Public input requested on use of GPS for cybersecurity risk management

The National Institute of Standards and Technology (NIST) plans guidance to strengthen cybersecurity of related tech, in response to White House order.

By National Institute of Standards and Technology May 29, 2020

To bolster the resilience of the Global Positioning System (GPS) and the wide scope of technologies and services that rely on precision timing, the National Institute of Standards and Technology (NIST) is requesting information from the public about the broad use of positioning, navigation and timing (PNT) services, as well as the cybersecurity risk management approaches used to protect them.

The request, posted today in the Federal Register, is part of NIST’s response to the Feb. 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services.

“GPS and PNT are critical and essential components of the U.S. economy,” said Department of Commerce Secretary Wilbur Ross in a press release. “It is imperative that our GPS and PNT systems be fully secure and able to withstand cyber incursions. Following President Trump’s executive order, the government will continue to test the nation’s critical GPS and PNT systems, develop pilot programs to enhance their resilience, and incorporate the best technologies, software and services to safeguard the security and vitality of this crucial infrastructure.”

The order notes, “The widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.”

“Location and timing-based services have become part of the lifeblood of our economy,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “Not only do we depend upon accurately synchronized GPS satellites to guide us in navigation, but we rely on precision timing to coordinate electricity distribution, synchronize global communications networks, and generate reliable weather forecasts. Securing these PNT-based systems against cyberattack is crucially important for our way of life.”

This request, aimed primarily at technology vendors and users of PNT services, contains questions designed to elicit a wide-ranging picture of how PNT is used across different sectors of the economy. NIST will use the answers to inform the creation of a profile document intended to improve the resilience of PNT technologies and services. This document will join the growing list of profiles made to help apply the NIST Cybersecurity Framework to particular economic sectors, such as manufacturing, the power grid and the maritime industry.

NIST is accepting responses to the request until July 13, 2020. For more information, including instructions on how to submit responses by mail or electronically, visit the PNT page on the NIST website.

NIST plans to release an initial draft of its PNT profile document this summer. The agency also will solicit public comments on this initial draft before publishing a final version on or before Feb. 12, 2021.

– Edited from a National Institute of Standards and Technology press release by CFE Media.