White House Releases 'Roadmap' of Border Gateway Security Best Practices
The White House Office of the National Cyber Director released guidance Tuesday, dubbing it a "roadmap," addressing "key vulnerabilities" in border gateway protocol (BGP) security. ONCD urged "every network operator use a risk-based approach to address BGP vulnerabilities" through the adoption of resource public key infrastructure (RPKI), which includes route origin authorization and origination, calling it a "mature, ready-to-implement approach to mitigate BGP’s vulnerabilities."
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
"Internet security is too important to ignore," said White House National Cyber Director Harry Coker. A White House news release said more than 60% of the federal government's "advertised IP space" will be covered by registration service agreements, which will help establish route origin authorizations for federal networks. The guidance's 18 recommendations are "of particular importance to the networks used by critical infrastructure owners and operators, state and local governments, and any organization dependent on internet access for purposes that the entity considers to be of high value," it continued. ONCD separately released a registration service agreement template addendum for federal agencies and encouraged its use to facilitate the adoption of RPKI.
"We aim for this roadmap to mitigate a longstanding vulnerability and lead to a more secure internet that is vital to our national security and the economic prosperity of all Americans," Coker said. The new guidance's goal is increasing awareness of best practices to promote BGP security. It also offered recommended "baseline actions" for all network operators, including risk-based planning, route origin authorization publication, contracting requirements and monitoring.
FCC Chairwoman Jessica Rosenworcel welcomed the announcement, noting the agency took similar measures earlier (see 2406060028). The commission adopted an NPRM proposing that the nation's largest broadband providers submit reports about how they are addressing BGP security. The guidance "both complements and advances our work towards this goal," Rosenworcel said. "We must work together to improve internet routing security, and the ONCD's roadmap sets forth a path for collaboration and progress," she said. NTIA Administrator Alan Davidson also welcomed the new guidance, calling it "an important step towards helping the entire internet ecosystem protect users from" loss of service, data theft, and "other malicious attacks."
In addition, ONCD announced a public-private stakeholder working group. Co-chaired by ONCD, the Cybersecurity and Infrastructure Security Agency and Communications and Information Technology Sector coordinating councils, the group will "develop resources and materials to collectively advance" the objectives presented in the road map. Moreover, the group will craft a framework for network operators to "assess risk and prioritize IP address resources and critical route originations" when applying routing security controls.
“The roadmap reflects a deep understanding of the complex Internet ecosystem landscape,” said USTelecom Senior Vice President-Cybersecurity and Innovation Robert Mayer, who also chairs the Communications Sector Coordinating Council. The "sensible and prudent approach calls for a collaborative industry and government effort to develop an informed, risk-based strategy."