White House plan looks to secure a foundational piece of the global internet
The roadmap for improving the Border Gateway Protocol calls on the federal government to contract with firms that can provide available secure internet routing technologies.
The White House on Tuesday unveiled a roadmap aimed at bolstering the cybersecurity of a crucial worldwide data routing framework, calling on the federal government to seek contractors that can provide services to help validate the legitimacy of data that enters into agencies’ networks.
The Border Gateway Protocol, a backbone data transmission algorithm that determines the optimal path for data packets to move across networks, was first engineered in 1989 to help data swiftly move between computers. The protocol helps digital information find the fastest, least resistant transmission path, but it was built on the premise that all routed contents could be trusted, a dynamic that doesn’t hold true in 2024.
The Office of the National Cyber Director, as part of the new blueprint, is trying to shield U.S. networks from BGP hijack attacks, where hackers take over groups of internet addresses by sabotaging their routing pathways.
While the threats are serious, the report indicates that routing security doesn’t get the same attention as other cybersecurity risks facing large organizations. Additional challenges are posed by the problem of legacy equipment that can’t validate routing pathways and uncoordinated management of internet address resources.
The roadmap suggests using a system called Resource Public Key Infrastructure to improve the security of internet routing. RPKI is designed to confirm a network has the right to use specific internet protocol addresses and then checks to make sure that traffic is only routed through validated networks. For this system to work effectively, organizations need to set up these confirmations, known as Route Origin Authorizations, or ROAs.
Just half of aggregated IP addresses have a valid ROA available, according to a monitor provided by the National Institute of Standards and Technology.
Network service providers like AT&T and Verizon are asked to monitor the status of data coming onto their networks and build out a cybersecurity risk management plan. The Office of Management and Budget, working with the Federal Acquisition Regulatory Council and the General Services Administration, should obligate companies contracted by the government to adopt the latest internet routing security technologies and enforce specialized filtering techniques on their internet connections, ONCD also advises.
The Federal Communications Commission in June approved a proposal that would require the nine largest U.S. broadband providers to regularly file confidential documents to the commission that describe plans they’re developing to bolster BGP security.
BGP hijacks have become more sophisticated and could allow hackers to burrow into other foundational internet protocols, including web infrastructure, allowing them to pilfer account credentials or plant malware used to siphon cryptocurrency, ONCD Director Harry Coker said in May. Over 50% of IP addresses owned and used by agencies will have enhanced data routing security measures in place by the end of the year to help prevent hackers from hijacking digital pathways into government networks, he said.
OMB declined to comment for this story. The FAR Council and GSA did not return requests for comment.