UN-GGCE Portal

Appearance

Reference Verification: Documented Supply Chain Disruptions and Risk Taxonomy

This document provides the verifiable historical context behind the assertions made in the UN-GGCE supply chain modeling regarding real-world disruptions to the global geodesy supply chain. It covers four categories of documented events — U.S. government shutdowns (2013, 2018-2019, 2025), compounded institutional disruption (2025-2026), geopolitical conflict (Russia-Ukraine 2022), and systemic administrative fragility — and synthesises them into a five-category risk taxonomy mapped to the guiding architectural principles and the PPTD capability framework.

1. U.S. Government Shutdowns: Empirical Stress Tests

In the global geodetic community, the 2013 and 2018-2019 shutdowns are cited as empirical "stress tests" that exposed Single Points of Failure (SPOF).

The 2013 Shutdown (Oct 1–16, 2013)

  • The Vulnerability: The IGS Analysis Center Coordinator (ACC) was hosted by NOAA’s National Geodetic Survey (NGS).
  • The Impact: Under the Antideficiency Act, NGS personnel were furloughed, and all public-facing services (OPUS, CORS data) went offline.
  • Resilience Proof: Core IGS products continued via distributed international infrastructure (IGSMAIL-6826), but the administrative failure was evident: the NGS/ACC failed to submit their annual report to the IGS technical record.

The 2018–2019 Shutdown (35 Days)

  • The Vulnerability: CDDIS (Global Data Center) is hosted at NASA Goddard Space Flight Center (GSFC).
  • The Impact: 95% of NASA personnel were furloughed. CDDIS automated data flow continued, but manual curation and U.S. Analysis Center contributions were suspended.
  • Resilience Proof: The final orbit products were not compromised because the ACC (Geoscience Australia/MIT) and other Global Data Centers (IGN, BKG) remained operational outside the U.S. federal impact.

2. Evidence of Systemic Administrative Fragility

A longitudinal review of IGS Technical Reports (2013 vs. 2018) reveals a persistent pattern of "No report submitted," indicating that the supply chain's documentation and administrative capacity are highly fragile and secondary to operational delivery.

Entity Type2013 (No Report Submitted)2018 (No Report Submitted)
Analysis CentersMIT, NGS (ACC), SIO, WHUMIT, SIO, ESA/ESOC, GOP
Global Data CentersSIO, IGN, KASISIO, IGN, KASI
Working GroupsClock Products, Orbit Dynamics, RT PilotClock Products, Orbit Dynamics, GNSS Monitoring, Reference Frame

Strategic Findings for UN-GGCE:

  1. Permanent Data Center Reporting Gaps: The consistent failure of Global Data Centers (SIO, IGN, KASI) to submit reports across a 5-year span highlights a critical lack of administrative resourcing for global data curation.
  2. Gap in Global Network Monitoring ("Network Operations"): The inability of these institutions to consistently publish health, status, and throughput reports is a direct manifestation of low maturity in Network Operations (Capability L3, scoring 2.3). Without routine operational reporting, effective "Global Network Monitoring" is impossible, leaving the supply chain blind to creeping degradation.
  3. "Best-Effort" Governance: Major institutions (including ESA/ESOC and the Reference Frame Working Group in 2018) dropping out of the technical record proves that administrative accountability is not strictly enforced.
  4. Operational vs. Administrative Resilience: The supply chain is technically resilient (it keeps the data flowing) but administratively fragile (it fails to document its own processes and institutional health). This explicitly validates the UN-GGCE's focus on PPTD (People, Process, Technology, Data) maturity, as "Process" and "People" (Succession/Capacity) are clearly the lowest-scoring dimensions.

3. 2025–2026: Compounded Institutional Disruption

The 2025-2026 period produced the most severe sustained disruption to US-hosted IGS infrastructure since 2018-2019, combining a natural disaster affecting the IGS Central Bureau, a 42-day federal government shutdown, and DOGE-driven workforce reductions across the three key US institutions underpinning the supply chain. Unlike 2013 and 2018, no IGS Technical Report covering this period has yet been published — the administrative impact on the technical record will only become visible retrospectively.

The January 2025 Los Angeles Wildfires — Confirmed Supply Chain Disruption

  • The Vulnerability: The IGS Central Bureau (CB) is hosted at NASA Jet Propulsion Laboratory (JPL), Pasadena, California.
  • The Impact: On 9 January 2025, JPL experienced network and power failures due to the Los Angeles wildfires. The CB Director notified the IGS community via IGSMAIL-8553: "Due to local winds and wildfires, there have been network and power issues affecting some of our computing systems. While backup systems are now operational, there may be more interruptions and delays as the situation unfolds."
  • Duration: Six days. Primary systems restored 15 January 2025 (IGSMAIL-8555).
  • Classification: Confirmed supply chain disruption. RINEX data delivery delays confirmed. The cause was a natural disaster rather than a policy action, but the event demonstrates the physical single-site vulnerability of the CB's northern-hemisphere hosting location.

The October–November 2025 U.S. Government Shutdown (42 Days)

  • The Vulnerability: NASA Goddard Space Flight Center (GSFC) hosts CDDIS (the primary IGS Global Data Centre) and the NASA Space Geodesy Project, and is the incoming host of the IGS Analysis Centre Coordinator (ACC) function.
  • The Impact: The US government shut down on 1 October 2025. Approximately 15,000 of NASA's 18,218 civil servants were furloughed. At GSFC specifically, multiple buildings were emptied and padlocked during the 42-day shutdown, with furloughed workers recalled to clear facilities (CNN, 4 November 2025). GSFC Director Makenzie Lystrup had resigned 22 July 2025, prior to the shutdown. The shutdown ended 12 November 2025 under a continuing resolution.
  • Geodetic supply chain impact: No CDDIS service outage notice was issued during the shutdown period, consistent with automated data flows continuing as in 2018-2019. However, manual curation, troubleshooting capacity, and quality oversight at CDDIS would have been reduced during the furlough. The IGS mail archive contains no messages attributing product delays to the shutdown.
  • Classification: Confirmed institutional disruption; no confirmed product failure in the IGS archive record. The 2018-2019 precedent suggests automated data flow continued; administrative and quality-oversight capacity cannot be confirmed.
  • Sources: NASA Shutdown Page; Planetary Society (12 Nov 2025); CNN (4 Nov 2025).

DOGE Workforce Reductions at US IGS Host Institutions, 2025

Three of the four most critical US institutions in the IGS supply chain sustained significant workforce reductions through DOGE-related actions beginning February 2025:

InstitutionIGS RoleWorkforce ImpactSource
NOAA/NGSIGS Analysis Centre; CORS Network (~2,000 stations); NSRS modernisation25%+ staff lost by May 2025; NOS budget proposed at more than 50% cutWired (21 May 2025); PBS NewsHour
NASA GSFCCDDIS (primary GDC); Space Geodesy Project; incoming ACC host~1,000 civil servants lost (~32% of federal workforce at GSFC); 447 deferred resignationsSpace.com; Greenbelt News Review
NASA JPLIGS Central Bureau; GipsyX Analysis Centre~1,500 jobs lost across 4 rounds (2024-2025), ~25% of total workforceSpaceNews; CalTech; LAist
  • NOAA's FY2026 appropriation (signed 23 January 2026) was enacted essentially flat at $6.171 billion — the deep OMB-proposed cuts did not materialise into law for FY2026. However, the workforce damage from February onward RIFs occurred before the appropriation was settled and is not reversed by the enacted budget.
  • NASA's FY2026 appropriation was enacted at $24.438 billion, flat with FY2025 — but the proposed FY2027 budget (April 2026) includes a 24% topline cut and 46% science cut, which remains an active forward-looking threat.
  • No service disruption notices appear in the 2025-2026 IGS mail archive attributable to any of these workforce reductions.

IGS Mail Archive Evidence: 2025–2026

A review of the complete 2025 archive (IGSMAIL-8546 to 8642, 97 messages) and the 2026 archive to May 2026 confirms:

  • Zero messages mention a government shutdown, DOGE, furlough, or budget disruption.
  • Five rapid product delay incidents were documented (January, March, May, September, and November 2025), each lasting 3–5 hours, all attributable to software and infrastructure faults at the ACC combination server — none to government action.
  • The JPL wildfire disruption (IGSMAIL-8553/-8555) is the only confirmed event in which US institutional disruption caused a documented supply chain impact.
  • IGN France (Nov-Dec 2025, IGSMAIL-8638/-8646) and BKG Germany (Jan 2026, IGSMAIL-8647) each experienced brief GDC outages due to infrastructure faults, demonstrating that GDC-layer disruption is not confined to US institutions.

Important caveat: The absence of shutdown-related disruption notices in the IGS mail archive mirrors the 2018-2019 pattern, where automated data flows continued even as human oversight capacity was degraded. The 2013 and 2018 administrative failures (missed annual reports, working group dropouts) were only documented retrospectively in the IGS Technical Reports — which lag the reporting period by one to two years. No IGS Technical Report for 2024 or 2025 had been published as of the date of this assessment.

Relevance to UN-GGCE Architecture

The UN-GGCE capability modeling flags these patterns because the IGS is currently transitioning critical roles (like the ACC) back into a U.S. federal agency partnership (GA + NASA GSFC). The 2025-2026 period demonstrates that this transition is occurring during the most severe period of institutional instability at US-hosted IGS infrastructure since records began — compounding the jurisdictional concentration risk identified in the 2013 and 2018-2019 stress tests. Without a formalised, internationally governed "break-glass" continuity protocol and dedicated administrative resourcing that is independent of US federal appropriations cycles, the supply chain remains structurally vulnerable to the disruptions now documented across three successive stress events.

4. Geopolitical Conflict: Russia-Ukraine (2022–Present)

The Russian invasion of Ukraine on 24 February 2022 produced the first confirmed instance of geopolitical conflict causing the deliberate removal of infrastructure from the global geodesy supply chain. Unlike U.S. government shutdowns — where disruption is a side-effect of domestic fiscal policy — the 2022 events introduced a new disruption mechanism: sovereign withdrawal and member-driven data witholding as a deliberate political response to armed conflict.

Important framing: The mechanism differs from the Gemini-suggested characterisation of "Western GDCs blocking data streams." What is documented is the opposite direction: Western member stations chose to withdraw data they submitted to shared data centres, and Russia shut down its own infrastructure contributions. No primary source documents a data centre-level access restriction or cybersecurity lockdown.

ILRS — GLONASS Satellite Laser Ranging Data Halted

  • The Vulnerability: GLONASS satellite orbits depend on Satellite Laser Ranging (SLR) data for sub-centimetre absolute trajectory calibration. SLR contributions to the ILRS are made by stations distributed across member states — including UK, Germany, Australia, and others.
  • The Impact: The ILRS Governing Board documented in an email to members on 19 April 2022 that ILRS member stations had "through a combination of stations no longer observing GLONASS satellites, and stations and Data Centers withholding and archiving data, essentially halted the flow of GLONASS data since the beginning of March." The UK's Space Geodesy Facility at Herstmonceux (NERC) formally declared it would stop submitting GLONASS SLR data to ILRS Data Centres. A public petition by ILRS member Daniel Kucharski titled "STOP ILRS from supporting Russian Satellite Navigation System" collected over 35,000 signatures by late April 2022.
  • Geodetic consequence: Loss of SLR data does not immediately disable GLONASS but "undermines its accuracy over time" (ILRS Governing Board statement). The ILRS Governing Board noted the data "is essential to the long-term accuracy of the GLONASS service."
  • Classification: Confirmed — documented by ILRS Governing Board's own statement.
  • Source: Navigation Outlook via RNTF (May 2022) · IAG Statement (3 March 2022)

IDS — DORIS Network Coverage Gap

  • The Vulnerability: The DORIS tracking network (~60 stations globally) contributes to satellite orbit determination for Jason, Sentinel, and SPOT series satellites, and contributes to the ITRF through the IDS combination. Three DORIS beacons were located in Russia.
  • The Impact: The IDS formally decommissioned two Russian DORIS stations in May 2022 (Krasnoyarsk — dorismail 1320; Yuzhno-Sakhalinsk — dorismail 1321). A third station at Badary was shut down explicitly "at Russia's request," creating, in the words of the IDS presentation, "a hole in DORIS coverage." Separately, "an increase of the jamming on the DORIS signals in Eastern Europe" was observed. CNES and IGN acknowledged the coverage gap required new beacon deployments — "requiring agreements to be put in place and work to be carried out, which can take time."
  • Geodetic consequence: Coverage gaps in high-latitude Russia and Siberia affect orbit quality for satellites on polar and near-polar ground tracks. The gap is not immediately fatal to products but degrades geometric strength in an already under-instrumented region.
  • Classification: Confirmed — IDS official decommissioning notices and a dedicated IDS Workshop 2022 paper with explicit causal title.
  • Source: IDS DORIS News (May 2022) · IDS Workshop 2022: "Impact of the Russia-Ukraine war on the DORIS network" — Chauveau, CLS

IGS — Ukrainian GNSS Reference Station Losses

  • The Impact: Peer-reviewed research by the Main Astronomical Observatory (MAO), National Academy of Sciences of Ukraine, processing 273 Ukrainian GNSS stations across multiple national networks, documents approximately a 10% reduction in operationally active stations following the February 2022 invasion (GPS weeks 2106–2237, May 2020 – November 2022).
  • Geodetic consequence: Ukrainian stations contribute to the EUREF Permanent Network (EPN) and the IGS global network. Coverage gaps in eastern Ukraine reduce geometric redundancy in a region where station density was already moderate. No primary source documents a confirmed impact on ITRF combination products or EOP computation from these gaps.
  • Classification: Confirmed reduction in operational station count — documented in peer-reviewed literature with explicit conflict attribution. Impact on IGS product pipelines not independently confirmed.
  • Source: Springer / Kinematics and Physics of Celestial Bodies (2024)

What Was NOT Disrupted

The IVS (VLBI) network continued operating without confirmed disruption — Russian VLBI stations (Zelenchukskaya, Badary, Svetloe, operated by the Institute of Applied Astronomy) remained listed as active throughout 2022-2024. No IGS-level network notices were issued regarding Ukrainian or Russian stations. No primary source confirms a direct impact on ITRF combination, EOP computation, or IGS satellite orbit products from the 2022 events.

The IAG's formal position — "non-political cooperative international scientific organizations do not have the authority to dictate specific actions to their members" — meant that technique service responses were member-driven and uncoordinated, resulting in inconsistent withdrawal across ILRS (significant), IDS (significant), IVS (minimal), and IGS (not documented).

5. Evidential Grounding: Documented Disruptions Mapped to Guiding Principles

The events documented in Sections 1–4 provide direct empirical evidence for each of the six guiding architectural principles. The table below maps every documented event to the principle it validates, the PPTD dimension it exposes, and whether the disruption is immediately detectable or only visible retrospectively.

The immediate/silent detection divide is the most operationally significant pattern in this dataset. Disruptions to Principles 1, 2, and 3 (geographic distribution, political resilience, governance) tend to produce immediate, visible product delays that appear in the IGS mail archive and trigger emergency responses. Disruptions to Principles 5 and 6 (capability maturity, transparency) produce no immediate signal — automated pipelines continue, data keeps flowing, and the damage accumulates in human expertise and governance records until a retrospective review reveals what was lost. The IGS Technical Reports are the only instrument for detecting this silent degradation, and no report has been published for 2024 or 2025.

Principle 1 — Geographic Distribution for Technical Performance

Evidence that geographic concentration of infrastructure directly degrades supply chain resilience.

EventWhat It DemonstratesDetection
2025 LA wildfires — JPL/CB disruption (IGSMAIL-8553)All three primary IGS Operational Data Centres are in the northern hemisphere. When JPL lost power and network connectivity, no southern-hemisphere ODC existed to absorb the load. Six-day disruption resulted.Immediate
DORIS coverage gap — Russia/Siberia (IDS 2022)Removal of three Russian DORIS beacons created a documented "hole in DORIS coverage" in high-latitude Eurasia — a region already under-instrumented. CNES/IGN acknowledged no immediate replacement was possible.Immediate (long-term accuracy)
Southern hemisphere GNSS/VLBI deficitThe Hidden Risk Report and ITRF technical documentation confirm that sparse southern-hemisphere instrumentation degrades reference frame geometric strength when any southern station fails.Structural — visible in EGV accuracy, not in product delivery

Principle 2 — Political Resilience and Distributed Operational Control

Evidence that jurisdictional concentration and geopolitical exposure create confirmed, recurring single points of failure.

EventWhat It DemonstratesDetection
2013 US Shutdown — ACC at NOAA/NGS furloughedACC in a single US federal jurisdiction; Antideficiency Act furloughed all personnel. Core IGS products continued only because distributed international infrastructure absorbed the load.Immediate
2018–2019 US Shutdown (35 days) — CDDIS/GSFCCDDIS automated flow continued but manual curation suspended; US Analysis Centre contributions halted. Products were not degraded only because ACC (GA/MIT) was hosted outside US federal jurisdiction.Immediate (partial)
2025 US Shutdown (42 days) — GSFC, incoming ACCSame CDDIS vulnerability; compounded by ACC transition to GSFC mid-period. No product failure confirmed, consistent with automated-flow resilience — but human oversight capacity was degraded for 42 days.Silent (automation masked)
Russia-Ukraine 2022 — ILRS GLONASS SLR haltedILRS member stations exercised sovereign authority to withhold GLONASS data; ILRS Governing Board documented the halt. Demonstrates that no architecture can substitute for the withdrawal of a sovereign contributor — only pre-existing diversity can absorb it.Immediate (data gap)
Russia-Ukraine 2022 — DORIS stations removed/shutRussia shut Badary DORIS beacon "at Russia's request"; IDS formally decommissioned Krasnoyarsk and Yuzhno-Sakhalinsk. Three stations lost in a single geopolitical event — no replacement possible in the short term.Immediate (coverage gap)

Principle 3 — Centralised Accountability through Multilateral Governance

Evidence that the absence of formal governance, SLAs, and a designated accountable body allows critical functions to fail without remediation triggers.

EventWhat It DemonstratesDetection
2013 ACC disruption — no backup, no MoUNRCan/ESA contingency emerged informally. It was never formalised, contracted, or rehearsed. No SLA governed the transition.Retrospective
2025 ACC transition to GSFC — no break-glass protocolThe ACC is moving to a US federal institution without a formally governed international continuity mechanism. The Oct-Nov 2025 shutdown demonstrated this risk is not hypothetical.Structural
DOGE workforce cuts — NOAA/NGS, GSFC, JPLNo intergovernmental mechanism exists to detect, respond to, or compensate for unilateral workforce reductions at host institutions. The supply chain had no visibility into these losses until reported in the press.Silent
Russia-Ukraine 2022 — IAG non-interventionIAG formally stated it "does not have the authority to dictate specific actions to its members," resulting in inconsistent, uncoordinated responses across ILRS (significant withdrawal), IDS (stations removed), IVS (no action), IGS (no action).Immediate (inconsistent response)

Principle 4 — Technical Interoperability and Data Accessibility

Evidence that data accessibility failures — whether from political withdrawal or technical format gaps — directly limit supply chain resilience.

EventWhat It DemonstratesDetection
Russia-Ukraine 2022 — data withholding mechanismMember stations held SLR data locally rather than submitting to shared ILRS Data Centres. The architectural remedy is not technical (data was collected); it is governance — FAIR data principles and multilateral data-sharing agreements that are binding, not voluntary.Immediate
DORIS signal jamming — Eastern Europe (IDS 2022)Electronic warfare in the conflict zone degraded DORIS signal quality at operational stations. Demonstrates that data quality, not just data availability, is a supply chain variable subject to geopolitical disruption.Immediate
RINEX/SINEX version divergence (IGS operational record)Stations using incompatible standard versions force IGS Coordinators to intervene manually. Richard Gross (IAG President, April 2026): "Things aren't fixed or improved unless there's a failure." Reactive maintenance leaves latent interoperability failures undetected until a crisis amplifies them.Silent (until failure)

Principle 5 — Minimum Capability Maturity Standards

Evidence that the absence of verifiable capability thresholds allows critically fragile institutions to remain on the critical path.

EventWhat It DemonstratesDetection
DOGE cuts — NOAA/NGS (>25% staff lost)NGS lost over a quarter of its workforce before the FY2026 appropriation was settled. No international mechanism existed to detect this, assess its impact on IGS Analysis Centre capacity, or redistribute the function.Silent
DOGE cuts — NASA GSFC (~32% civil servants lost)GSFC is simultaneously the CDDIS host, Space Geodesy Project operator, and incoming ACC partner. A 32% civil servant loss with no succession or capability continuity plan is a direct maturity failure — but triggers no supply chain alert.Silent
JPL layoffs (~25% over four rounds, 2024-2025)The IGS Central Bureau is hosted at JPL. Four rounds of layoffs reducing the workforce by a quarter generate accumulated key-person risk that is invisible in product delivery statistics until a disruption forces it into view (as the wildfires briefly did).Silent (until disaster)
Best-effort voluntary contribution model (IGS, IVS, ILRS)GDCs, Analysis Centres, and Working Groups operate on short-term grants and voluntary contributions with no formal capability floor. When funding lapses, they drop from the technical record silently (SIO, IGN, KASI — 2013 and 2018).Retrospective

Principle 6 — Transparency and Performance Accountability

Evidence that the absence of mandatory reporting leaves the supply chain blind to its own degradation.

EventWhat It DemonstratesDetection
IGS Tech Report dropouts — 2013 and 2018SIO, IGN, and KASI failed to submit GDC annual reports in both 2013 and 2018. Clock Products, Orbit Dynamics, and Reference Frame Working Groups dropped from the record in 2018. No remediation was triggered; the failures recurred.Retrospective only
No IGS Tech Report for 2024 or 2025The primary instrument for detecting silent degradation has not been published for two consecutive years. The compounded institutional disruptions of 2025 — DOGE cuts, Oct-Nov shutdown, JPL layoffs — are occurring in an unmonitored reporting window.Structural gap
CDDIS "zero failure" perception (Richard Gross, April 2026)"CDDIS has a record of zero failure... [which] has inadvertently created a high degree of stakeholder dependency. The real risk is that many stakeholders are unaware of where alternative data sources are located." Absence of failure reporting creates false confidence and discourages investment in redundancy.Structural (perverse incentive)

Summary: Which Principles Are Most Load-Bearing?

Principles 2 and 3 together address the widest range of documented disruptions — every US government shutdown, the Russia-Ukraine geopolitical event, and the absence of break-glass protocols all trace to failures of political resilience and multilateral accountability. They are prerequisites for any credible continuity architecture.

Principle 6 is the detection layer for all silent disruptions. Without mandatory, public, annual reporting against agreed SLAs, Categories 4 and 5 failures — workforce degradation, governance collapse, administrative fragility — remain invisible until they compound into a visible product failure. The current two-year gap in IGS Technical Reports is itself a Principle 6 failure in the monitoring system that is supposed to surface all the others.