[Federal Register Volume 85, Number 102 (Wednesday, May 27, 2020)]
[Notices]
[Pages 31743-31745]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-11282]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket Number 200429-0124]
Profile of Responsible Use of Positioning, Navigation, and Timing
Services
AGENCY: National Institute of Standards and Technology, U.S. Department
of Commerce.
ACTION: Request for information.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST) is
seeking information about public and private sector use of positioning,
navigation, and timing (PNT) services, and standards, practices, and
technologies used to manage cybersecurity risks, to systems, networks,
and assets dependent on PNT services. Executive Order 13905,
Strengthening National Resilience Through Responsible Use of
Positioning, Navigation, and Timing Services, was issued on February
12, 2020 and seeks to protect the national and economic security of the
United States from disruptions to PNT services that are vital to the
functioning of technology and infrastructure, including the electrical
power grid, communications infrastructure and mobile devices, all modes
of transportation, precision agriculture, weather forecasting, and
emergency response.
Under Executive Order 13905, the Secretary of Commerce, in
coordination with the heads of the Sector Specific Agencies and in
consultation, as appropriate, with the private sector, is directed to
develop and make available, to at least the appropriate agencies and
private sector users, PNT profiles. Responses to this Request for
Information (RFI) will inform NIST's
[[Page 31744]]
development of a PNT profile, using the NIST Framework for Improving
Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework),
that will enable the public and private sectors to identify systems,
networks, and assets dependent on PNT services; identify appropriate
PNT services; detect the disruption and manipulation of PNT services;
and manage the associated cybersecurity risks to the systems, networks,
and assets dependent on PNT services.
DATES: Comments must be received by 5:00 p.m. Eastern time on July 13,
2020. Written comments in response to the RFI should be submitted
according to the instructions in the ADDRESSES and SUPPLEMENTARY
INFORMATION sections below. Submissions received after that date may
not be considered.
ADDRESSES: Comments may be submitted by any of the following methods:
Electronic submission: Submit electronic public comments
via the Federal e-Rulemaking Portal.
1. Go to www.regulations.gov and enter NIST-2020-0002 in the search
field,
2. Click the ``Comment Now!'' icon, complete the required fields,
and
3. Enter or attach your comments.
Email: Comments in electronic form may also be sent to
[email protected] in any of the following formats: HTML; ASCII;
Word; RTF; or PDF.
Please submit comments only and include your name, organization's
name (if any), and cite ``Profile of Responsible Use of PNT Services''
in all correspondence. Comments containing references, studies,
research, and other empirical data that are not widely published should
include copies of the referenced materials.
All submissions, including attachments and other supporting
materials, will become part of the public record and subject to public
disclosure. NIST reserves the right to publish relevant comments
publicly, unedited and in their entirety. All relevant comments
received in response to the RFI will be made publicly available at
https://www.nist.gov/itl/pnt. Personal information, such as account
numbers or Social Security numbers, or names of other individuals,
should not be included. Do not submit confidential business
information, or otherwise sensitive or protected information. Comments
that contain profanity, vulgarity, threats, or other inappropriate
language or content will not be considered.
FOR FURTHER INFORMATION CONTACT: For questions about this RFI contact:
Jim McCarthy, National Institute of Standards and Technology, email
[email protected]. Please direct media inquiries to NIST's Office
of Public Affairs at (301) 975-2762.
SUPPLEMENTARY INFORMATION: As stated in Executive Order 13905,
Strengthening National Resilience Through Responsible Use of
Positioning, Navigation, and Timing Services,\1\ the national and
economic security of the United States depends on the reliable and
efficient functioning of critical infrastructure. Since the United
States made the Global Positioning System available worldwide,
positioning, navigation, and timing (PNT) services provided by space-
based systems have become a largely invisible utility for technology
and infrastructure, including the electrical power grid, communications
infrastructure and mobile devices, all modes of transportation,
precision agriculture, weather forecasting, and emergency response. Due
to the widespread adoption of PNT services, the disruption or
manipulation of these services has the potential to adversely affect
the national and economic security of the United States. To strengthen
national resilience, the Federal Government must foster the responsible
use of PNT services by critical infrastructure owners and operators.
---------------------------------------------------------------------------
\1\ Exec. Order No. 13905, Strengthening National Resilience
Through Responsible Use of Positioning, Navigation, and Timing
Services, 85 FR 9359 (Feb. 18, 2020).
---------------------------------------------------------------------------
Under Executive Order 13905, the Secretary of Commerce, in
coordination with the heads of the Sector Specific Agencies and in
consultation, as appropriate, with the private sector, is directed to
develop and make available, to at least the appropriate agencies and
private sector users, PNT profiles. NIST will leverage the
Cybersecurity Framework \2\ to develop a foundational PNT profile \3\
to help organizations identify systems, networks, and assets dependent
on PNT services; \4\ identify appropriate PNT services; detect the
disruption and manipulation of PNT services; and manage the associated
cybersecurity risks to the systems, networks, and assets dependent on
PNT services. This profile will be developed using an open and
collaborative process involving public and private sector stakeholders
to ensure critical infrastructure owners and operators, government
agencies, and others can inform the responsible use of PNT services and
effectively adopt, refine, and implement the profile.
---------------------------------------------------------------------------
\2\ https://www.nist.gov/cyberframework.
\3\ For the purposes of this RFI, NIST is using the definition
of ``PNT profile'' as defined in Exec. Order No. 13905. ``PNT
profile'' means a description of the responsible use of PNT
services--aligned to standards, guidelines, and sector-specific
requirements--selected for a particular system to address the
potential disruption or manipulation of PNT services.
\4\ For the purposes of this RFI, NIST is using the definition
of ``PNT services'' as defined in Exec. Order No. 13905. ``PNT
services'' means any system, network, or capability that provides a
reference to calculate or augment the calculation of longitude,
latitude, altitude, or transmission of time or frequency data, or
any combination thereof.
---------------------------------------------------------------------------
This RFI outlines the information NIST is seeking from the public
to inform the development of a profile of PNT services that will
strengthen national resilience of U.S. critical infrastructure and
other industries that rely on PNT services.
Request for Information
The following questions cover the major areas about which NIST
seeks comment. They are not intended to limit the topics that may be
addressed. Responses may include any topic believed to have
implications for the development of a PNT profile, regardless of
whether the topic is included in this document.
All relevant responses that comply with the requirements listed in
the DATES and ADDRESSES sections of this RFI will be considered.
When addressing the topics below, commenters may address the
practices of their organization or a group of organizations with which
they are familiar. If desired, commenters may provide information about
the type, size, and location of the organization(s). Provision of such
information is optional and will not affect NIST's full consideration
of the comment.
Comments containing references, studies, research, and other
empirical data that are not widely published should include copies of
the referenced materials. All submissions, including attachments and
other supporting materials, will become part of the public record and
subject to public disclosure. NIST reserves the right to publish
relevant comments publicly, unedited and in their entirety. All
relevant comments received in response to the RFI will be made publicly
available at https://www.nist.gov/itl/pnt. Personal information, such
as account numbers or Social Security numbers, or names of other
individuals, should not be included. Do not submit confidential
business information, or otherwise sensitive or protected information.
Comments that contain profanity, vulgarity, threats, or other
inappropriate language or content will not be considered.
NIST is seeking the following information from PNT technology
[[Page 31745]]
vendors, users of PNT services and other key stakeholders for the
purpose of gathering information to foster the responsible use of PNT
services:
1. Describe any public or private sector need for and/or dependency
on the use of positioning, navigation, and timing, or any combination
of these, services.
2. Identify and describe any impacts to public or private sector
operations if PNT services are disrupted or manipulated.
3. Identify any standards, guidance, industry practices and sector
specific requirements referenced in association with managing public or
private sector cybersecurity risk to PNT services.
4. Identify and describe any processes or procedures employed by
the public or private sector to manage cybersecurity risks to PNT
services.
5. Identify and describe any approaches or technologies employed by
the public or private sector to detect disruption or manipulation of
PNT services.
6. Identify any processes or procedures employed in the public or
private sector to manage the risk that disruption or manipulation to
PNT services pose.
7. Identify and describe any approaches, practices, and/or
technologies used by the public or private sector to recover or respond
to PNT disruptions.
8. Any other comments or suggestions related to the responsible use
of PNT services.
Authority: Exec. Order No. 13905, Strengthening National
Resilience Through Responsible Use of Positioning, Navigation, and
Timing Services, 85 FR 9359 (Feb. 18, 2020).
Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2020-11282 Filed 5-26-20; 8:45 am]
BILLING CODE 3510-13-P