AGENCY:

National Institute of Standards and Technology, U.S. Department of Commerce.

ACTION:

Request for information.

SUMMARY:

The National Institute of Standards and Technology (NIST) is seeking information about public and private sector use of positioning, navigation, and timing (PNT) services, and standards, practices, and technologies used to manage cybersecurity risks, to systems, networks, and assets dependent on PNT services. Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services, was issued on February 12, 2020 and seeks to protect the national and economic security of the United States from disruptions to PNT services that are vital to the functioning of technology and infrastructure, including the electrical power grid, communications infrastructure and mobile devices, all modes of transportation, precision agriculture, weather forecasting, and emergency response.

Under Executive Order 13905, the Secretary of Commerce, in coordination with the heads of the Sector Specific Agencies and in consultation, as appropriate, with the private sector, is directed to develop and make available, to at least the appropriate agencies and private sector users, PNT profiles. Responses to this Request for Information (RFI) will inform NIST's Start Printed Page 31744development of a PNT profile, using the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework), that will enable the public and private sectors to identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated cybersecurity risks to the systems, networks, and assets dependent on PNT services.

DATES:

Comments must be received by 5:00 p.m. Eastern time on July 13, 2020. Written comments in response to the RFI should be submitted according to the instructions in the ADDRESSES and SUPPLEMENTARY INFORMATION sections below. Submissions received after that date may not be considered.

ADDRESSES:

Comments may be submitted by any of the following methods:

• Electronic submission: Submit electronic public comments via the Federal e-Rulemaking Portal.

1. Go to www.regulations.gov and enter NIST-2020-0002 in the search field,

2. Click the “Comment Now!” icon, complete the required fields, and

3. Enter or attach your comments.

• Email: Comments in electronic form may also be sent to pnt-eo@list.nist.gov in any of the following formats: HTML; ASCII; Word; RTF; or PDF.

Please submit comments only and include your name, organization's name (if any), and cite “Profile of Responsible Use of PNT Services” in all correspondence. Comments containing references, studies, research, and other empirical data that are not widely published should include copies of the referenced materials.

All submissions, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. NIST reserves the right to publish relevant comments publicly, unedited and in their entirety. All relevant comments received in response to the RFI will be made publicly available at https://www.nist.gov/​itl/​pnt. Personal information, such as account numbers or Social Security numbers, or names of other individuals, should not be included. Do not submit confidential business information, or otherwise sensitive or protected information. Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not be considered.

FOR FURTHER INFORMATION CONTACT:

For questions about this RFI contact: Jim McCarthy, National Institute of Standards and Technology, email James.McCarthy@nist.gov. Please direct media inquiries to NIST's Office of Public Affairs at (301) 975-2762.

SUPPLEMENTARY INFORMATION:

As stated in Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services,^[1] the national and economic security of the United States depends on the reliable and efficient functioning of critical infrastructure. Since the United States made the Global Positioning System available worldwide, positioning, navigation, and timing (PNT) services provided by space-based systems have become a largely invisible utility for technology and infrastructure, including the electrical power grid, communications infrastructure and mobile devices, all modes of transportation, precision agriculture, weather forecasting, and emergency response. Due to the widespread adoption of PNT services, the disruption or manipulation of these services has the potential to adversely affect the national and economic security of the United States. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.

Under Executive Order 13905, the Secretary of Commerce, in coordination with the heads of the Sector Specific Agencies and in consultation, as appropriate, with the private sector, is directed to develop and make available, to at least the appropriate agencies and private sector users, PNT profiles. NIST will leverage the Cybersecurity Framework ^[2] to develop a foundational PNT profile ^[3] to help organizations identify systems, networks, and assets dependent on PNT services; ^[4] identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated cybersecurity risks to the systems, networks, and assets dependent on PNT services. This profile will be developed using an open and collaborative process involving public and private sector stakeholders to ensure critical infrastructure owners and operators, government agencies, and others can inform the responsible use of PNT services and effectively adopt, refine, and implement the profile.

This RFI outlines the information NIST is seeking from the public to inform the development of a profile of PNT services that will strengthen national resilience of U.S. critical infrastructure and other industries that rely on PNT services.

Request for Information

The following questions cover the major areas about which NIST seeks comment. They are not intended to limit the topics that may be addressed. Responses may include any topic believed to have implications for the development of a PNT profile, regardless of whether the topic is included in this document.

All relevant responses that comply with the requirements listed in the DATES and ADDRESSES sections of this RFI will be considered.

When addressing the topics below, commenters may address the practices of their organization or a group of organizations with which they are familiar. If desired, commenters may provide information about the type, size, and location of the organization(s). Provision of such information is optional and will not affect NIST's full consideration of the comment.

Comments containing references, studies, research, and other empirical data that are not widely published should include copies of the referenced materials. All submissions, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. NIST reserves the right to publish relevant comments publicly, unedited and in their entirety. All relevant comments received in response to the RFI will be made publicly available at https://www.nist.gov/​itl/​pnt. Personal information, such as account numbers or Social Security numbers, or names of other individuals, should not be included. Do not submit confidential business information, or otherwise sensitive or protected information. Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not be considered.

NIST is seeking the following information from PNT technology Start Printed Page 31745vendors, users of PNT services and other key stakeholders for the purpose of gathering information to foster the responsible use of PNT services:

1. Describe any public or private sector need for and/or dependency on the use of positioning, navigation, and timing, or any combination of these, services.

2. Identify and describe any impacts to public or private sector operations if PNT services are disrupted or manipulated.

3. Identify any standards, guidance, industry practices and sector specific requirements referenced in association with managing public or private sector cybersecurity risk to PNT services.

4. Identify and describe any processes or procedures employed by the public or private sector to manage cybersecurity risks to PNT services.

5. Identify and describe any approaches or technologies employed by the public or private sector to detect disruption or manipulation of PNT services.

6. Identify any processes or procedures employed in the public or private sector to manage the risk that disruption or manipulation to PNT services pose.

7. Identify and describe any approaches, practices, and/or technologies used by the public or private sector to recover or respond to PNT disruptions.

8. Any other comments or suggestions related to the responsible use of PNT services.

Authority: Exec. Order No. 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services, 85 FR 9359 (Feb. 18, 2020).

Footnotes