Blog Editor’s Note: We need to be careful to not just have good devices, but also need to ensure the devices are accessing valid information? Maybe timing and location information, for example?
PNT security is a key component of cybersecurity. And much PNT is unauthenticated, highly vulnerable to attack, and can be traced back to a single source (GPS).
We heartily agree a more holistic approach is needed for cybersecure networks and systems. We must have multi-source, authenticated, and cybersecure PNT if we are to have meaningful cybersecurity.
Federal agencies’ implementation of NIST’s guidelines on the issue—under direction from Congress—is coinciding with industry resistance to the comprehensive approach stakeholders agree is necessary.
As federal agencies near a Congressional deadline to control their procurement of devices capable of connecting to the internet, a key official from the National Institute of Standards and Technology highlighted the role cloud services and other infrastructure providers—beyond the device manufacturers—play in mitigating cyberattacks that seek to exploit their connectivity.
“The product is often more than just what [customers] have installed,” from a box they buy off the shelf, said Katerina Megas, who manages NIST’s program on cybersecurity for the internet of things.