Assured PNT in contested environments: A multi-layered approach to PNT protection

Modern defense and critical infrastructure operations depend on the foundation of assured PNT. Positioning and navigation may capture the headlines, but without resilient, precise time, mission systems can quietly begin to fail, often before those overseeing these systems even realize it’s happening.

The challenge is that GNSS disruptions are growing more frequent and more sophisticated. Jamming, spoofing, meaconing and cyber-enabled interference are now routine in contested environments. For organizations that rely on precise timing for synchronization, communications and command-and-control, governments are now looking on with increased scrutiny, asking how well these organizations are prepared.

With over 75 years of experience in timing, Oscilloquartz has continually refined its solutions and approaches. This experience has led to our multi-layered approach to PNT protection for mission timing, a strategy informed by real-world testing and deployments, aligning with the US Department of Homeland Security’s (DHS) Resilient PNT Conformance Framework as well as the IEEE P1952 Standard for Resilient Positioning, Navigation and Timing (PNT) User Equipment. Rather than relying on a single mechanism or detection method, this approach embraces layered resilience with overlapping protections designed to each add its own unique form of resilience while filling any gaps in protection that there may be in the other layers.

The problem with a single layer of protection

While GNSS was originally designed for military use, it was not intended to operate in the highly contested environments found on today’s battlefields. Its low-power signals have built-in vulnerabilities that modern interference techniques have exploited, sometimes intentionally, sometimes unintentionally.

Modern mission systems are tightly interconnected by design. This enables better coordination and efficiency, but it also means that a single GNSS disruption can ripple across multiple systems, creating a domino effect. Timing errors can spread while network synchronization degrades, impacting encrypted communications and critical operations.

The DHS Resilient PNT Conformance Framework highlights this risk clearly: resilience is not one single feature, it is a combination of preparation, detection, response and recovery.

That philosophy has guided our approach: in timing, a single layer of protection means a single point of failure.

Real-world conditions demand real-world testing

Theory is a great place to start, but there’s only so much testing we can do in a lab.

Oscilloquartz has validated this approach through a range of controlled and operational test environments, including large-scale jamming and spoofing exercises conducted in Europe and North America. We utilized the annual Jammertest event to test and verify our theory that using multiple layers of protection is essential for achieving the best results. These tests reinforced an important lesson: no single layer detects every threat scenario, and if we use all of these layers together, then we significantly increase protection against cyber and RF‑based threats.

Protecting mission timing is similar to preparing for severe weather: a single layer is rarely enough. Multiple layers working together provide higher assurance, greater resilience and better protection against unpredictable conditions.

A layered strategy for mission timing resilience

Rather than claiming perfect detection or absolute immunity in any one area, our strategy focuses on breadth of defense. Each layer addresses a different type of threat, ensuring that if one layer is bypassed or degraded, others remain active.

Below is a conceptual overview of the four layers and how they work together to protect your system.

Layer 1: Antenna system front-end protection

The first line of defense exists at the signal level. This layer focuses on reducing exposure before interference reaches the timing system.

Key elements:

• Qualified anti-jamming and controlled reception pattern antennas (CRPA)
• Analyzing GNSS message integrity and implementing additional protection algorithms
• Robust antenna designs for harsh environments

While no antenna can eliminate interference entirely, front-end protection significantly raises the barrier for opportunistic or wide-area attacks. This aligns with DHS guidance on protective measures as a foundational element of resilience.

Layer 2: GNSS signal monitoring verification

Once signals enter the system, continuous monitoring and validation become essential. This layer focuses on assessing the trustworthiness of GNSS data in real-time, identifying inconsistencies that may indicate jamming, spoofing or manipulation.

Rather than relying on a single detection method, effective monitoring correlates multiple indicators:

• Signal strength and noise anomalies
• GNSS navigation message integrity checks

A key element of this layer is Galileo Open Service Navigation Message Authentication (OSNMA), which allows receivers to verify that Galileo navigation messages originate from the genuine constellation and have not been modified in transit. While authentication alone does not prevent jamming, it significantly strengthens protection against spoofing attacks that attempt to manipulate navigation data while maintaining plausible signal characteristics.

When combined with traditional monitoring techniques, OSNMA enhances confidence in GNSS timing and provides early warnings of potential issues.

Importantly, this layer is designed to inform system behavior, not act in isolation. Detection and authentication feed into higher-level decision logic that determines when to rely on GNSS and when to transition to alternative timing sources.

This approach reflects a core principle of the DHS Resilient PNT Conformance Framework: detection must be paired with an informed response.

Layer 3: Meaconing detection through probing and cross-reference validation

Many modern PNT systems already include probing or measurement software used for monitoring signal quality, delay and stability. Layer 3 builds on these existing capabilities but applies them differently.

Traditional systems measure incoming timing sources against GNSS, assuming GNSS to be a trusted reference. In contested environments, that assumption no longer holds.

Layer 3 deliberately inverts this logic and instead asks if the internal signal matches GNSS.

Using probing software, the system continuously measures GNSS time against stable, trusted sources such as:

• Local oscillators or atomic clocks
• Network distributed time (such as PTP)
• Internally maintained time scales
• References from GNSS alternatives such as LEO

This approach is particularly effective against meaconing attacks, where authentic GNSS signals are rebroadcast with controlled delays. Because the navigation message itself remains valid, and may even authenticate correctly, RF-based or message-level checks alone are often insufficient.

However, even subtle rebroadcast delays will manifest as time divergence when GNSS is compared against a stable, independent reference.

Layer 3’s probing software is designed to:

• Measure relative timing offsets and delay behavior over time
• Alert when observed deviations exceed expected physical or operational limits
• React by adjusting confidence levels or triggering mitigation efforts

For detection, the system evaluates data for trends, consistency and context, distinguishing between environmental effects, benign anomalies and deliberate manipulation.

This methodology aligns closely with the DHS Resilient PNT Conformance Framework’s emphasis on cross-validation, independence and informed response, particularly for threats that preserve signal authenticity while compromising integrity.

Layer 4: System management, control and intelligence

The final layer focuses on managing the entire system. This layer introduces centralized control and software intelligence through network management systems, providing operators with a unified view of timing health, integrity and confidence across distributed infrastructure. 

Modern network management platforms do more than collect alarms. They streamline management processes, assist in the isolation of faults, gather performance data and deliver comprehensive reporting for seamless data and synchronization network operations. They also assure the health status of each device and provide a view on domain and master-client hierarchy.

By applying machine learning and artificial intelligence, we’re able to automate processes, evaluate trends and raise early warnings.

Platforms such as Mosaic Sync Director and Mosaic Network Controller enable this capability by acting as the intelligence and orchestration layer for resilient timing architectures. They transform timing data into situational awareness and help operators distinguish between anomalies and threats.

This approach reflects one of the core themes of the Resilient PNT Conformance Framework: no single technology can deliver resilience alone. True resilience emerges from the intelligent combination of multiple sources.

Alignment with the IEEE P1952 and DHS Resilient PNT Conformance Framework

While the Oscilloquartz multi-layered approach to PNT protection has evolved through real-world engineering and testing, the DHS Resilient PNT Conformance Framework provides a valuable reference model for the broader industry.

The framework emphasizes:

• Preparation over reaction
• Detection paired with response capability
• Recovery as a core design requirement
• Layered, system-level thinking

These principles closely mirror how modern timing architectures must be designed, particularly those engineered for defense and mission-critical applications. The framework has helped shift industry thinking away from simply using GNSS as a backup and more towards the idea of PNT resilience as an operational standard.

Looking ahead

The Oscilloquartz multi-layered approach to PNT protection has expanded beyond theory and testing. These strategies are already actively deployed across defense, aviation, energy and critical infrastructure. Our solutions are integrated into live systems, informed by operational feedback and refined through continuous improvement and testing methodologies such as the annual Jammertest event.

As interference techniques continue to evolve, resilience will remain a moving target. However, the direction is clear: mission timing must be engineered while prioritizing cybersecurity and redundancy.

By combining signal protection, monitoring, holdover and multi-source validation, guided by frameworks such as the IEEE P1952 and DHS Resilient PNT Conformance Framework, organizations can move beyond single-point dependencies and toward timing architectures built for contested environments.

Contact us today to learn how our team of experts can use the Oscilloquartz multi-layered approach to PNT protection to secure your timing ecosystems from the latest threats to resiliency.

This article is informed by field testing, customer deployments and internal technical leadership within Oscilloquartz, including contributions from Bartek Kropiewnicki and the product management team through their work at recent industry and government-led resilience exercises.