Skip to content
BriefingsRSS · DSI
Series · Part 17 of 53
The Chokepoint Doctrine
When the Sky Goes Dark
Critical InfrastructureMay 20, 202612 min read

When the Sky Goes Dark

Every business continuity plan contains assumptions so foundational they are never written down. GPS works. Satellites are up. The timing signal is accurate. The Iran war moved all four assumptions from the constants column to the variables column. This piece is the operational framework for the GPS timing audit your organisation has almost certainly never done, the Starlink paradox where your resilience measure becomes your single point of failure, the commercial earth observation dependency nobody has classified as critical, and the satellite ground station supply chain whose cybersecurity floor your continuity plan inherits without auditing.

~19 min

The GISI companion piece to this article (The Chokepoint Above Everything) established that Low Earth Orbit is the chokepoint above all chokepoints — the infrastructure layer whose degradation cascades into every system downstream. This piece translates that geopolitical finding into the operational requirement for every enterprise security team, business continuity function, and board risk committee that has not yet modelled what happens inside their organisation when the satellite layer degrades.

The Assumption That the Iran War Just Invalidated

Every business continuity plan contains a category of assumptions that are so foundational they are never written down. They are not documented as assumptions because they are treated as constants — facts about the operating environment that planning does not need to model because they have always been true and are expected to remain true.

GPS works. Satellites are up. The timing signal is accurate. The earth observation data is available. The Starlink backup is online.

The Iran war has moved all four of those assumptions from the constants column into the variables column — not theoretically, not in a future scenario, but operationally, in documented incidents that occurred between February and May 2026 and whose infrastructure implications most enterprise security teams have not yet fully absorbed.

The series that this DSI piece is part of has been mapping those implications layer by layer since the conflict began. The GISI companion piece established that Iran used a Chinese-built satellite to coordinate precision strikes on US military bases, that Israel destroyed Iranian space infrastructure specifically to degrade that capability, that Russia has operational kinetic ASAT weapons that generated 1,500 trackable debris fragments in a single 2021 test, and that a deliberate Kessler cascade in the primary LEO orbital band — technically achievable by multiple state actors with documented capability — would degrade the GPS timing infrastructure, the satellite communications backbone, and the earth observation architecture that modern enterprise operations depend on simultaneously.

This piece asks the operational question that the geopolitical analysis requires: what does your organisation actually do when the sky goes dark — and does your security architecture, your business continuity framework, and your incident response plan reflect an honest answer to that question?

For most organisations, the honest answer is no. Here is what building it requires.

The LEO Dependency Cascade — four enterprise dependency tracks (GPS timing, LEO comms, earth observation, ground segment) showing what each carries, what depends on it, and the T+72h failure mode under an orbital-band degradation event.
The four enterprise dependencies modelled in this piece are not independent failure paths. They share a single orbital band as their common substrate. A 72-hour LEO degradation event triggers all four cascades in parallel — which is why physical-layer diversification (fibre + Starlink) does not produce orbital-layer resilience.

The GPS Timing Audit Your Organisation Has Almost Certainly Never Done

The GPS dependency that most organisations have modelled is the positioning dependency — the logistics routing, the fleet tracking, the delivery coordination that stops working when GPS navigation is unavailable. That dependency is real and worth modelling. It is also the visible surface of a much deeper and less examined dependency that runs through the core of financial, energy, and communications infrastructure.

GPS satellites broadcast two signals simultaneously. The positioning signal tells a receiver where it is. The timing signal tells a receiver what time it is — with nanosecond precision, derived from atomic clocks aboard the satellites, synchronised continuously across the constellation. The timing signal is the infrastructure that the positioning signal is built on. It is also the infrastructure that an extraordinary range of enterprise systems depend on for functions that have nothing to do with navigation.

Financial transaction processing systems use GPS timing to timestamp transactions, coordinate settlement windows, and maintain the sequencing integrity that prevents double-spending and reconciliation failures. Power grid management systems use GPS timing to synchronise frequency across distributed generation and transmission assets — the coordination that prevents the phase mismatches that cause grid instability. Telecommunications networks use GPS timing to coordinate the handoff protocols between base stations that allow mobile devices to maintain connections as they move. Internet routing infrastructure uses GPS timing to maintain the certificate validity windows that underpin HTTPS authentication. Data centre operations use GPS timing to coordinate backup replication, log correlation, and the forensic audit trails that security investigations depend on.

Financial systems rely on GPS timing to maintain stable markets. When just one satellite goes down, the effects ripple outward.

The audit question that most enterprise security teams have never formally asked is this: which of our systems depend on GPS timing rather than GPS positioning — and what is the failure mode of each one if the timing signal is degraded, spoofed, or unavailable for 72 hours?

The answer requires mapping systems that were never designed with GPS dependency as a documented architectural assumption. The payment processing system that uses GPS timing for transaction sequencing was not documented as GPS-dependent when it was procured. The backup generator that synchronises with the grid frequency using GPS timing was not installed as a satellite-dependent system. The certificate authority that validates TLS connections using GPS-synchronised time was not classified as space infrastructure. None of these dependencies appear in the asset inventory under the category “satellite dependent” — because they were implemented by engineers solving specific engineering problems, not by security architects documenting infrastructure dependencies.

The practical methodology for conducting this audit has three steps. The first is querying every system administrator in the organisation for any system that uses an external time source — NTP servers, PTP protocols, hardware time references. The second is tracing every NTP server in the organisation’s infrastructure to its upstream time source, and identifying which upstream sources ultimately derive from GPS. The third is modelling the failure cascade for each GPS-dependent system under two scenarios: a 72-hour GPS timing signal degradation, and a GPS spoofing event in which the signal is present but inaccurate by a defined margin.

The organisations that have done this audit are a small minority. The organisations that need to do it before the next GPS spoofing event scales from 700 aircraft and 1,100 vessels to the financial transaction infrastructure of a major economy are every organisation whose operations depend on any of the systems described above — which is to say, almost every organisation of meaningful scale operating in any developed economy.

DSI Advisory

Assessing supply chain or infrastructure risk for a decision ahead?

DSI Advisory Services helps boards, business leaders, defence institutions, and security leaders understand threats before they reach the horizon — where cyber, geopolitics, and business risk converge.

Commission a supply chain assessmentExplore advisory