Governance & Risk Management
                                                    ,
                                                            Government
                                                    ,
                                                            Industry Specific
                                                    
                    Director Hails New Guidance as ‘First Step’ in Resolving BGP Security Risks
                

U.S. National Cyber Director Harry Coker unveiled new guidance Tuesday to bolster internet routing security, calling it a “first step” in tackling critical vulnerabilities that jeopardize the stability and reliability of the internet’s core protocols.
See Also: Securing the Nation: FedRAMP-Authorized Identity Security
Coker said the Office of the National Cyber Director released its “Roadmap to Enhancing Internet Routing Security” to drive the widespread adoption of technologies that can mitigate critical vulnerabilities in the Border Gateway Protocol and fortify the security and resilience of internet interdomain routing. The guidance identifies barriers to adoption and offers alternative mitigation strategies for internet routing and BGP security risks, along with best practices and technology recommendations to fortify routing protocols and enhance overall network security.
“We have instances where [internet] traffic has been rerouted accidentally and maliciously with intent by nation-state actors,” Coker told the Billington CyberSecurity Summit in Washington, D.C. “This is going to help address that problem – it’s certainly not going to fix it all.”
The guidance comes amid an intensified threat landscape for BGP, which serves as the backbone of global internet traffic routing. BGP is a foundational yet vulnerable protocol, developed at a time when many of today’s cybersecurity risks did not exist.
 
Coker said the ONCD is committed to covering at least 60% of the federal government’s IP space by registration service agreements “by the end of this calendar year.” His office recently led an effort to develop a federal RSA template that federal agencies can use to facilitate their adoption of Resource Public Key Infrastructure, which can be used to mitigate BGP vulnerabilities.
“This is a case where the federal government is going to lead by example,” he said.
The ONCD report underscores how BGP “does not provide adequate security and resilience features” and lacks critical security capabilities, including the ability to validate the authority of remote networks to originate route announcements and to ensure the authenticity and integrity of routing information.
The guidance tasks network operators with developing and periodically updating cybersecurity risk management plans that explicitly address internet routing security and resilience. It also instructs operators to identify all information systems and services internal to the organization that require internet access and assess the criticality of maintaining those routes for each address.
The road map follows a recent proposal from the Federal Communications Commission that calls for broadband providers to report their efforts to address BGP security. FCC Chairwoman Jessica Rosenworcel said in a statement that ONCD’s new guidance “sets a path for collaboration and progress” towards improving routing security.
The FCC unanimously approved a notice of proposed rule-making in June that would require nine of the largest U.S. broadband providers to develop confidential BGP security risk management plans (see: FCC Advances BGP Security Rules for Broadband Providers).
