Channel partners, Content

NIST Draft Guidelines: Cybersecurity Framework Meets GPS Tech

Credit: National Institute of Technology and Standards

The National Institute of Standards and Technology (NIST) has created guidelines to help organizations apply its Cybersecurity Framework to GPS systems and other technologies that use positioning, navigation and timing (PNT) data, according to a prepared statement. NIST's Cybersecurity Framework consists of standards, guidelines and best practices that can help organizations manage cyber risks.

The new guidelines can help organizations mitigate cyber risks that endanger modern finance, transportation, energy and other economic systems important to national security, NIST noted. Organizations can use the guidelines to:

  • Identify systems that use PNT data and/or propagate this data based on a source signal
  • Identify GPS signals and other PNT data sources
  • Identify disruptions or manipulations of systems that use PNT services
  • Manage risks associated with responsible use of PNT services

NIST is requesting comments on the new guidelines no later than Nov. 23, 2020. Meanwhile, the guidelines come after an Executive Order was implemented in February designed to safeguard systems that rely on PNT data against cyberattacks.

What Are PNT Services?

PNT services refer to any systems, networks or capabilities that enable an organization to calculate or augment the calculation of longitude, latitude, altitude or transmission of time or frequency data, according to the February Executive Order. They are commonly used for technology and infrastructure applications, including the electrical power grid, communications infrastructure and mobile devices, transportation, precision agriculture, weather forecasting and emergency response.

Billions of devices around the world leverage PNT services, NIST indicated. As such, organizations must understand the risks associated with these services to ensure they can properly secure any associated devices.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.