FCC moves to strengthen internet routing security

/in


The Federal Communications Commission (FCC) has unveiled a proposal aimed at bolstering the security of America’s networks against cyberattacks by improving internet routing security.

The new initiative mandates that ISPs produce confidential reports detailing their efforts and plans to address vulnerabilities in the Border Gateway Protocol (BGP), a fundamental technical protocol used for routing information across the internet.

Under the proposal, the largest broadband providers in the US would be required to submit quarterly public data showcasing their progress in mitigating BGP risks. This move aims to enhance internet routing security and furnish the FCC and its national security partners with current information on this critical matter.

In a statement, FCC Chairwoman Jessica Rosenworcel highlighted the significance of securing internet traffic, referencing a recent conversation with Vint Cerf, often described as the “Father of the Internet.” 

Reflecting on the origins and open architecture of the internet, Cerf remarked that he wished he had known the internet would need more security. Rosenworcel agreed, noting the critical reliance on BGP for various everyday activities—from small business operations and online banking, to telemedicine and emergency services.

BGP, which has been in use for decades, was not originally designed with intrinsic security features to ensure trust in the information exchanged among independently managed networks on the internet. 

National security experts have voiced concerns that malicious actors could exploit BGP by falsifying reachability information, a tactic known as “BGP hijacking.” Such attacks could expose personal data, facilitate theft and extortion, enable state-level espionage, and disrupt essential services.

FCC Commissioner Geoffrey Starks underscored the importance of BGP security, having focused on this issue since 2022.

In a statement, Starks pointed out that accidental or malicious actions can make networks unavailable or redirect traffic for cyberattacks, data theft, or espionage. Starks cited notable incidents such as the 2008 YouTube blackout caused by Pakistan’s attempt to block access within its borders and…

Source…