Resilient PNT Reference Architecture for Critical Infrastructure
Patricia Larkoski, William Young, Bradley Moran, Fei Sun, and Arthur Scholz, DHS HSSEDI FFRDC, operated by The MITRE Corporation; Ernest Wong, Department of Homeland Security (DHS) Science and Technology Directorate (S&T)
Location: Ballroom B
Date/Time: Thursday, Aug. 26, 9:35 a.m.
The near-ubiquitous use of the Global Positioning System (GPS) for Position, Navigation, and Timing (PNT) poses a risk to national critical infrastructure when GPS signals are consumed indiscriminately. The need to adopt resilient PNT systems to address this risk is recognized in Executive Order 13905, “Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services.” The Resilient PNT Conformance Framework (https://www.dhs.gov/publication/st-resilient-pnt-conformance-framework) encourages industry development and civilian implementation by providing a common framework and descriptive language for resilient PNT systems. The Department of Homeland Security (DHS) Science and Technology (S&T) Directorate has developed the Resilient PNT Reference Architecture to support the Conformance Framework with specific examples of PNT system architectures employing resilient techniques. The Reference Architecture further categorizes different approaches for resilience and system designs utilizing a variety of different types of PNT sources.
Resilience is the ability to withstand and/or recover from threats that may disrupt or deny the delivery of PNT information. As described in the Resilient PNT Conformance Framework, the concept of resilience can be broken-down into three functions with respect to atypical PNT errors, defined as errors outside of the expected performance bounds: prevent, respond, and recover. This entails preventing atypical PNT errors and corruption of PNT sources, regardless of whether they are caused by threats or malfunctions; responding appropriately to detected atypical errors or anomalies, including reporting, mitigation, and containment; and recovering from atypical errors to return to a proper working state and defined performance. This could include the case where the error appears to be less than the expected performance error due to manipulation. Manipulation can also result in biased or ramping errors within the expected performance bounds that are erroneous and misleading. Techniques discussed in the Reference Architecture are mapped to the core functions. Some key examples include: protecting the internal state data and processes by limiting access to external input and isolating between different PNT sources; responding to threats with anti-spoof and anti-jamming methods, including methods that verify PNT source solutions using threat detection techniques; recovering to a stable baseline by processes that reset the user equipment and reloaded trusted firmware.
The ability to uniformly qualify the resilience of PNT user equipment allows stakeholders to effectively communicate about requirements and solutions. To this end, the Conformance Framework defines four resilience levels. Translation from abstract resilience levels to tangible implementations is provide by the Reference Architecture, resulting in specific examples of resilient PNT systems. Resilient techniques are mapped to Level 1 and Level 2 architectures, followed by examples of next generation resilient PNT architectures that will likely find applicability to the higher resilience levels. The Reference Architecture explores concepts applicable to next generation PNT architectures such as multiple, diverse, isolated PNT sources; a mature resilience manager; and multiple synthesis options for the system PNT solution. The examples provided in the Resilient PNT Reference Architecture further the goals of the Conformance Framework by providing a starting point for innovating new resilient system designs and facilitating common language between PNT system integrators and users.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 21-0486.
This (software/technical data) was produced for the U. S. Government under Contract Number 70RSAT20D00000001, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data—General. As prescribed in 27.409(b)(1), insert the following clause with any appropriate alternates:
52.227-14 Rights in Data -- General (May 2014) – Alternate II (Dec 2007) and Alternate III (Dec 2007) (DEVIATION)
No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.
© 2021 The MITRE Corporation.