2024-06-06
FCC Proposes Internet Routing Security Reporting Rules for ISPs
The US Federal Communications Commission (FCC) has published a notice of proposed rulemaking regarding Internet routing security reporting requirements for Internet service providers (ISPs). The FCC wants to ensure that ISPs are taking steps to protect their networks from Border Gateway Protocol (BGP) vulnerabilities. The FCC is accepting public comment on the proposed rules.
Editor's Note
This move comes at the right time. For the most part, large ISPs are already implementing RPKI. As of earlier this year, the number of protected prefixes exceeds the number of unprotected once. This will hopefully get the stragglers on board.
Johannes Ullrich
First comes the plan then comes the implementation. ISPs have known that BGP is vulnerable to attack and has been for decades. This future requirement shouldn’t come as a surprise to any of them.
Curtis Dukes
The FCC is working to hold ISPs feet to the fire implementing BGP security measures specifically Resource Public Key Infrastructure (RPKI). In effect, signed changes/updates to BGP information. They want to have the ISPs provide a confidential (detailed) report on their plans to improve BGP security, and the nine largest ISPs will be held to a higher bar for delivery. However, if they meet the desired security threshold, they will not need to file subsequent detailed plans.