Guidance Will Improve Critical Infrastructure Resilience

“In order to do effective risk management, it’s important to understand your vulnerabilities, your risk posture, and select appropriate mitigations,” says Jim Platt, director of the DHS PNT Program Management Office, housed within the Cybersecurity and Infrastructure Security Agency (CISA). “Combined with the National Institute of Standards and Technology’s PNT Profiles from the PNT Executive Order, the conformance framework will be a valuable risk management tool.”

Outlining important resilience concepts

Industry equipment manufacturers have made great progress in making their PNT systems more resistant to disruptions by adding in capabilities such as spoofing detectors, additional PNT sources, and holdover devices (e.g., atomic clocks and inertial measurement units). While these are all important, resilience also requires considering how a system is structured and how internal components interact. Additionally, the conformance framework views PNT systems more like computers rather than radios and incorporates concepts from cybersecurity practices.

Presidential Policy Directive (PPD)-21 defines resilience as the ability to withstand and rapidly recovery from disruptions. Based on this, “A key concept in the conformance framework is recognition that one-hundred percent perfect security does not exist,” says S&T technical manager Ernest Wong. “Therefore, while it’s important to prevent threats from entering our systems, it’s just as important to understand what happens when systems fail and how to recover from them.” The levels in the framework are cumulative, and this concept of recoverability is foundational to the framework; it is a requirement starting at level 1.

As PNT systems begin to have more PNT sources, each new source is also an additional attack surface. To mitigate these attack surfaces, level 3 of the framework requires isolation between the PNT sources. This is similar to the concept of sandboxing in cybersecurity applications, which prevent errors and exploited vulnerabilities in one application from spilling over into other parts of the system.

There is also a distinction between resilience and performance. In some cases, resilience measures may not result in direct impacts to performance; examples include security measures such as component isolation and sandboxing. In other cases, systems can be structured in ways to allow trading performance for greater resilience.

New PNT Framework in Practice
The conformance framework lays out four levels of resilience to allow flexibility in meeting different user needs. The levels are cumulative, with requirements in each level carrying over into the next. This results in higher levels corresponding with greater resilience.

The framework levels are also designed so that levels 1 and 2 should be feasible in the near-term. This is done by prioritizing the most impactful and easily attainable capabilities. While vulnerabilities may still exist, this will significantly reduce the possible exploitation chains available to attackers and also increases the difficulty for them to achieve their intended effect on target systems. Levels 3 and 4 are expected to involve more architectural changes and are targeted toward the next generation of PNT systems.

The Resilient PNT Conformance Framework is planned for public release in December 2020. A preview of the levels is available in S&T’s presentation (PDF, 8 pgs., 531 KB) at the Civil GPS Service Interface Committee from September 2020.

PNT Is an Ongoing S&T Priority
Over the past few years, S&T’s PNT program has worked to improve resilience against threats and disruptions by engaging with industry, developing mitigation technologies, and publishing best practices.

“The Resilient PNT Conformance Framework is the culmination of our work from the past five years,” said Brannan Villee, S&T PNT program manager. “It will create the foundation for industry to develop resilient PNT standards and ultimately improve critical infrastructure’s ability to prevent, respond, and recover from GPS disruptions.”