The Federal Communications Commission (FCC) on Thursday announced reporting requirements aimed at improving the security of internet routing.
Per the proposal, broadband providers would be required to create and implement plans to mitigate security flaws in the Border Gateway Protocol (BGP), the protocol used for routing information across the internet.
Furthermore, the communications regulation agency proposes for the largest broadband providers to submit quarterly reports detailing the progress made in mitigating BGP risks.
“BGP’s initial decades-old design, which remains widely deployed today, does not include intrinsic security features to ensure trust in the information that is relied upon to exchange traffic among independently managed networks on the internet,” the commission argues.
Citing BGP national security experts, the FCC notes that threat actors could falsify BGP reachability information and redirect traffic, which could lead to personal information exposure, data theft, extortion, espionage, and the disruption of public or critical infrastructure services.
To address these issues, the agency proposes that broadband internet services providers create and update BGP security risk management plans detailing the implementation of security measures using the Resource Public Key Infrastructure (RPKI).
The nine largest broadband providers in the US would be required to file these plans with the commission and to file quarterly public reports detailing their progress in implementing RPKI-based security measures.
Smaller broadband providers, the agency says, would need to create these plans and make them available to the FCC upon request.
“These plans would describe and attest to their efforts to follow existing best practices with respect to Route Origin Authorizations and Route Origin Validation using the Resource Public Key Infrastructure,” FCC Chairwoman Jessica Rosenworcel commented.
Noting that internet routing is critical to public safety and national security, the FCC is seeking public comment on the proposed requirements, as well as on other measures related to the implementation of RPKI-based security.
Related: BGP Flaw Can Be Exploited for Prolonged Internet Outages
Related: Exploitation of BGP Implementation Vulnerabilities Can Lead to Disruptions
Related: Embrace RPKI to Secure BGP Routing, Cloudflare Says
