The US Department of Justice (DoJ) and Defense (DoD) have added their voices to the Cybersecurity and Infrastructure Security Agency (CISA)’s call for the Federal Communications Commission to take a more active role in securing the Border Gateway Protocol (BGP). More specifically, they want the FCC to compel ISPs “to implement technical security standards to lock down internet traffic routing as well as require ‘increased transparency’ into real-world traffic flows.” Earlier this year, FCC asked for public comment on steps it should take to improve BGP security.
- BGP is based on mutual trust and doesn’t inherently have a security model to block disruptive changes, deliberate or mistaken. Add-ons to BGP are being implemented voluntarily, and already implementations of Resource Public Key Infrastructure (RPKI) is already making headway as a firewall to stop spreading BGP incidents. Also in use is BGPsec, but its success depends on a critical mass of global service provider adoption to be successful, and approaches such as Mutually Agreed Norms for Routing Security (MANRS) are more likely than BGPsec to get traction. What is needed is both an overall awareness of the need to secure internet routing and a framework of standard security controls that solutions can be measured against as well as effective solutions which aren’t cost prohibitive.