White House publishes latest plan to protect a key component of the internet
A White House plan for strengthening routing security that the Biden administration released on Tuesday looks to build on a growing body of executive branch work to fortify a vulnerable element of the internet.
Administration officials have warned that a set of technical rules for internet data routing, known as Border Gateway Protocol, are a target for hackers and that the United States isn’t up to speed on protecting it.
A report from the Office of the National Cyber Director released Tuesday is meant to serve as a roadmap for network operators, cloud service providers, critical infrastructure owners, government agencies and others to safeguard BGP. Among its chief recommendations is the adoption of infrastructure developed to enable additional security mechanisms for BGP.
“Internet security is too important to ignore which is why the Federal government is leading by example by pushing for a rapid increase in adoption of BGP security measures by our agencies,” said White House National Cyber Director Harry Coker, Jr. “ONCD, along with our public and private sector partners, are guiding a risk-informed path forward towards our communal objective. We aim for this roadmap to mitigate a longstanding vulnerability and lead to a more secure internet that is vital to our national security and the economic prosperity of all Americans.”
The roadmap follows action by the Federal Communications Commission to move toward regulating BGP security for internet service providers, and a joint FCC-Cybersecurity and Infrastructure Security Agency blog post meant to call attention to the problem.
Specifically, the roadmap calls for the “adoption of Resource Public Key Infrastructure (RPKI) as a mature, ready-to-implement approach to mitigate vulnerabilities in BGP.”
“These recommendations are of particular importance to the networks used by critical infrastructure owners and operators, state and local governments, and any organization dependent on internet access for purposes that the entity considers to be of high value,” a White House announcement reads.
It also calls on network operators to conduct risk-based planning and monitoring the status of data, with separate sets of recommendations that would, for instance, require federal government contractors who are service providers to “adopt and deploy current commercially-viable Internet routing security technologies.”