Critical infrastructure
News

DHS shifts PNT conformance framework to the IEEE for improved standards development

July 01, 2021
PNT conformance framework

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) transitioned the resilient PNT conformance framework to the Institute of Electrical and Electronics Engineers (IEEE) by way of an approved project, denoted as P1952, to refine the framework into international industry standards.

Positioning, navigation and timing (PNT) have become an invisible, but essential utility, for many critical infrastructure operations. Disruption of, or interference with, these systems have adverse effects on individuals, businesses, and the nation’s economic and national security. 

The P1952 standard specifies technical requirements and expected behaviors for resilient PNT User Equipment (UE). Based on technical requirements, it defines different levels of resilience to enable users to select a level that is appropriate based on their risk tolerance, budget and application criticality. The P1952 standard applies to UE that output PNT solutions, including PNT systems of systems, integrated PNT receivers, and PNT source components, such as Global Navigation Satellite System (GNSS) chipsets.

“The transition of this joint effort between DHS S&T and the Cybersecurity and Infrastructure Security Agency (CISA) National Risk Management Center (NRMC) marks a major milestone for the department and will impact the future design, acquisition, and deployment of resilient PNT systems within our national critical infrastructure,” Kathryn Coulter Mitchell, DHS senior official performing the duties of the undersecretary, S&T Directorate, said in a press statement

PNT services, such as Global Positioning System (GPS), are more than just a navigation tool and identified as ‘invisible utilities’ that enable several applications within critical infrastructure, including the electric grid, telecommunications, agriculture, and port operations. PNT services are a national critical function and, if disrupted or manipulated, have the potential to adversely affect the national and economic security of the U.S.

To address the issue of GPS vulnerabilities within critical infrastructure, DHS S&T and CISA NRMC have worked in collaboration with industry and government stakeholders to develop the resilient PNT conformance framework, which provides a common framework for defining resilient PNT systems and addresses strategic risks to U.S. national critical infrastructure. 

The framework is non-prescriptive, outcome-based, and defines four levels of resilience so that end-users can select a level appropriate for their needs. The common framework will enable critical infrastructure owners and operators to make risk-informed decisions when determining the most appropriate PNT systems to deploy. Relevant to both equipment vendors and critical infrastructure end-users, the framework is applicable to equipment that outputs PNT solutions, including PNT systems of systems, integrated PNT receivers, and PNT source components.

“To address security and resilience, GPS and PNT receivers need to be treated more like computers rather than radios,” said Ernest Wong, S&T Technical Manager. “The refinement of the Resilient PNT Conformance Framework into industry standards will help to ensure future PNT receivers are resilient and designed to withstand and recover from threats.”

“The DHS Conformance Framework was a significant step forward in our efforts to ensure GPS receivers are secure and users can build resilience into their PNT systems,” said Bob Kolasky, CISA’s Assistant Director. “When coupled with the concepts found in the responsible use of PNT Executive Order, we can significantly improve the security and resilience of operations within critical infrastructure that are reliant on PNT services. We look forward to working with IEEE as they develop these formal industry standards.”

The DHS S&T in March set out to increase awareness and security around PNT services with the release of the PNT Integrity Library and Epsilon Algorithm Suite that aims to secure the critical infrastructure sector from GNSS spoofing, a term that describes the deception of a GPS device through false signals.

Earlier in the year, the National Institute of Standards and Technology (NIST) released a cybersecurity guidance framework for PNT services. Organizations can increase their resilience through responsible use of PNT services, as the national and economic security of the U.S. is dependent on the reliable functioning of critical infrastructure.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape