November 7, 2018 – Raytheon Company’s GPS Next-Generation Operational Control System, known as GPS OCX, has completed rigorous cybersecurity vulnerability assessments that tested the system’s ability to defend against both internal and external cyber threats. GPS OCX prevented the broadcast of corrupt navigation and timing data in all tests, bolstering the program’s readiness for the GPS III launch next month.
“We’ve built a layered defense and implemented all information assurance requirements for the program into this system,” said Dave Wajsgras, president of Raytheon Intelligence, Information and Services. “We’re cognizant that the cyber threat will always change, so we’ve built GPS OCX to evolve and to make sure it’s always operating at this level of protection.”
GPS OCX is the enhanced ground control segment of a U.S. Air Force-led effort to modernize America’s GPS system. The program has implemented 100 percent of the Department of Defense’s 8500.2 “Defense in Depth” information assurance standards without waivers, giving it the highest level of cybersecurity protections of any DoD space system.
The first tests took place April 2-13, 2018, and were led by a contracted ‘blue team’ that aimed to breach the system from within its information assurance boundary. The second round of tests took place May 16-20, 2018, and were led by an Air Force ‘red team’ of cyber-penetration testers who tried to breach the system’s IA boundary from outside. The system worked as designed, validating it is secure.
The assessments took place on the launch and checkout system, GPS OCX Block 0, which was delivered to the U.S. Air Force last year as a fully cyber-secure satellite ground system.