The Office of the National Cyber Director (ONCD) has introduced a comprehensive “Roadmap to Enhancing Internet Routing Security” to address the increasing vulnerabilities associated with the Border Gateway Protocol (BGP). This new guidance, announced by U.S. National Cyber Director Harry Coker, aims to improve the security and resilience of internet routing systems, which are crucial for directing global internet traffic. The roadmap outlines key strategies for mitigating BGP risks and provides detailed recommendations for adopting technologies that enhance routing security.
The ONCD’s guidance identifies significant barriers to the widespread adoption of BGP security measures and offers practical solutions to overcome these challenges. It emphasizes the need for network operators to develop and regularly update cybersecurity risk management plans that specifically address routing security. The roadmap also highlights the importance of validating the authority of remote networks and ensuring the integrity of routing information to prevent malicious and accidental traffic rerouting.
As part of the initiative, the ONCD plans to cover at least 60% of federal government IP space by the end of the year, using Resource Public Key Infrastructure (RPKI) to mitigate BGP vulnerabilities. This effort reflects the ONCD’s commitment to leading by example and setting a standard for federal agencies to enhance their routing security practices. The guidance also aligns with recent proposals by the Federal Communications Commission (FCC) to require major U.S. broadband providers to develop confidential BGP security risk management plans.
The release of this roadmap comes amid a growing threat landscape for BGP, a protocol that was designed before many contemporary cybersecurity threats were understood. By addressing the protocol’s inherent weaknesses and promoting robust security measures, the ONCD aims to fortify the backbone of global internet routing and enhance the overall stability and reliability of internet infrastructure. The initiative represents a critical step toward safeguarding the digital ecosystem against evolving threats.
Reference:
