The Federal Communications Commission (FCC) of the United States has announced the initiation of the process to draft security control regulations for telecommunications companies to maintain the security of the Border Gateway Protocol (BGP).
BGP is a protocol used to announce which routes can be taken to reach specific network destinations. If malicious actors announce high-speed pathways to connect to the targeted company’s network, it enables traffic to be diverted to the malicious actors, known as BGP hijacks.
Jessica Rosenworcel, chair of the FCC, mentioned discussions with Vint Cerf, a pioneer of internet development. Cerf explained that the inception of BGP stemmed from the expansion of the internet, as traditional protocols could not cope. Engineers brainstormed over lunch during an IETF meeting in 1989 and sketched out the BGP protocol on three napkins, earning it the nickname “three napkin protocol”.
There have been long-standing proposals to enhance BGP security, particularly through the Resource Public Key Infrastructure (RPKI) validation process to verify authorized route announcements. However, adoption by internet service providers has been limited.
Preliminary control regulations may mandate that broadband providers demonstrate sufficient BGP monitoring procedures and readiness to implement RPKI. They might also require quarterly progress reports to the FCC. Implementation of these regulations is pending.
TLDR: The FCC is drafting security regulations for telecommunications companies regarding the Border Gateway Protocol to prevent BGP hijacks, with a focus on implementing RPKI and reporting progress periodically.
Leave a Comment