Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

FCC Proposes BGP Security Reporting for Broadband Providers

The FCC proposes that broadband providers plan for BGP security and provide quarterly reports on implemented risk mitigations.

The Federal Communications Commission (FCC) on Thursday announced reporting requirements aimed at improving the security of internet routing.

Per the proposal, broadband providers would be required to create and implement plans to mitigate security flaws in the Border Gateway Protocol (BGP), the protocol used for routing information across the internet.

Furthermore, the communications regulation agency proposes for the largest broadband providers to submit quarterly reports detailing the progress made in mitigating BGP risks.

“BGP’s initial decades-old design, which remains widely deployed today, does not include intrinsic security features to ensure trust in the information that is relied upon to exchange traffic among independently managed networks on the internet,” the commission argues.

Citing BGP national security experts, the FCC notes that threat actors could falsify BGP reachability information and redirect traffic, which could lead to personal information exposure, data theft, extortion, espionage, and the disruption of public or critical infrastructure services.

To address these issues, the agency proposes that broadband internet services providers create and update BGP security risk management plans detailing the implementation of security measures using the Resource Public Key Infrastructure (RPKI).

The nine largest broadband providers in the US would be required to file these plans with the commission and to file quarterly public reports detailing their progress in implementing RPKI-based security measures.

Smaller broadband providers, the agency says, would need to create these plans and make them available to the FCC upon request.

Advertisement. Scroll to continue reading.

“These plans would describe and attest to their efforts to follow existing best practices with respect to Route Origin Authorizations and Route Origin Validation using the Resource Public Key Infrastructure,” FCC Chairwoman Jessica Rosenworcel commented.

Noting that internet routing is critical to public safety and national security, the FCC is seeking public comment on the proposed requirements, as well as on other measures related to the implementation of RPKI-based security.

Related: BGP Flaw Can Be Exploited for Prolonged Internet Outages

Related: Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions

Related: Embrace RPKI to Secure BGP Routing, Cloudflare Says

Related: FCC Warns of ‘Royal Tiger’ Robocall Scammers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights