FCC pushes ISPs to fix security flaws in Internet routing
The Federal Communications Commission wants to verify that Internet service providers are strengthening their networks against attacks that take advantage of vulnerabilities in Border Gateway Protocol (BGP).
The FCC today unanimously approved a Notice of Proposed Rulemaking that would require ISPs to prepare confidential reports "detail[ing] their progress and plans for implementing BGP security measures that utilize the Resource Public Key Infrastructure (RPKI), a critical component of BGP security."
"Today, we begin a rulemaking to help make our Internet routing more secure," FCC Chairwoman Jessica Rosenworcel said. "We propose that all providers of broadband Internet access service prepare and update confidential BGP security risk management plans. These plans would describe and attest to their efforts to follow existing best practices with respect to Route Origin Authorizations and Route Origin Validation using the Resource Public Key Infrastructure. In addition, we propose quarterly reporting for the largest providers to ensure we are making progress addressing this well-known vulnerability."
The FCC said the initial design of BGP that remains widely deployed today "does not include intrinsic security features to ensure trust in the information that is relied upon to exchange traffic among independently managed networks on the Internet." Hackers can "deliberately falsify BGP reachability information to redirect traffic" in BGP hijacks that "can expose Americans' personal information; enable theft, extortion, and state-level espionage; and disrupt services upon which the public or critical infrastructure sectors rely," the FCC said.
