Requirements of a NetworkRequirements of a Network

Good working relationship with ITGood working relationship with IT

Secure location for antenna and receiverSecure location for antenna and receiver

Uninterrupted powerUninterrupted power

Capability to log on remotelyCapability to log on remotely

The SC RTNThe SC RTN

We manage the accounts in-houseWe manage the accounts in-house

We have a user feeWe have a user fee

We have one type of subscriptionWe have one type of subscription

Have application and user agreement Have application and user agreement

onlineonline

The South Carolina Real Time NetworkThe South Carolina Real Time Network

GACC

NCHENCSP NCSH

NC77

NCMR NCPO NCRO

NCLU

NCWH

NCSL

SCHA

SCEB

LegendHEIGHT MODERNIZATION STATION Located at non-SCDOT site

HEIGHT MODERNIZATION STATIONLocated at SCDOT site

PROPOSED SITE

SC Real Time GPS Network (SC RTN)

SC RTN comprises 53 base stations continuously collecting and transmitting GPS dataSC RTN provides real-time corrections, via cell phones, to users in the field operating GPS equipmentUsers in the field provided with real-time coordinates and elevations accurate to + 0.1 foot471 Subscribers to the SC Real Time Network include, but are not limited to:

Registered Professional Land Surveyors and EngineersGeographic Information System (GIS) ProfessionalsFederal, State, County and Municipal PlannersSCDOT and SCDOT Contractors using GPS Machine Control for Road ConstructionThe Army Corps of Engineers

The SC DOTThe SC DOT

Thirty six receiversThirty six receivers

All assigned an internal 10. addressAll assigned an internal 10. address

Data streams to the SCDOT headquartersData streams to the SCDOT headquarters

SLA between the two offices SLA between the two offices VPN between SCDOT and ORS server VPN between SCDOT and ORS server

farmfarm

Other LocationsOther Locations

Educational facilitiesEducational facilities Colleges, Technical CollegesColleges, Technical Colleges

Municipal BuildingsMunicipal Buildings Court Houses, Public Works facilities, Pump Court Houses, Public Works facilities, Pump

Houses, State Port Authority, State OfficesHouses, State Port Authority, State Offices

Fire DepartmentsFire Departments

Network ConfigurationNetwork ConfigurationFirst GenerationFirst Generation

Network ConfigurationNetwork ConfigurationSecond GenerationSecond Generation

Receiver Receiver Trimble NetR9Trimble NetR9

Firewalls and ProtectionFirewalls and Protection

Static IP AddressStatic IP Address

IO and HTTPIO and HTTP

Password ProtectionPassword Protection

The SituationThe Situation SCGS was contacted by an  IT contractor working for a municipality that hosts one of our SCGS was contacted by an  IT contractor working for a municipality that hosts one of our

base stations. The IT contractor had received an email from the IT service provider base stations. The IT contractor had received an email from the IT service provider stating that a device, identified by our specific IP address, had been used to create false stating that a device, identified by our specific IP address, had been used to create false requests for data.requests for data.

The “requests” appeared to be from the target of a cyber-attack but were actually The “requests” appeared to be from the target of a cyber-attack but were actually

generated through the NTP server of the GNSS receiver. The small amount of data used generated through the NTP server of the GNSS receiver. The small amount of data used to create the requests in turn generates an exponentially larger amount of data directed at to create the requests in turn generates an exponentially larger amount of data directed at the target. the target.

Upon notification from the IT provider, the IT contractor disconnected our device from the Upon notification from the IT provider, the IT contractor disconnected our device from the municipality’s network. municipality’s network.

SCGS remotely disabled the NTP server at one of our functioning base stations.SCGS remotely disabled the NTP server at one of our functioning base stations.

SCGS has learned that the affected receivers were identified and exploited by a malicious SCGS has learned that the affected receivers were identified and exploited by a malicious search program. All SCGS receivers are now operating as NTP client only with the NTP search program. All SCGS receivers are now operating as NTP client only with the NTP server disabled.  server disabled. 

First true Security problem we First true Security problem we have encounteredhave encountered

ClosingClosing

The security of a network goes back to The security of a network goes back to having a great cooperation with your local IT having a great cooperation with your local IT department.  Building that alliance is department.  Building that alliance is instrumental in offsetting type of cyber attack instrumental in offsetting type of cyber attack to a network.  The idea here is that attacks to a network.  The idea here is that attacks happen 24 hours a day on a network.  happen 24 hours a day on a network. 

Thank-you!Thank-you!

Matt WellslagerMatt WellslagerSouth Carolina Geodetic SurveySouth Carolina Geodetic Survey

5 Geology Rd5 Geology Rd

Columbia, SC 29212Columbia, SC 29212

803-896-7715803-896-7715

matt.wellslager@scgs.sc.govmatt.wellslager@scgs.sc.gov