Earlier this month, the National Institute for Standards and Technology (NIST) released an important framework document which sets the stage for implementation of Executive Order 13905 across the Federal government.
By mandating the creation of “PNT profiles”, EO 13905 is designed to set Federal standards for security and performance of Position, Navigation and Timing systems in specific operational use cases. These security and performance standards will then be used to build future GPS alternative systems which will meet the needs of both industry and government, informing future procurement and policy decisions.
While the NIST document (NISTIR 8323) is not a PNT profile itself, it will certainly influence the way that future PNT profiles are created. It essentially creates a bridge between the NIST Cybersecurity Framework and forthcoming guidance on how PNT systems should be deployed.
The “framework profile” (as NIST calls it) acts as a checklist for end users of PNT services. The checklist is divided into five sections, which align with high level themes in the Cybersecurity Framework: identify, detect, protect, respond, recover. In each section, NIST offers a series of factors for users of PNT services to consider to minimize security risk.
In the forthcoming PNT profiles, NIST is expected to map industry-specific use cases onto this broader framework. This is expected to produce tactical steps which end users in the government and private industry can use to design, purchase, and build secure PNT systems.
Implementing the NIST foundational profile with NextNav TerraPoiNT
Implementing the NIST foundational profile with NextNav TerraPoiNT
Here at NextNav, we’re already looking at how to operationalize the latest NIST guidance through our TerraPoiNT solution. In many cases, this foundational profile affirms our approach to security and resilience.
Here’s an example. On page 82, NIST recommends “mitigation strategies such as PNT source and data path redundancy, diversity, and segmentation to minimize the impacts of PNT disruption or manipulation.” One of the options listed to achieve this end is a Terrestrial Beacon System (TBS) as specified in the 3GPP TS 36.305. This includes support for NextNav’s own Metropolitan Beacon System technology, which we call TerraPoiNT.
The framework also recommends PNT systems that employ authentication and encryption of PNT data to preserve integrity and resist GPS spoofing. The TerraPoiNT system supports the use of an encrypted signal in line with the recommendations of this framework.
The guidelines suggest that end users consider PNT service providers which leverage hardened signals along with redundant and fused PNT sources as part of their overall solution design. NextNav’s TerraPoiNT offers all of these elements, helping PNT service providers meet NIST’s recommendations.
Like many in the industry, we’re eagerly awaiting the next phase of this journey: the tactical PNT profiles which will outline use case-driven steps for both industry and government to consider as they build the next generation of PNT solutions. NextNav will continue to work closely with the standards community and our industry partners, aiming for the most secure, resilient solutions.