The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) transitioned the resilient PNT conformance framework to the Institute of Electrical and Electronics Engineers (IEEE) by way of an approved project, denoted as P1952, to refine the framework into international industry standards.
Positioning, navigation and timing (PNT) have become an invisible, but essential utility, for many critical infrastructure operations. Disruption of, or interference with, these systems have adverse effects on individuals, businesses, and the nation’s economic and national security.
The P1952 standard specifies technical requirements and expected behaviors for resilient PNT User Equipment (UE). Based on technical requirements, it defines different levels of resilience to enable users to select a level that is appropriate based on their risk tolerance, budget and application criticality. The P1952 standard applies to UE that output PNT solutions, including PNT systems of systems, integrated PNT receivers, and PNT source components, such as Global Navigation Satellite System (GNSS) chipsets.
“The transition of this joint effort between DHS S&T and the Cybersecurity and Infrastructure Security Agency (CISA) National Risk Management Center (NRMC) marks a major milestone for the department and will impact the future design, acquisition, and deployment of resilient PNT systems within our national critical infrastructure,” Kathryn Coulter Mitchell, DHS senior official performing the duties of the undersecretary, S&T Directorate, said in a press statement.
PNT services, such as Global Positioning System (GPS), are more than just a navigation tool and identified as ‘invisible utilities’ that enable several applications within critical infrastructure, including the electric grid, telecommunications, agriculture, and port operations. PNT services are a national critical function and, if disrupted or manipulated, have the potential to adversely affect the national and economic security of the U.S.
To address the issue of GPS vulnerabilities within critical infrastructure, DHS S&T and CISA NRMC have worked in collaboration with industry and government stakeholders to develop the resilient PNT conformance framework, which provides a common framework for defining resilient PNT systems and addresses strategic risks to U.S. national critical infrastructure.
The framework is non-prescriptive, outcome-based, and defines four levels of resilience so that end-users can select a level appropriate for their needs. The common framework will enable critical infrastructure owners and operators to make risk-informed decisions when determining the most appropriate PNT systems to deploy. Relevant to both equipment vendors and critical infrastructure end-users, the framework is applicable to equipment that outputs PNT solutions, including PNT systems of systems, integrated PNT receivers, and PNT source components.
“To address security and resilience, GPS and PNT receivers need to be treated more like computers rather than radios,” said Ernest Wong, S&T Technical Manager. “The refinement of the Resilient PNT Conformance Framework into industry standards will help to ensure future PNT receivers are resilient and designed to withstand and recover from threats.”
“The DHS Conformance Framework was a significant step forward in our efforts to ensure GPS receivers are secure and users can build resilience into their PNT systems,” said Bob Kolasky, CISA’s Assistant Director. “When coupled with the concepts found in the responsible use of PNT Executive Order, we can significantly improve the security and resilience of operations within critical infrastructure that are reliant on PNT services. We look forward to working with IEEE as they develop these formal industry standards.”
The DHS S&T in March set out to increase awareness and security around PNT services with the release of the PNT Integrity Library and Epsilon Algorithm Suite that aims to secure the critical infrastructure sector from GNSS spoofing, a term that describes the deception of a GPS device through false signals.
Earlier in the year, the National Institute of Standards and Technology (NIST) released a cybersecurity guidance framework for PNT services. Organizations can increase their resilience through responsible use of PNT services, as the national and economic security of the U.S. is dependent on the reliable functioning of critical infrastructure.