Timing Under Interference - What's Your Backup?
GPS is not failing. It is being attacked.
And the industries that depend on it for precision timing, financial services, telecoms, critical infrastructure, maritime, aviation, and trading are largely running without a backup plan.
That is not a risk assessment. It is the current state of the world.
The Scale of the Problem Is No Longer Theoretical
In 2024, GPS spoofing incidents increased by 500 percent. Not incrementally. Not gradually. Five hundred percent in a single year, driven by geopolitical conflict and the weaponization of electronic warfare against civilian infrastructure.
In the Baltic Sea, a single jamming event in early 2024 affected over 1,600 aircraft simultaneously. Approximately 200 flights per day are currently impacted by spoofing over the Gulf and around Israel. A maritime collision near the Strait of Hormuz in mid-2025 was linked directly to GPS interference affecting navigation systems. Similar interference has been detected near major airports in Dallas and Denver.
These are not military incidents. They are civilian infrastructure incidents. And they are accelerating.
The US Department of Commerce has modelled what a GPS outage would cost the American economy: $1.6 billion for a single day. $12.2 billion for a week. $58.2 billion for a month. Scale that globally, and a one-week outage represents $80 - 100 billion in cumulative losses. The UK Government's own modelling puts the cost of a 24-hour GNSS outage at over £1.4 billion.
These numbers are cited in government briefings. They are not contested. What is conspicuously absent from most enterprise risk registers is any serious plan for what happens when GPS timing fails.
Why Timing Is the Hidden Dependency
When people think about GPS disruption, they think about navigation. Where is the ship? Where is the aircraft? What road is the vehicle on?
But timing is the other GPS dependency, and it is the one that receives almost no attention.
GPS satellites carry atomic clocks. They broadcast timing signals that financial networks, telecoms infrastructure, trading systems, power grids, and data centres use to synchronize everything they do. Timestamps on transactions. Synchronization between cell towers. Coordination of distributed databases. Sequencing of market orders.
These systems do not navigate. They do not need a position fix. What they need is a precise, continuous, trustworthy time signal, and that signal, right now, largely comes from a single source: satellite.
A Spoofing Attack, a specific class of GPS spoofing, does not disrupt navigation. It corrupts time. The receiver continues to function. It continues to receive signals. Those signals are simply wrong. And in most environments, nobody will know.
For financial services, that means timestamps that cannot be trusted. For telecoms, it means timing drift that reduces network throughput by up to 50 percent. For trading, it means the microsecond ordering that underpins market integrity is silently corrupted. For power grids, it means the synchronization that prevents blackouts begins to degrade.
None of this announces itself. It accumulates quietly until something breaks.
GPS Was Never Designed to Be a Single Point of Failure, But It Became One
The vulnerability of GPS has been known since at least 1995, when the US Department of Defence formally identified the problem. The signal is weak by the time it reaches Earth; it travels 20,000 kilometres from orbit and arrives at roughly the power of a car headlight seen from hundreds of miles away. It is trivially easy to be overwhelmed by interference or to replicate with spoofed signals.
Critical infrastructure operators in telecoms, utilities, finance, and government are now being formally told to stop depending on GNSS as their sole timing source. The UN's International Telecommunication Union has called for the retention of conventional navigation infrastructure and the development of backup alternatives. The UK has committed £155 million to strengthen its positioning and timing infrastructure. In the US, a Presidential Executive Order identified GPS as a largely invisible, yet critical, utility with no adequate backup.
The problem is acknowledged at the highest levels of government. The implementation gap in the private sector remains enormous.
What Interference Actually Looks Like in Practice
Understanding the threat means understanding the different ways it arrives.
Jamming
Jamming is blunt. It floods the GPS frequency with noise, blocking the signal entirely. The receiver loses lock. Systems that depend on timing see it immediately; the signal is simply gone. This is detectable, though not always quickly enough to prevent damage.
Spoofing
Spoofing is surgical. It generates a false GPS signal that mimics the legitimate one. The receiver accepts it. Timestamps are generated. Systems operate normally, except that the time is wrong. There is no alert. There is no alarm. The corrupted timestamps flow into audit trails, trading records, and compliance logs without any indication that they cannot be trusted. This is the scenario that should concern regulated industries most.
Jitter and Drift
Jitter and drift are the everyday realities. Even without deliberate attack, GPS timing signals experience variation, jitter, which introduces uncertainty into systems requiring nanosecond-level precision. Over time, clocks drift. In a single-source timing architecture, there is no reference against which to detect or correct that drift.
Each of these failure modes produces a different kind of damage. All of them have the same underlying cause: dependence on a single, unverified timing source.
The Question Is Not Whether GPS Will Be Disrupted. It Is When.
GPS jamming and spoofing were once rare. They are now battle-tested tools in the electronic warfare arsenal of multiple state actors, increasingly deployed against civilian rather than military targets. The technology required to jam a GPS receiver is available on mainstream commercial marketplaces. The technology required to execute a Time Synchronization Attack on a financial institution is within reach of sophisticated non-state actors.
What is happening over the Baltic, the Gulf, and Eastern Europe today is a live demonstration of what is possible. The question is not whether this will affect critical civilian infrastructure in financial centres. The question is when, and whether those systems have a plan for when it does.
Time Resilience Is Not Redundancy for Its Own Sake. It Is Architecture.
The answer to GPS dependency is not simply 'add more GPS.' Multiple GNSS constellations, GPS, Galileo, GLONASS, and BeiDou, provide some additional resilience, but they share the same fundamental vulnerability: they are satellite-based, they operate in the same frequency ranges, and a coordinated interference event can affect all of them simultaneously.
True timing resilience requires source diversity at the architectural level. That means combining satellite timing with independent terrestrial references, atomic clocks held locally, network-based timing delivered via PTP over dedicated fibre, and continuous integrity monitoring that verifies the time signal against multiple independent sources at all times.
When all sources agree, the system operates normally. When one source deviates, the system detects the anomaly, flags it, and continues to operate from the remaining verified references, without interruption, without operator intervention, and without the kind of silent corruption that a spoofing attack would otherwise produce.
This is what time resilience actually means. Not redundancy as a backup that activates when the primary fails. Continuous multi-source operation in which no single point of failure exists, and in which the integrity of the time signal is verifiable at all times.
What This Means for Your Infrastructure
If your timing architecture depends on a single GNSS receiver feeding your systems, you have a single point of failure. That is true whether you are operating a trading system, a telecoms network, a data centre, or a critical national infrastructure asset.
The risks are not symmetric across industries. For telecoms, timing drift is a throughput and quality-of-service issue that becomes a resilience issue at scale. For financial services and trading, the risk is compliance, market integrity, and audit trail validity — precision timing is not just performance infrastructure, it is regulatory infrastructure, and corrupted timestamps are a regulatory event. For critical national infrastructure, the risk is operational: systems that depend on synchronized timing for their safe operation cannot afford undetected drift.
In every case, the question is the same: if your GPS timing signal is spoofed or jammed today, how long before you know? What continues to operate? What fails? What do your audit trails show?
Most organizations cannot answer these questions. Not because they have not asked them. Because their timing architecture was never designed to answer them.
The Before/After Question
Timing resilience is one of the few infrastructure investments where the value is provable rather than projected.
A resilient, multi-source timing architecture provides continuous monitoring, which means a continuous record of whether your time signals are trustworthy. That record is the evidence your compliance teams need. It is the assurance your risk teams can quantify. And it is the capability that transforms timing from a background utility into a verifiable, auditable infrastructure asset.
The organizations that understand this now will be operating on trusted time when the next major interference event occurs. The organizations that do not will be doing incident response.
Time is no longer a background utility.
It is infrastructure. And like all critical infrastructure, it requires a resilience architecture, not a single source and a hope that it holds.
Hoptroff delivers multi-source timing resilience for financial services, telecoms, and critical infrastructure, with UTC traceability, continuous integrity monitoring, and compliance evidence built in. Time as a Service®. Time you can trust, prove, and operate on.