NIST Releases Draft Cybersecurity Guidance, Develops GPS-Free Backup for Timing Systems

A city in daylight represents systems that the profile covers, such as our energy, transportation and finance infrastructure. Nearby, in darkness, a dish antenna broadcasting a signal to several satellites represents what lies beyond the scope of the profile, including ground or space based source signal generators and providers.

B. Hayes/NIST

NIST’s new cybersecurity profile is designed to help mitigate risks to systems that use positioning, navigation and timing (PNT) data, including systems that underpin modern finance, transportation, energy and other critical infrastructure. While its scope does not include ground- or space-based PNT source signal generators and providers (such as satellites), the profile still covers a wide swath of technologies.

Taking another step toward strengthening the nation’s critical infrastructure, the National Institute of Standards and Technology (NIST) has drafted guidelines for applying its Cybersecurity Framework to critical technologies such as the Global Positioning System (GPS) that use positioning, navigation and timing (PNT) data. Part of a larger NIST effort to implement a recent Executive Order to safeguard systems that rely on PNT data, these cybersecurity guidelines accompany recent NIST efforts to provide and test a resilient timekeeping signal that is independent of GPS.

Formally titled the Cybersecurity Profile for the Responsible Use of Positioning, Navigation and Timing (PNT) Services (NISTIR 8323), the new guidelines are designed to help mitigate cybersecurity risks that endanger systems important to national and economic security, including those that underpin modern finance, transportation, energy and additional economic sectors. The agency is requesting public comment on the draft by Nov. 23, 2020.

The draft profile is part of NIST’s response to the Feb. 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. Earlier this year, NIST sought public input regarding the general use of PNT data.

/Public Release. The material in this public release comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.