JUST RELEASED! Draft NIST IR 8323 Revision 1 | Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of PNT Services. NIST is seeking comments on the changes made in this Revision; the public comment period for this publication is open through August 12, 2022.
View the publication HERE and submit your comments via email to: pnt-eo [at] list.nist.gov.
About the Profile
The PNT cybersecurity profile is part of NIST’s response to the February 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. The order notes that “the widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.”
NIST has developed this PNT cybersecurity profile to help organizations identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated risks to the systems, networks, and assets dependent on PNT services. This profile will help organizations make deliberate, risk-informed decisions on their use of PNT services. In addition, reference the PNT Quick Guide for a high-level overview of the project.
If you have any questions, please contact NIST at pnt-eo [at] list.nist.gov.
Today, much of our Positioning, Navigation, and Timing (PNT) needs are met by GPS. Precision time signals sent through GPS synchronize cellphone calls, time-stamp financial transactions, and support safe travel by aircraft, ship, train and car. But GPS transmissions can be disrupted unintentionally by radio interference or the weather in space, and they could be interrupted intentionally.
On Feb. 12, 2020, President Trump signed the Executive Order on Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services. The order seeks to ensure that the nation’s critical infrastructure, such as the energy, financial and transportation sectors, are resilient to disruptions in GPS or other sources of PNT, including time signals sent over the internet .
The Executive Order directs the Department of Commerce and other agencies to work with the private sector to identify and promote responsible methods of using PNT services that appropriately manage risks.
NIST will provide guidance in the form of “profiles” to help organizations make deliberate, risk-informed decisions on their use of PNT services and will offer a time service over optical fiber lines as an alternate source of precision time.
On February 11th, 2021 NIST released; NISTIR 8323 - Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services to help organizations identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated risks to the systems, networks, and assets dependent on PNT services. This profile was developed using an open and collaborative process involving public and private sector stakeholders to ensure critical infrastructure owners and operators, government agencies, and others can inform the responsible use of PNT services and effectively adopt, refine, and implement the profile.
For decades, NIST has offered time services at various levels of accuracy to meet a broad range of customer needs. For example, NIST’s Internet Time Service, which receives 40 billion hits per day, provides time independent of GPS with an accuracy to about 1 millisecond — adequate for many computer networks but much less stringent than some customers require.
To meet the higher requirements of some industries and to support resilient PNT, NIST has launched a special calibration service for companies, utilities or other organizations that wish to receive or disseminate U.S. civilian standard time through commercial fiber-optic cable. The service will use commercial telecommunications networks to distribute NIST’s realization of the global time standard, Coordinated Universal Time [UTC(NIST)], independently of GPS. NIST’s fiber-optic service aims to be 1,000 times more accurate than its Internet Time Service.