NIST Seeks Input on Position Navigation and Timing Services 

Andrii Yalanskyi/Shutterstock.com

The agency is tasked by an executive order to develop profiles for the technology based on its cybersecurity framework to inform agencies’ procurement. 

The National Institute of Standards and Technology has issued a request for information aimed at making the technology associated with the Global Positioning System more resistant to cyberattack.

The deadline for responding to the notice NIST posted in the Federal Register Wednesday is July 3. NIST has recorded a related webcast responding to questions it fielded on Twitter last week and plans to publish it here on June 4 at 2 p.m., an official confirmed to Nextgov.  

GPS mapping is just one application of a host of services such as precision banking and microsurgery that are enabled by the constellation of satellites and clocks behind Position Navigation and Timing systems. These PNT services are vulnerable to adversaries “jamming,” “spoofing” or otherwise interfering with the signals the technology relies on.  

On Feb. 12, President Trump issued an executive order instructing the Commerce Department to work with appropriate agencies to come up with “PNT profiles” that would form the basis of procurement requirements for federal agencies. 

A White House official at the time clarified the profiles would draw from NIST’s 2014 framework of cybersecurity standards for critical infrastructure. 

“GPS and PNT are critical and essential components of the U.S. economy,” Commerce Secretary Wilbur Ross said in a NIST press release announcing the RFI. “It is imperative that our GPS and PNT systems be fully secure and able to withstand cyber incursions. Following President Trump’s executive order, the government will continue to test the nation’s critical GPS and PNT systems, develop pilot programs to enhance their resilience, and incorporate the best technologies, software and services to safeguard the security and vitality of this crucial infrastructure.”

The RFI asks very basic questions—such as “Identify any standards, guidance, industry practices and sector specific requirements referenced in association with managing public or private sector cybersecurity risk to PNT services”—though NIST has been working on the issue for years. 

During a November 2018, meeting of NIST’s Information Security Privacy Advisory Board, an official said the agency was working then to establish a program where industry would self-certify adherence to best practices outlined by the Department of Homeland Security.