N I S T P N T P R O F IL E : A Q U I C K G U ID E Identify systems dependent on PNT Identify appropriate PNT sources Detect disturbances and manipulation of PNT services Manage the risk to these systems How can my organization use it? Organizations can apply this Foundational Profile to their own unique missions, business environments, and technologies to create or refine a security program that will include the responsible use of PNT services. The PNT Profile was created by applying the NIST Cybersecurity Framework (CSF) to help organizations: What is it? The NIST Foundational PNT Profile ( NISTIR 8323) is a voluntary tool that can help your organization increase its resilience through responsible use of PNT services as described in Executive Order (EO) 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation and Timing Services. What is Responsible Use? The responsible use of PNT services is defined as the deliberate, risk- informed use of PNT services, including their acquisition, integration, and deployment, such that disruption or manipulation of PNT services minimally affects national security, the economy, public health, and the critical functions of the Federal Government. Getting Started with the NIST Foundational Positioning, Navigation and Timing (PNT) Profile The following five key considerations are consistently seen in the PNT profile document and merit strong attention: Consider incorporating alternate PNT sources into the business architecture and ensure the ability to fail over to these systems in the event of a disruption. Consider performing activities to discover all devices to include PNT services and those hosts that use PNT services. The use of PNT data may not be obvious. Consider implementing procedures to detect PNT data manipulation, disruption or other relevant cybersecurity events. Comparison of multiple complementary sources and communication paths for position, navigation, or time may enable the detection of manipulation of PNT services. Consider developing policies, procedures, and plans to respond to a disruption or manipulation of PNT services. Consider developing recovery plans to restore systems affected by a PNT service disruption or manipulation to a proper working state.
Transcript
NIST PNT PROF ILE : A QUICK GUIDE
Identify systems dependent on PNT Identify appropriate PNT sources Detect disturbances and manipulation of PNT services Manage the risk to these systems
How can my organization use it?
Organizations can apply this Foundational Profile to their own uniquemissions, business environments, and technologies to create or refine asecurity program that will include the responsible use of PNT services. ThePNT Profile was created by applying the NIST Cybersecurity Framework (CSF)to help organizations:
What is it?
The NIST Foundational PNT Profile (NISTIR 8323) is a voluntary tool that canhelp your organization increase its resilience through responsible use of PNTservices as described in Executive Order (EO) 13905, Strengthening NationalResilience Through Responsible Use of Positioning, Navigation and TimingServices.
What is Responsible Use?
The responsible use of PNT services is defined as the deliberate, risk-informed use of PNT services, including their acquisition, integration, anddeployment, such that disruption or manipulation of PNT services minimallyaffects national security, the economy, public health, and the critical functionsof the Federal Government.
G e t t i n g S t a r t e d w i t h t h eN I S T F o u n d a t i o n a l P o s i t i o n i n g ,
N a v i g a t i o n a n d T i m i n g ( P N T ) P r o f i l e
The following five key considerations are consistently seen in the PNT profile document and merit strong attention:
Consider incorporating alternate PNT sources into the business architecture and ensurethe ability to fail over to these systems in the event of a disruption.
Consider performing activities to discover all devices to include PNT services and thosehosts that use PNT services. The use of PNT data may not be obvious.
Consider implementing procedures to detect PNT data manipulation, disruption or otherrelevant cybersecurity events. Comparison of multiple complementary sources andcommunication paths for position, navigation, or time may enable the detection ofmanipulation of PNT services.
Consider developing policies, procedures, and plans to respond to a disruption ormanipulation of PNT services.
Consider developing recovery plans to restore systems affected by a PNT servicedisruption or manipulation to a proper working state.
N I S T P N T P R O F I L E : A Q U I C K G U I D E
P A G E 2
Applying the Cybersecurity Framework (CSF) to PNT Services
The Cybersecurity Framework (CSF) provides prioritized, flexible, risk-based, andvoluntary guidance, based on existing standards, guidelines, and practices, to helporganizations better understand, manage, and communicate cybersecurity risks.The CSF is organized by five high-level functions: Identify, Protect, Detect, Respond,and Recover. These functions provide the basis to develop guidance oncybersecurity risk management as applied to PNT services.
Identify all assets, includingapplications dependent on PNTdata
Identify sources andinfrastructure that provide PNTinformation
Identify the vulnerabilities,threats, and impact should thethreat be realized to assess therisk
IDEN
TIFY
Identify the business/operationalenvironment and organization’spurpose
The Identify Function provides keyelements which should be givenstrong consideration in this analysis.Consideration of the threatenvironment and the organization’spurpose, assets, and vulnerabilitieswill have a significant influence onthe overall risk.
Objectives include:
Protect the systems forming,transmitting, and using PNT datato support the needed level ofintegrity, availability andconfidentiality based onapplication needs
Protect the deployment and useof PNT services throughadherence to cybersecurityprinciples, includingunderstanding the baseline characteristics and application
The Protect Function includes thedevelopment, implementation, andverification measures to prevent lossof functionality in the case of PNTdisruption or manipulation.
Objectives include:
PROTECT Protect users and applications
dependent on PNT data, shoulda threat be realized, by enablingusers and applications tomaintain a sufficient level ofoperations through verifiedresponse and recovery plans
Protect organizations relying onPNT services and data withrespect to business andoperational needs
tolerances of the PNT sources,data, and any contextualinformation, providing sufficientresources, managing thesystems development life cycle,as well as deploying neededtraining, authorizations, andaccess control
The Detect Function addresses thedevelopment and deployment of theappropriate activities to monitor foranomalous events and notifydownstream users and applications.
Enabling detection throughmonitoring and consistencychecking
Establishing a process fordeploying and handling detectedanomalies and events
Objectives include:
DETECT
Contain PNT events using averified response procedure
The Respond Function addressesthe development andimplementation of the appropriateactivities to respond to a detectedcybersecurity (and/or anomalous)event. The activities in the RespondFunction support the ability tocontain the impacts of a potentialcybersecurity or anomalous event.
Objectives include:
Communicate to PNT data users,applications, and stakeholdersthe occurrence and impact ofthe event on PNT data
Develop processes to respond toand mitigate new known oranticipated threats and/orvulnerabilities
Evolve response strategies andplans based on lessons learned
Applying the Cybersecurity Framework (CSF) to PNT Services
CONTINUED
The Recover Function develops andimplements the appropriateactivities to maintain plans forresilience and restore anycapabilities or services that wereimpaired due to a cybersecurityevent. The activities in the RecoverFunction support timely recovery tonormal operations and return theorganization to its proper workingstate after a disruption ormanipulation to PNT services hasoccurred.
Bringing it all together.
The PNT Profile categories provide the information your organization needsto undertake the process of managing risks against potential disruption andmanipulation of the PNT services, including networks and components thattransmit or use PNT data. Specifically, the “Applicability to PNT” column inSection 4 of the PNT Profile contains the intended outcomes of responsiblePNT use. Mitigation measures are provided in the reference column to aideach subcategory implementation.
N I S T P N T P R O F I L E : A Q U I C K G U I D E
P A G E 3
Restore systems dependentupon PNT services to properworking state using a verifiedrecovery procedure
Communicate to PNT data users,applications, and stakeholdersthe recovery activities and statusof the PNT services
Evolve recovery strategies andplans based on lessons learned
