DHS S&T to Release Resilient PNT Framework for Critical Infrastructure
Wednesday, November 11, 2020 | Comments

It is easy to understand the importance of our critical infrastructure, such as telecommunications, energy, transportation and emergency services, but what’s often overlooked are the underlying technologies that enable them. One such technology is position, navigation and timing (PNT) services, a national critical function powering many of the critical infrastructure sectors that enable modern society.

PNT is primarily provided through GPS and other global navigation satellite systems (GNSS). PNT is not just used for navigation. It also provides precision timing information that enables critical functions within telecommunications networks and the power grid. However, these PNT services are susceptible to interference such as GPS jamming and spoofing, which pose a risk to critical infrastructure. What was once an emerging risk is quickly becoming a pressing issue, with industry reporting a growing trend of prominent PNT disruption events around the world in the past two years. As the technological barriers to conducting these activities continue to fall, it becomes even more important to ensure critical infrastructure is resilient to PNT disruptions.

One of the key activities for addressing this at the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is the Resilient PNT Conformance Framework, which is planned for public release by the end of the year. The conformance framework was developed with input from industry stakeholders and is focused on outcome-based behaviors of resilience to encourage industry innovation and creativity in technical solutions. Industry has made significant progress in improving PNT equipment with some manufacturers citing the DHS Best Practices for GPS.

The conformance framework is the next step forward and provides a common reference point defining what to expect from resilient PNT equipment. This will help critical infrastructure owners and operators make risk-informed decisions when deciding what PNT equipment to deploy. It provides distinct levels of resilience, so end users can choose equipment that’s appropriate for their needs, based on criticality and risk tolerance.

The conformance framework also will be able to complement federal activities required under Executive Order 13905, “Strengthening National Resilience through Responsible Use of PNT Services,” which was signed in February 2020.

“In order to do effective risk management, it’s important to understand your vulnerabilities, your risk posture and select appropriate mitigations,” said Jim Platt, director of the DHS PNT Program Management Office, housed within the Cybersecurity and Infrastructure Security Agency (CISA). “Combined with the National Institute of Standards and Technology’s PNT Profiles from the PNT Executive Order, the conformance framework will be a valuable risk management tool.”

Industry equipment manufacturers have made great progress in making their PNT systems more resistant to disruptions by adding in capabilities such as spoofing detectors, additional PNT sources and holdover devices such as atomic clocks and inertial measurement units. While these are all important, resilience also requires considering how a system is structured and how internal components interact. Additionally, the conformance framework views PNT systems more like computers rather than radios and incorporates concepts from cybersecurity practices.

Presidential Policy Directive (PPD)-21 defines resilience as the ability to withstand and rapidly recovery from disruptions.

“A key concept in the conformance framework is recognition that one-hundred percent perfect security does not exist,” said S&T Technical Manager Ernest Wong. “Therefore, while it’s important to prevent threats from entering our systems, it’s just as important to understand what happens when systems fail and how to recover from them.”

The levels in the framework are cumulative, and this concept of recoverability is foundational to the framework; it is a requirement starting at level 1. As PNT systems begin to have more PNT sources, each new source is also an additional attack surface. To mitigate these attack surfaces, level 3 of the framework requires isolation between the PNT sources. This is similar to the concept of sandboxing in cybersecurity applications, which prevent errors and exploited vulnerabilities in one application from spilling over into other parts of the system.

There is also a distinction between resilience and performance. In some cases, resilience measures may not result in direct impacts to performance. Examples include security measures such as component isolation and sandboxing. In other cases, systems can be structured in ways to allow trading performance for greater resilience.

The conformance framework lays out four levels of resilience to allow flexibility in meeting different user needs. The levels are cumulative, with requirements in each level carrying over into the next. This results in higher levels corresponding with greater resilience.

The framework levels are also designed so that levels 1 and 2 should be feasible in the near-term. This is done by prioritizing the most impactful and easily attainable capabilities. While vulnerabilities may still exist, this will significantly reduce the possible exploitation chains available to attackers and also increases the difficulty for them to achieve their intended effect on target systems. Levels 3 and 4 are expected to involve more architectural changes and are targeted toward the next generation of PNT systems.

The Resilient PNT Conformance Framework is planned for public release in December 2020. Find a preview of the levels from an S&T presentation at the Civil GPS Service Interface Committee from September 2020 here.

Over the past few years, S&T’s PNT program has worked to improve resilience against threats and disruptions by engaging with industry, developing mitigation technologies and publishing best practices.

“The Resilient PNT Conformance Framework is the culmination of our work from the past five years,” said Brannan Villee, S&T PNT program manager. “It will create the foundation for industry to develop resilient PNT standards and ultimately improve critical infrastructure’s ability to prevent, respond, and recover from GPS disruptions.”

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


September 2022

27 - 27
WEBINAR: How to Keep Communities Safer with Connected Mobile Solutions


November 2022

8 - 10
Communications Marketing Conference (CMC)
Albuquerque, New Mexico

15 - 16
Wireless Leadership Summit (WLS)
Tucson, Arizona

March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas

More Events >

Site Navigation