[Federal Register Volume 85, Number 102 (Wednesday, May 27, 2020)]
[Notices]
[Pages 31743-31745]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-11282]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket Number 200429-0124]


Profile of Responsible Use of Positioning, Navigation, and Timing 
Services

AGENCY: National Institute of Standards and Technology, U.S. Department 
of Commerce.

ACTION: Request for information.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) is 
seeking information about public and private sector use of positioning, 
navigation, and timing (PNT) services, and standards, practices, and 
technologies used to manage cybersecurity risks, to systems, networks, 
and assets dependent on PNT services. Executive Order 13905, 
Strengthening National Resilience Through Responsible Use of 
Positioning, Navigation, and Timing Services, was issued on February 
12, 2020 and seeks to protect the national and economic security of the 
United States from disruptions to PNT services that are vital to the 
functioning of technology and infrastructure, including the electrical 
power grid, communications infrastructure and mobile devices, all modes 
of transportation, precision agriculture, weather forecasting, and 
emergency response.
    Under Executive Order 13905, the Secretary of Commerce, in 
coordination with the heads of the Sector Specific Agencies and in 
consultation, as appropriate, with the private sector, is directed to 
develop and make available, to at least the appropriate agencies and 
private sector users, PNT profiles. Responses to this Request for 
Information (RFI) will inform NIST's

[[Page 31744]]

development of a PNT profile, using the NIST Framework for Improving 
Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework), 
that will enable the public and private sectors to identify systems, 
networks, and assets dependent on PNT services; identify appropriate 
PNT services; detect the disruption and manipulation of PNT services; 
and manage the associated cybersecurity risks to the systems, networks, 
and assets dependent on PNT services.

DATES: Comments must be received by 5:00 p.m. Eastern time on July 13, 
2020. Written comments in response to the RFI should be submitted 
according to the instructions in the ADDRESSES and SUPPLEMENTARY 
INFORMATION sections below. Submissions received after that date may 
not be considered.

ADDRESSES: Comments may be submitted by any of the following methods:
     Electronic submission: Submit electronic public comments 
via the Federal e-Rulemaking Portal.
    1. Go to www.regulations.gov and enter NIST-2020-0002 in the search 
field,
    2. Click the ``Comment Now!'' icon, complete the required fields, 
and
    3. Enter or attach your comments.
     Email: Comments in electronic form may also be sent to 
[email protected] in any of the following formats: HTML; ASCII; 
Word; RTF; or PDF.
    Please submit comments only and include your name, organization's 
name (if any), and cite ``Profile of Responsible Use of PNT Services'' 
in all correspondence. Comments containing references, studies, 
research, and other empirical data that are not widely published should 
include copies of the referenced materials.
    All submissions, including attachments and other supporting 
materials, will become part of the public record and subject to public 
disclosure. NIST reserves the right to publish relevant comments 
publicly, unedited and in their entirety. All relevant comments 
received in response to the RFI will be made publicly available at 
https://www.nist.gov/itl/pnt. Personal information, such as account 
numbers or Social Security numbers, or names of other individuals, 
should not be included. Do not submit confidential business 
information, or otherwise sensitive or protected information. Comments 
that contain profanity, vulgarity, threats, or other inappropriate 
language or content will not be considered.

FOR FURTHER INFORMATION CONTACT: For questions about this RFI contact: 
Jim McCarthy, National Institute of Standards and Technology, email 
[email protected]. Please direct media inquiries to NIST's Office 
of Public Affairs at (301) 975-2762.

SUPPLEMENTARY INFORMATION: As stated in Executive Order 13905, 
Strengthening National Resilience Through Responsible Use of 
Positioning, Navigation, and Timing Services,\1\ the national and 
economic security of the United States depends on the reliable and 
efficient functioning of critical infrastructure. Since the United 
States made the Global Positioning System available worldwide, 
positioning, navigation, and timing (PNT) services provided by space-
based systems have become a largely invisible utility for technology 
and infrastructure, including the electrical power grid, communications 
infrastructure and mobile devices, all modes of transportation, 
precision agriculture, weather forecasting, and emergency response. Due 
to the widespread adoption of PNT services, the disruption or 
manipulation of these services has the potential to adversely affect 
the national and economic security of the United States. To strengthen 
national resilience, the Federal Government must foster the responsible 
use of PNT services by critical infrastructure owners and operators.
---------------------------------------------------------------------------

    \1\ Exec. Order No. 13905, Strengthening National Resilience 
Through Responsible Use of Positioning, Navigation, and Timing 
Services, 85 FR 9359 (Feb. 18, 2020).
---------------------------------------------------------------------------

    Under Executive Order 13905, the Secretary of Commerce, in 
coordination with the heads of the Sector Specific Agencies and in 
consultation, as appropriate, with the private sector, is directed to 
develop and make available, to at least the appropriate agencies and 
private sector users, PNT profiles. NIST will leverage the 
Cybersecurity Framework \2\ to develop a foundational PNT profile \3\ 
to help organizations identify systems, networks, and assets dependent 
on PNT services; \4\ identify appropriate PNT services; detect the 
disruption and manipulation of PNT services; and manage the associated 
cybersecurity risks to the systems, networks, and assets dependent on 
PNT services. This profile will be developed using an open and 
collaborative process involving public and private sector stakeholders 
to ensure critical infrastructure owners and operators, government 
agencies, and others can inform the responsible use of PNT services and 
effectively adopt, refine, and implement the profile.
---------------------------------------------------------------------------

    \2\ https://www.nist.gov/cyberframework.
    \3\ For the purposes of this RFI, NIST is using the definition 
of ``PNT profile'' as defined in Exec. Order No. 13905. ``PNT 
profile'' means a description of the responsible use of PNT 
services--aligned to standards, guidelines, and sector-specific 
requirements--selected for a particular system to address the 
potential disruption or manipulation of PNT services.
    \4\ For the purposes of this RFI, NIST is using the definition 
of ``PNT services'' as defined in Exec. Order No. 13905. ``PNT 
services'' means any system, network, or capability that provides a 
reference to calculate or augment the calculation of longitude, 
latitude, altitude, or transmission of time or frequency data, or 
any combination thereof.
---------------------------------------------------------------------------

    This RFI outlines the information NIST is seeking from the public 
to inform the development of a profile of PNT services that will 
strengthen national resilience of U.S. critical infrastructure and 
other industries that rely on PNT services.

Request for Information

    The following questions cover the major areas about which NIST 
seeks comment. They are not intended to limit the topics that may be 
addressed. Responses may include any topic believed to have 
implications for the development of a PNT profile, regardless of 
whether the topic is included in this document.
    All relevant responses that comply with the requirements listed in 
the DATES and ADDRESSES sections of this RFI will be considered.
    When addressing the topics below, commenters may address the 
practices of their organization or a group of organizations with which 
they are familiar. If desired, commenters may provide information about 
the type, size, and location of the organization(s). Provision of such 
information is optional and will not affect NIST's full consideration 
of the comment.
    Comments containing references, studies, research, and other 
empirical data that are not widely published should include copies of 
the referenced materials. All submissions, including attachments and 
other supporting materials, will become part of the public record and 
subject to public disclosure. NIST reserves the right to publish 
relevant comments publicly, unedited and in their entirety. All 
relevant comments received in response to the RFI will be made publicly 
available at https://www.nist.gov/itl/pnt. Personal information, such 
as account numbers or Social Security numbers, or names of other 
individuals, should not be included. Do not submit confidential 
business information, or otherwise sensitive or protected information. 
Comments that contain profanity, vulgarity, threats, or other 
inappropriate language or content will not be considered.
    NIST is seeking the following information from PNT technology

[[Page 31745]]

vendors, users of PNT services and other key stakeholders for the 
purpose of gathering information to foster the responsible use of PNT 
services:
    1. Describe any public or private sector need for and/or dependency 
on the use of positioning, navigation, and timing, or any combination 
of these, services.
    2. Identify and describe any impacts to public or private sector 
operations if PNT services are disrupted or manipulated.
    3. Identify any standards, guidance, industry practices and sector 
specific requirements referenced in association with managing public or 
private sector cybersecurity risk to PNT services.
    4. Identify and describe any processes or procedures employed by 
the public or private sector to manage cybersecurity risks to PNT 
services.
    5. Identify and describe any approaches or technologies employed by 
the public or private sector to detect disruption or manipulation of 
PNT services.
    6. Identify any processes or procedures employed in the public or 
private sector to manage the risk that disruption or manipulation to 
PNT services pose.
    7. Identify and describe any approaches, practices, and/or 
technologies used by the public or private sector to recover or respond 
to PNT disruptions.
    8. Any other comments or suggestions related to the responsible use 
of PNT services.

    Authority: Exec. Order No. 13905, Strengthening National 
Resilience Through Responsible Use of Positioning, Navigation, and 
Timing Services, 85 FR 9359 (Feb. 18, 2020).

Kevin A. Kimball,
Chief of Staff.
[FR Doc. 2020-11282 Filed 5-26-20; 8:45 am]
BILLING CODE 3510-13-P