared for the rollover and in most cases unaware it was slated to happen.
Some manufacturers don’t seem to make adequate impact assessments: In some cases, it appears that manufacturers and suppliers of GPS-enabled devices failed to assess the full impact on their products in advance of the rollover, and thus weren’t able to warn their customers in time.
One telescope manufacturer, for example, issued an advisory and a workaround to customers of affected telescopes – but only after the rollover had occurred, when it was able to tell which receivers in which models had been affected.
And in Australia, the Bureau of Meteorology had to take its 56 weather balloons out of service on 8th April to update their GPS receivers, saying it had only been warned by its equipment supplier on the previous day – again after the rollover had occurred.
Some users are unaware their systems depend on GPS: This may be the biggest at-risk class of GPS users – owners of complex systems that use GPS data, but who are unaware of that dependency and therefore don’t keep up with potential vulnerabilities.
In my last blog on this topic I suggested that the week rollover could cause problems for computer networks that rely on GPS for precise timing and synchronisation, and in the wake of the 6th April we saw a good example.
On 10th April the New York Times reported that the New York City Wireless Network (NYCWiN), which connects ‘smart city’ infrastructure like traffic lights and police license plate readers, had been impacted by the rollover.
The NYT paints a picture of municipal IT workers hastily applying firmware updates in order to get traffic light control systems and remote devices working again. Those efforts clearly took some time, and reading between the lines it seems that the network had to rely on less-accurate holdover clocks to keep traffic lights in sync while the GPS timing receivers were fixed.
The paper reports: “a city official who was not authorized to speak publicly about the shutdown and asked not to be named, said that there was concern that as they remained disconnected, the timing of individual signals could drift slightly and they could eventually come out of sync with one another.”
GPS receivers in Internet of Things devices are an emerging problem area: More and more remote and inaccessible devices are being equipped with GPS receivers in order to timestamp or location-stamp data sent back to a central data processing system via the Internet of Things.
If the receiver firmware in those devices can’t be updated over the network, or if the receiver needs to be manually replaced, events like the week rollover can cause significant problems.
That seems to be the issue experienced by the National Oceanic and Atmospheric Administration (NOAA), which operates a string of automated monitoring buoys and stations along the US coast.
It became aware of the rollover in February, but that didn’t give it enough time to update all of its stations. Eos reports that “The [National Data Buoy] Center managed to service 10 before the rollover but couldn’t reach the 19 remaining stations, which represent 42% of their total coastal and marine automated stations. NDBC engineers plan to service the stations “as soon as possible,” which may stretch on through the summer and fall.”
It’s not over: internal rollovers mean users should stay vigilant
While the vast majority of critical GPS-dependent systems were updated in good time for the rollover, these incidents show that there are many, many users of GPS-enabled equipment who were unprepared for the event.
We may see more issues in the coming weeks and months, as the week rollover isn’t a single-day issue like the Y2K bug it’s frequently compared to. Some manufacturers have squeezed more lifespan into their receivers by using pivot dates to start counting the 1,024 weeks from the date the firmware was compiled, rather than from the first day of the second GPS epoch. Microsemi, a manufacturer of timing receivers, has published a list of such “internal rollover events” happening on different dates from 2022 to 2033.
The bottom line: be aware of the risks to GPS-enabled systems, and act accordingly
It’s important to note that these observations don’t just apply to this rollover event. They serve to highlight our growing dependence on GPS/GNSS, and reveal how system events, if not mitigated for, can disrupt activities of all kinds.
Manufacturers, integrators and mission-critical GPS users all must stay aware of the different ways in which GPS service and reception can be disrupted, and take timely steps to ensure receivers are not affected.
Stay up to date with GNSS vulnerabilities
Threats to GPS/GNSS-enabled equipment are evolving all the time. To stay up to date with the latest news, events and incidents, join the growing community in the GNSS Vulnerabilities LinkedIn Group.