Adaptive PageRank for systemic risk evaluation in interconnected PNT systems

Positioning, Navigation, and Timing systems serve as essential components of space-based communications infrastructures and another mission-critical cyber-physical system. As the complexity and number of interconnections of these systems increase, their security posture becomes increasingly vulnerable to cyber threats targeting both devices and communication links. This paper presents a comprehensive and quantitative risk assessment framework specifically designed for PNT-enabled infrastructures, with a particular emphasis on the vulnerabilities inherent in communication-connected architectures. The proposed methodology aims to support security prioritisation decisions while taking into account the complex interdependencies characteristic of PNT systems. Our approach models the system as a Weighted Directed Acyclic Graph, where nodes represent physical and logical PNT devices and edges represent both communication channels and attacker techniques derived from the MITRE ATT&CK matrix. Risk levels for devices are calculated using CVSS scores from the National Vulnerability Database, while edge weights are informed by technique severities defined by CAPEC. A modified PageRank algorithm is used to evaluate and prioritise critical nodes and communication paths, considering both local vulnerabilities and their potential for systemic propagation. Three complementary analysis scenarios are presented to validate the framework to provide operators with different perspectives on potential system vulnerabilities. The proposed methodology provides a scalable, standards-based approach for enhancing the resilience of satellite communication and navigation infrastructures through data-driven risk quantification.