Accurate positioning, navigation, and timing (PNT) is necessary for the functioning of many critical infrastructure sectors. Precision timing is particularly important and is primarily provided through the Global Positioning System (GPS). However, GPS’ space-based signals are low-power and unencrypted, making them susceptible to both intentional and unintentional disruption.
To address GPS vulnerabilities in critical infrastructure, S&T’s Positioning, Navigation, and Timing (PNT) Program has a multi-pronged approach of conducting vulnerability and impact assessments, developing mitigations, exploring complementary timing technologies, and engaging with industry through outreach events and meetings. Through these sustained efforts, the goal of the program is to increase the resiliency of critical infrastructure to GPS vulnerabilities in the future.
Examples of measures that can be taken to enhance resiliency can be found in the following DHS best practice documents released via the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT):
- Best Practices for Improved Robustness of Time and Frequency Sources in Fixed Locations (PDF, 10 pages, 465.67 KB)
- Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure (PDF, 21 pages, 512 KB)
DHS S&T PNT Publications
DHS S&T has published resources for critical infrastructure and its stakeholders.
- Provides guidance for defining expected behaviors in resilient PNT equipment.
- Facilitates development and adoption of those behaviors through a common framework that enables improved risk management, determination of appropriate mitigations, and decision making by end-users.
- Presents a software assurance approach as a means of addressing potential vulnerabilities and increasing reliability of GPS receivers.
- Utilizes input data validation based on whitelist constraints to minimize the processing of malformed navigation messages entering a GPS receiver.
- Describes, proposes, and recommends technical methods that NIST has already implemented, or can potentially implement, to fulfill Section 4, Part (i) of the PNT Executive Order.
- Provides an overview of how timing systems work and defines some basic terminology and specifications.
- Discusses the regulatory timing requirements and GPS timing dependencies of United States critical infrastructure systems operating in the financial, telecommunications, and electric power sectors.
DHS S&T PNT Software
As part of industry engagement, DHS S&T has published the PNT Integrity Library and Epsilon Algorithm Suite to protect against Global Navigation Satellite System (GNSS) spoofing, or deceiving a GPS device through false signals. These resources advance the design of PNT systems and increase resilience of critical infrastructure to PNT disruptions.
- Intended for GNSS receiver and GNSS-based timing server Original Equipment Manufacturers (OEMs) for use in future development or integration into existing products and platforms.
- Provides spoofing detection capabilities for GNSS-based PNT sources using available receiver PNT solutions and observables and, when possible, other measurements and data available in the antenna / receiver processing chain.
- Provides scalable framework for GNSS-based PNT manipulation detection that offers varying levels of protection based on the available data.
- Allows additional checks to be added as new threats arise due to the modular nature of the application.
- Includes the PNT Integrity Toolkit, which describes how a perspective end-user of the PNT Integrity Library can assemble a demonstrational toolkit with commercial-off-the-shelf (COTS) hardware.
- Detects inconsistencies in position, velocity, and clock observables commonly provided by GPS receivers.
- Enables an end-user to have basic spoofing detection capabilities without any modifications to the existing GPS receiver.
PNT Program Fact Sheet
Resilient PNT for Critical Infrastructure (Fact Sheet)
To learn more about the work DHS S&T is doing to promote resiliency in positioning, navigation, and timing, email GPS4Critical-Infrastructure@hq.dhs.gov.