Arbiter Systems 1094B GPS Clock Spoofing Vulnerability

Low RiskICS-CERT ICSA-14-345-01Sep 13, 2014

Energy

Summary

The Arbiter Systems Model 1094B GPS Substation Clock is vulnerable to GPS signal spoofing attacks. An attacker with RF transmission capability or physical proximity to the GPS antenna can inject false GPS signals, causing the clock to accept incorrect time values. The device performs insufficient validation of received GPS signals, making it susceptible to time manipulation attacks that could disrupt timestamp-dependent substation functions including event logging, fault recording, and relay coordination.

What this means

What could happen

An attacker could spoof GPS signals to manipulate the clock in your substation, causing incorrect timestamps that could disrupt SCADA logging, event sequencing, and protective relay coordination.

Who's at risk

Energy sector operators managing substations that rely on the Arbiter 1094B GPS clock for timing-critical functions: SCADA event logging, protective relay coordination, synchrophasor (PMU) timestamp alignment, and digital fault recording. Any substation using this clock for distributed automation or microgrid control is affected.

How it could be exploited

An attacker with physical proximity or RF transmission capability sends false GPS signals to the 1094B antenna. The device accepts the spoofed time and updates its internal clock without validation, affecting all dependent systems that rely on accurate timestamps.

Prerequisites

Physical or RF proximity to GPS antenna
GPS signal transmitter or software-defined radio equipment
No authentication or credentials required

no patch availablephysical or RF access requiredaffects timing-critical infrastructureno authentication required

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

GPS Substation Clock: Model_1094BModel 1094BNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDUse an independent time source (atomic clock, network time protocol from internal secure server) to cross-check and validate the GPS-derived time

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGShield the GPS antenna with RF filtering or faraday cage to reduce susceptibility to external signal injection

HARDENINGRegularly audit and log all time changes on the 1094B and systems that consume its time signal

Mitigations - no patch available

0/2

GPS Substation Clock: Model_1094B has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement GPS signal integrity monitoring and anomaly detection to alert on sudden time jumps or impossible time changes

HARDENINGIsolate the GPS receiver and 1094B clock on a physically separated network segment with restricted access

CVEs (1)

CVE-2014-9194

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ef901d6a-7a7c-4fe0-ae9c-410c0eb22a85

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.