Positioning, Navigation, and Timing (PNT) is necessary for the functioning of the Nation’s critical infrastructure. Whether for civil, commercial, or military use, nearly all sectors rely on accurate PNT information to provide services. However, the ubiquitous use of the Global Positioning Navigation (GPS) as the primary source of PNT information makes these sectors vulnerable to adversaries seeking to cause harm by disrupting or manipulating the GPS signal.
CISA, through the National Risk Management Center (NRMC), works with government and industry partners to strengthen the security and resiliency of the national PNT ecosystem from the risks of both intentional and unintentional threats.
September 2021: The DHS Science and Technology (S&T) Directorate’s GPS Whitelist Development Guide highlights a software assurance approach as a means of addressing potential vulnerabilities to GPS receivers. This guide emphasizes a cybersecurity-based approach to enhance PNT resilience and can help with the implementation of data-related requirements in the Resilient PNT Conformance Framework. It is specific to navigation device developers seeking to create, implement, and verify GPS whitelists customized to their systems.
- Download/share the GPS Whitelist Development Guide.
June 2021: CISA published the Understanding Vulnerabilities of Positioning, Navigation, and Timing (PNT) fact sheet to provide critical infrastructure owners/operators and equipment manufacturers an overview of critical infrastructure dependencies on PNT services and the need to strengthen the Nation’s security and resilience from the impact of PNT disruptions on critical operations and services.
Positioning, Navigation, and Timing (PNT) is necessary for the functioning of the Nation’s critical infrastructure. Whether for civil, commercial, or military use, nearly all sectors rely on accurate PNT information to provide services. However, the use of the Global Positioning Navigation (GPS) as the primary, and in many cases, the sole source of PNT data makes these sectors vulnerable to the intentional or unintentional disruption of the GPS signal. Complicating matters, advances in technologies have made the ability to broadcast mock GPS signals relatively simple, further placing PNT dependent systems at risk.
One of CISA’s top priorities is understanding how PNT is used across all National Critical Functions (NCFs), and how the functions that are dependent on PNT services can become more secure and resilient. This understanding will inform CISA’s risk reduction efforts, such as the creation of a Conformance Framework for GPS Receivers and supporting the National Institute of Standards and Technology (NIST) as they develop PNT profiles. The conformance framework will establish key parameters for assessing the security and resilience of GPS receivers. Partnering with equipment manufacturers, end users and other federal agencies, DHS will develop a common lexicon that defines security expectations for the industry. These standards will enable end users to better understand PNT receiver capabilities, which in turn enables users to make better informed risk decisions.
As alternate PNT services emerge, DHS will work with industry to understand how their adoption impacts critical infrastructure and the NCFs. Additionally, CISA will continue to lead DHS efforts to work with federal partners and the critical infrastructure community to promote the responsible use of GPS and other PNT sources.
On February 12, 2020, the Executive Order (E.O.) 13905 on Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing (PNT) Services was signed. The goal of the E.O. was to identify and promote the responsible use of PNT services by the Federal Government and critical infrastructure owners and operators.
The E.O. directs the federal government and critical infrastructure owners and operators to take actions to identify and promote the responsible use of PNT services. DHS is well positioned to execute the PNT EO. In 2018, the DHS Secretary signed into action the DHS PNT strategy which synchronizes interagency PNT efforts across the Department to build resilience by enhancing coordination and collaboration within DHS and the private sector.
This E.O. is a major step forward to addressing risk to this capability; focusing not only on more secure sources of PNT, but more secure systems that rely on PNT data.
Read the full E.O.
- Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations
- DHS S&T's GPS Whitelist Development Guide
- DHS Statement on the PNT Executive Order
- Epsilon Algorithm Suite: These algorithms provide end-users basic spoofing detection capabilities (e.g., detecting inconsistencies in position, velocity, and clock observables commonly provided by GPS receivers) without any modifications to the existing GPS receiver.
- Paper on Improving the Operation and Development of GPS Equipment Used by Critical Infrastructure
- PNT Integrity Library: This library provides users a method to verify the integrity of Global Navigation Satellite System (GNSS)-based PNT sources. It provides a scalable framework for GNSS-based PNT manipulation detection that offers varying levels of protection based on the available data.
- Radio Frequency Interference Best Practices Guidebook
- Report on PNT Backup and Complementary Capabilities to the GPS
- Time - The Invisible Utility: two quick reference guides designed for organization leaders (corporate level) and IT professionals and staff (technical level) on the importance of accurate and resilient timing.
- Resilient PNT Conformance Framework
- Time Guidance for Network Operators, Chief Information Officers, and Chief Information Security Officers
- Understanding Vulnerabilities of Positioning, Navigation, and Timing (PNT) fact sheet *new resource
These are voluntary resources regarding the proper use of GPS receivers and security recommendations for systems that use GPS.
Please note: These resources are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide warranties of any kind regarding this information, nor does it endorse any commercial product, service, or subjects of analysis. Any references to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by DHS.
For questions or comments, email NRMC@hq.dhs.gov.