NIST Seeks Public Input on Use of Positioning, Navigation and Timing Services to Improve Cybersecurity

To bolster the resilience of the Global Positioning System (GPS) and the wide scope of technologies and services that rely on precision timing, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) is requesting information from the public about the broad use of positioning, navigation and timing (PNT) services, as well as the cybersecurity risk management approaches used to protect them.

The request, posted in the Federal Register, is part of NIST’s response to the Feb. 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services.

“GPS and PNT are critical and essential components of the U.S. economy,” said Department of Commerce Secretary Wilbur Ross. “It is imperative that our GPS and PNT systems be fully secure and able to withstand cyber incursions. Following President Trump’s executive order, the government will continue to test the nation’s critical GPS and PNT systems, develop pilot programs to enhance their resilience, and incorporate the best technologies, software and services to safeguard the security and vitality of this crucial infrastructure.”

The order notes that “the widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.”

“Location and timing-based services have become part of the lifeblood of our economy,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “Not only do we depend upon accurately synchronized GPS satellites to guide us in navigation, but we rely on precision timing to coordinate electricity distribution, synchronize global communications networks, and generate reliable weather forecasts. Securing these PNT-based systems against cyberattack is crucially important for our way of life.”

This request, aimed primarily at technology vendors and users of PNT services, contains questions designed to elicit a wide-ranging picture of how PNT is used across different sectors of the economy. NIST will use the answers to inform the creation of a profile document intended to improve the resilience of PNT technologies and services. This document will join the growing list of profiles made to help apply the NIST Cybersecurity Framework to particular economic sectors, such as manufacturing, the power grid and the maritime industry.

NIST is accepting responses to the request until July 13, 2020. For more information, including instructions on how to submit responses by mail or electronically, visit the PNT page on the NIST website. Relevant comments will be posted to the page after the response period closes.

NIST plans to release an initial draft of its PNT profile document this summer. The agency also will solicit public comments on this initial draft before publishing a final version on or before Feb. 12, 2021.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?