Positioning, Navigation, and Timing (PNT) is necessary for the functioning of the Nation’s critical infrastructure. Whether for civil, commercial, or military use, nearly all sectors rely on accurate PNT information to provide services. However, the ubiquitous use of the Global Positioning Navigation (GPS) as the primary source of PNT information makes these sectors vulnerable to adversaries seeking to cause harm by disrupting or manipulating the GPS signal.
CISA, through the National Risk Management Center (NRMC), works with government and industry partners to strengthen the security and resiliency of the national PNT ecosystem from the risks of both intentional and unintentional threats.
- On May 27, the National Institute of Standards and Technology (NIST) and the Department of Commerce published a Request for Information (RFI) in the Federal Register on Profile of Responsible Use of Positioning, Navigation, and Timing Services. The notice is seeking information about public and private sector use of PNT services, and standards, practices, and technologies used to manage cybersecurity risks, to systems, networks, and assets dependent on PNT services. The comments period closes July 13th at 5PM. To read the RFI or to submit a comment, visit: www.federalregister.gov/d/2020-11282.
- On May 14, NIST published a Federal Register Notice announcing the Information Security and Privacy Advisory Board (ISPAB) virtual meeting to be held on June 24-25. Topics include: telework cybersecurity, the Executive Order 13905 on PNT, and product testing and conformance issues. Registration is due June 22. For more information or to submit a comment, visit: https://csrc.nist.gov/Events/2020/ispab-june-meeting.
- CISA is pleased to announce the publication of the Report on PNT Backup and Complementary Capabilities to the GPS. Prepared in coordination with the Department of Transportation (DOT) and other Departments/Agencies, this report analyzes the GPS applications used by critical infrastructure and provides recommendations to increase the resilience of U.S. critical infrastructure to disruption of GPS services.
On a daily basis, Americans depend on Positioning, Navigation, and Timing services ranging from smartphone applications to critical infrastructure systems like power grids. As one of 55 National Critical Functions (NCFs); the disruption, corruption, or dysfunction of a capability such as PNT, would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
Currently, the Global Positioning System (GPS) is the primary source of PNT information and serves as a global utility. However, the ubiquitous use of GPS means that risks of interference, jamming, spoofing and other threats in one critical infrastructure sector may have cascading impacts across other sectors and to millions of users. Compounding this issue is the overdependence on GPS as a single source of PNT. Over the past four decades, GPS-dependent devices have grown significantly. Adversaries seeking to do harm may exploit GPS signals for their benefit by denying or manipulating PNT data to disrupt the critical functions upon which our society has come to rely.
One of CISA’s top priorities is understanding how PNT is used across all NCFs and how the functions can become more secure and resilient. This understanding will help inform CISA’s risk reduction efforts, such as the creation of a Conformance Framework for GPS Receivers. The conformance framework will establish key operating parameters for more secure GPS receivers. Partnering with equipment manufacturers, end users and other federal agencies, DHS will develop a common lexicon and standards that define security expectations for the industry. These standards will enable end users to better understand systems capabilities which in turn enables users to make more informed risk decisions.
As technologies emerge, it is important to secure infrastructure vital to national security, commercial industry and our everyday lives. CISA is working with federal partners and the critical infrastructure community to promote the responsible use of GPS and other PNT sources
On February 12, 2020, the Executive Order (E.O.) 13905 on Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing (PNT) Services was signed. The goal of the E.O. was to identify and promote the responsible use of PNT services by the Federal Government and critical infrastructure owners and operators.
The E.O. directs the federal government and critical infrastructure owners and operators to take actions to identify and promote the responsible use of PNT services. DHS is well positioned to execute the PNT EO. In 2018, the DHS Secretary signed into action the DHS PNT strategy which synchronizes interagency PNT efforts across the Department to build resilience by enhancing coordination and collaboration within DHS and the private sector.
This E.O. is a major step forward to addressing risk to this capability; focusing not only on more secure sources of PNT, but more secure systems that rely on PNT data.
Read the full E.O.
- Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations
- DHS Statement on the PNT Executive Order
- Paper on Improving the Operation and Development of GPS Equipment Used by Critical Infrastructure
- Report on PNT Backup and Complementary Capabilities to the GPS
- Time - The Invisible Unity: two quick reference guides designed for organization leaders (corporate level) and IT professionals and staff (technical level) on the importance of accurate and resilient timing.
These are voluntary resources regarding the proper use of GPS receivers and security recommendations for systems that use GPS.
Please note: These resources are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide warranties of any kind regarding this information, nor does it endorse any commercial product, service, or subjects of analysis. Any references to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by DHS.
- DoD's Performance Standards and Specifications for GPS and related systems
- National Institute of Standards and Technologies (NIST) Tests for Time/Frequency Measurement Analysis
For questions or comments, email NRMC@hq.dhs.gov.