The interconnected fragility of modern critical infrastructure was laid bare in recent weeks through two seemingly disparate events: a mundane power failure in a major city and a strategic shift in global positioning technology. For cybersecurity and operational technology (OT) professionals, these incidents are not isolated news items but interconnected warning signs of systemic risk. The era of defending digital systems in isolation is over; the new paradigm requires securing the foundational physical and signal-based services that the digital world is built upon.
The San Francisco Grid Test: When the Plug is Pulled on Autonomy
In late December, a power outage in San Francisco provided an unplanned, real-world stress test for the future of transportation. A fleet of driverless taxis, operated by a leading autonomous vehicle (AV) company, came to an abrupt and complete standstill. The vehicles, which rely on a constant connection to remote guidance and monitoring systems, simply froze in place when the local grid failure disrupted their operational centers and, crucially, the cellular networks and local infrastructure they depend on.
The result was more than an inconvenience. Passengers were stranded inside immobilized vehicles, traffic was blocked, and municipal emergency responders had to intervene. The incident served as a stark demonstration of a core OT security principle: advanced digital systems are only as resilient as the critical infrastructure supporting them. In this case, the failure was not a sophisticated cyberattack on the vehicles' software but a simple loss of electrical power—a routine physical event with severe digital consequences. It highlighted the cascading failure potential where a disruption in one infrastructure layer (power) immediately cripples another (smart transportation), creating safety and public order challenges.
The PNT Resilience Awakening: Moving Beyond a Single Point of Failure
Parallel to this physical demonstration of fragility, the critical infrastructure and defense sectors have been accelerating a strategic pivot throughout 2025. The focus is on mitigating dependence on the Global Positioning System (GPS) for Positioning, Navigation, and Timing (PNT) data. For decades, GPS has been the invisible utility underpinning everything from financial transaction timestamps and cellular network synchronization to the navigation of ships, planes, and, yes, autonomous vehicles.
However, GPS signals are weak and vulnerable. They can be easily jammed by cheap, readily available devices or spoofed—where a false signal tricks a receiver—to provide incorrect location or time data. Nation-state actors have demonstrated sophisticated spoofing capabilities, and the threat of kinetic attacks on space-based assets adds another layer of risk. Relying solely on GPS represents a catastrophic single point of failure for national and economic security.
This recognition has fueled what industry analysts are calling "The Year of PNT Resiliency." The push is towards complementary and backup PNT systems that create a resilient, multi-source fabric. Key initiatives include the commercialization and deployment of terrestrial-based PNT networks. These systems use ground-based beacons to broadcast secure, strong timing and positioning signals that are far harder to disrupt over a local or regional area. Companies like NextNav are at the forefront, working to provide this "terrestrial layer" of resilience. Furthermore, efforts are expanding to leverage other satellite constellations (like Europe's Galileo or Japan's QZSS) and advanced inertial navigation systems to create assured PNT.
Convergence and the Cybersecurity Mandate
The San Francisco outage and the PNT resilience movement are two sides of the same coin. They both address the soft underbelly of digital transformation: the assumption that foundational services will always be available.
For cybersecurity teams, especially those moving into the OT and Internet of Things (IoT) realms, the implications are profound:
- Expanded Threat Surface: The attack surface now explicitly includes the power grid and the radio frequency spectrum (for PNT signals). Adversaries can achieve disruptive objectives by targeting these foundations rather than attacking a hardened digital front door.
- Cascading Risk Assessment: Security audits and business impact analyses must now model cascading failures. What happens to your smart factory, port, or building management system if the local substation fails? What if GPS timing is lost for 24 hours?
- Architecture for Resilience: The priority is shifting from pure prevention to designing systems that can fail gracefully or maintain limited operation (a "limp mode") when foundational services are degraded. Can an autonomous vehicle pull over safely if it loses connectivity? Can a power grid switch to manual operations if its PNT-synchronized controllers are spoofed?
- Public-Private Coordination: Securing these foundational layers is not a task for individual corporations alone. It requires unprecedented coordination between infrastructure operators, technology providers, telecommunications companies, and government regulators to establish standards, share threat intelligence, and deploy backup systems like terrestrial PNT networks.
The Path Forward: Integrating Physical and Cyber Resilience
The lesson is clear. Cybersecurity is evolving into system resilience engineering. The profession must integrate deep knowledge of physical infrastructure dependencies with traditional IT and OT security skills. Investments are urgently needed in technologies that provide visibility into the health of these dependencies (like grid status or PNT signal integrity) and in architectural patterns that decouple critical functions from single points of failure.
The events of late 2025 are not an endpoint but a starting pistol. They are a wake-up call to move beyond securing bits and bytes and toward securing the very foundations upon which our digital society is built. The resilience of our power grids and the assurance of our positioning and timing data are no longer just utility problems—they are paramount national security and cybersecurity challenges.
Comentarios 0
Comentando como:
¡Únete a la conversación!
Sé el primero en compartir tu opinión sobre este artículo.
¡Inicia la conversación!
Sé el primero en comentar este artículo.