NSPD39 - Level III

OPEN DISTRIBUTION

National Readiness Profile: Securing the PNT Ground Segment and

increasing its availability through a carrier-neutral access model nationally.

Certichron’s HSPD-39 based initiative to expand and create a national access network for the US Timescale.

2012 summary report with the 2013 EO on Cyber Security and pending legislation like CISPA factored in a well.

© 2011-2013 Certichron Inc

OPEN DISTRIBUTION04/15/23 3

The US now faces a new set of cyber threats…

HSPD-39 set the standard and the President extended it with the 2013 EO on Cyber Security. The US Government needs a fail-over distribution model for the US Timebase

– CONOPS and IDS are faced with GPS susceptibility to sunspots, other background radiation based problems or from direct attack

To meet this liability CONOPS and IDS should utilize Forensic Telemetry

– Internal and external attacks threaten the ability to properly operate our infrastructure through periods of National Time Service Outages

– Forensic Telemetry includes a reliable timebase service with a provable chain of custody

– Forensic Telemetry as a Ground-Based resource allows CONOPS and IDS services to be of a higher-grade because the trust anchor is (the secure time service) not tied to the transmission model.


The new HSPD-39 in today's EO driven requirements exceed the ability to rely on

Internet only time sourcesCIKR: Synchronization is not enough anymoreToday there is an emerging need for a more reliable source of time in the private sector than L1 GPS

– It is not feasible for the DoD to support L2 GPS Token Programs for Private Sector entities and they can be jammed as well

Some other provisions must be considered – Better granularity than traditional methods provide is now needed: New needs

mean nanosecond resolution at the receiving end is necessary – that means PTP must also be available now too!

– Time is used as a Trust-Element: More and more, time is used as a trust-element in commercial and command-and-control transactions – that means systems which can show a chain-of-custody in time service are now important.

– One-way systems can be compromised: Because of how they can be compromised the PNT RF Passive/Broadcast Only time services are no longer sufficient in the instances that time must be auditable. Furthermore, the distribution and proof in that distribution of time must be non-interruptible as a feature of that trust practice.

OPEN DISTRIBUTION

Jammer Devices are common now!

Cellphone and GPS Jammers are off the shelf now.

– Cyber-Terrorists don’t build them – they buy their tools!

– Higher Power devices are also available

– Plans for building GPS Spoofers are available

GPS + Cell

Cigarette Lighter GPS Jammer: $33

Pocket ½ Watt GPS Jammer: $30

½ Watt Multiband GPS Jammer: $33


What then are the options?

“Provide a secure instance of the official US Time base to anyone needing it”Several controlling factors must be brought into the review process

– First Option: Connect any number of lines to the Standards Center’s themselves: i.e. put dedicated dark fiber in between the reference laboratories and all of the sites needing access.

• Fiber Costs– Who pays for it? US DoC? No Budget. US DHS? No Budget…

• Federal Overhead – – Can the Timing Authorities actually support a US Wide Load?– Who pays for the end use and overhead?

Our response...


How do we distribute the Time?

Regional distribution is not as complex as was originally thought

– Its just not something that a Calibration Laboratory should do or is equipped to administer.

– It’s a commercial mass-distribution model and because of this, the CIKR IT Sector should provide this.PTX's model creates a master instance of time in each regional center and then with the NIST and USNO timescale provides an interoperability statement with NIST as the authenticating and certifying laboratory.

– This way each client is hardwired directly to a production time server who’s calibration standard is managed by NIST itself. The time data in these S2 and S3 clients simply doesn’t get any better from a certification point.



We provide access points in all of the key Data Centers in US Securities Trading today

– NY/NJ – NY2&4, NJ2, 60H, satellite to 165 halsey and 1400 federal

• MAWA and three other sites planned over the next 3 months to fully mesh all US securities and financial trading with PNY terrestrial service access.

Coming online

– 350 cermak with Aurora

– LD4 and Basildon (London UK)

– W/ PLANNED EXPANSION INTO

• Tokyo

• BovSPA (Sao Paulo)



•Step one is understanding the end-users needs: – Not all recipients want or need ultra precise time.

– Most users are NTP clients already – so adding a secure external NTP source is a seamless addition to their existing systems.

•Step two is about buffering the laboratory itself – Buffering it into a vertically provable production network, one

complete with full event logging and related services.

OPEN DISTRIBUTION

NIST++: Certichron’s time-centers provide better time-resolution than…

• Certichron’s Regional Time Centers convert the work done in the Reference Time Standards keepers like USNO and NIST into a commercial production service.

• Certichron’s vision is that for those that need it ultra-precision time should be available.

– NIST++ is our name for our merged interagency timescale. NIST ++ is

• A better time solution than ACTS based NIST ITS because it brings CRADA 1681 operating models to the ITS Services. This service is monitored continuously from NIST ITS Control in Boulder Colorado

• Adds TMAS, the NIST Time Measurement Analysis System as a Second-Factor Control Service providing both a new level of granularity and continuous second-source monitoring for the NIST ITS and Client Systems it provides this access to. This blends Air Force Time Scale management into the Time Practice and with the addition of the USNO and NASA standards this is truly a multi-organization time service.

• The TWO-FACTOR TIME MANAGEMENT service meets the Federal PKI standards, is fully NIST SP800 52 and 53 compliant and provides the most stringent audit standard for Federally Sourced time data available today. Additionally it is fully compliant with the FFIEC banking recommendations, meets FINRA OATS and is fully DoD 8520 and DCID 1/9 and 6/xx compliant.

– With this service Certichron eliminated the need to use dedicated dark fiber to distribute ultra-precise NIST UTC everywhere.

OPEN DISTRIBUTION

Value Proposition I• NIST++ - an extended timescale:

– Specifically built for Production Uses – unlike Laboratory Time Standards this system scales – meaning it can be nationally deployed!

• Provides a merged NIST/USNO with GPS Heartbeat type service across the US. – This unified timescale provides total interoperability between all three key Timescales of the

US Government and allows for a multiplicity of access models to be deployed across the US and Internationally (US Missions and Embassy ops).

• Eliminates access issues while honoring 15 USC 271 and 272’s mandate• Meets Interagency Security and Audit Needs (NIST + GAO)• The deployment model scales

• Can support Port/CG and FAA operations as a key resource in US Air Safety.

– Provides a unified heartbeat tied to the full faith and credit of the US Constitution under 15 USC 271 and 272, one which can be made available anywhere.

– Enables DHS charters under the HSPD-39 fully!

OPEN DISTRIBUTION

Value Proposition II

For CONOPS/IDS this would provide– NTP and PTP w/TMAS: 15nS uncertainty/30pS

measurement window… • This is 4 times better than that faster than light experiments

CERN used• 1000x better than what the market control factors ask for

today

– With TMAS the extended ITS and Logging Services can be deployed anywhere

• For Securities/Financial • For Government/SCIF operations• For emergency infrastructure control

OPEN DISTRIBUTION

“The System”The system is designed to provide Individual and Group Access to the US National Time Standard as a facility of Operational Compliance and COOP/DR Readiness.

– Expands NIST/UTC Access regionally around to the US to the Public under the NIST US Timescale Access Policy

– Adds both private NTP and PTP service availability for HSPD-39 readiness.

FULLY COMPLIANT TO “USG TO INDUSTRY FIBER PROPOSAL” Request – creates a national network for the distribution of a PNT Ground Segment Resource which is open to all carriers.

– Provides a multi-point private access model for distributing the US national timescale for all users as a private carrier type service.

– Through the open peering access models NIST UTC is now functionally available as a network fed resource across all of the NY/NJ and upper Beltway. Internet access is iffy because of the program requirements (we just suffered an attack in NYC which shut us down) so our making the systems available on the back end as well is a key requirement.

•Our practice is specific to commerce *(and certified by Deloitte).– We also do what the Industry Audit Practices require which the Government cant by law.

This turns out to be much more complex than it seems because we cannot just buy a box and plug it in anymore to get reliable time into key systems. We need reliable and provable time for everything.


Provisioned today!• Certichron has NIST time

service availability across the US today!

• 12 Regional Centers: fully saturates US trading Corridor for UTC(NIST) delivery over redundant operating sites.

• Interconnect capability for all Patriot Watch applications and all US National Support operations

• Certichron’s UTC(NIST) service network forms a key national asset since it is operated at a high level of commercial standard that exceed most government standards

GPS outage support through ground-based access to UTC(NIST) is available for all applications


Proposed ExpansionUTC(NIST) Everywhere

Certichron plans to expand over the next 24 months to place the Merged UTC(NIST++) resources in virtually every

– Key Global Commerce Center– US Electronic “Point Of Entry” – Key Infrastructure Zones across the US and certain

other nation's Civil Infrastructure Frameworks

– New Sites include LONDON: (LD4 and BAI) with expansion into FR2 and beyond in the EU

– Planned expansion into Tokyo and Brazil (estimated online before the end of 3Q2013)


Next Steps III

•President's EO and Cyber Security Directive program compliance as well as CISPA framework compliance

– Program compliance effort and reports

– Service framework for city and entity compliance using the time-service framework

– Open-access practices for carrier-neutral access to time services as a national public resource

NSPD39 - Level III

Documents

Transcript of NSPD39 - Level III