FCC Pushes Ahead with Internet Routing Security Requirements

/in


The Federal Communications Commission is considering requiring broadband providers to improve the cybersecurity of the networks that route traffic around the internet, an issue the FCC and other government agencies have been working on for more than a year.

The proposal would require ISPs to generate confidential reports that would outline what they have done – or plan to do – to strengthen the security of the Border Gateway Protocol (BGP), which are rules that determine the best network routes for transmitting data around the internet.

The problem is that the initial designed for BGP was developed decades ago and doesn’t include what the FCC calls “intrinsic security features” needed to instill trust in the information that is running over the independently managed communications networks. A bad actor could hack into a network and falsely claim ownership of IP addresses or redirect traffic that can then be intercepted or manipulated.

They also could alter the BGP in ways to prevent traffic from reaching the intended target, create false routes or disable valid ones, or divert the traffic through a malicious network. Such schemes can lead to the theft of personal information, extortion, state-level espionage, or the disruption of services, according to the FCC.

Chairwoman Jessica Rosenworcel said it’s taking steps to strengthen the security of networks carrying the internet traffic, noting in a statement that the BGP initially was meant to be short-term solution but has become a lynchpin for worldwide internet communications.

“While BGP has allowed network operators to grow and evolve the modern internet, it was not designed with explicit security features to ensure trust in exchanged information,” Rosenworcel said in statement. “That means bad actors can use this protocol to maliciously misdirect and exploit internet traffic.”

She also said that China Telecom has used BGP vulnerabilities at least six times to misroute U.S. internet traffic.

Little-Known but Critical

In a blog post last year, Rosenworcel and CISA Director Jen Easterly wrote that few people know how much they depend on the BGP, even given its foundational nature for everything from online banking…

Source…