At its June Open Meeting, the FCC adopted a Notice of Proposed Rulemaking (NPRM) intended to help protect America’s communications networks against cyberattacks by improving internet routing security. The Commission’s proposal would require broadband providers to create confidential reports outlining the steps they have taken or plan to take to address vulnerabilities in the Border Gateway Protocol (BGP). The BGP is the technical protocol used to route information across the internet. The NPRM expresses concerns that the BGP’s initial decades-old design, which is still widely used today, does not include certain security features to ensure trust in the information that is relied upon to exchange traffic between independently managed networks on the internet. The Commission cites BGP national security experts who have raised concerns that a bad network actor could falsify BGP information to redirect traffic. These “BGP hijacks” can lead to the exposure of personal information, enable theft and extortion, and generally disrupt services that the public rely upon.
To address these concerns the NPRM proposes that:
* Broadband internet service providers would prepare and update confidential BGP security and Risk management plans at least annually. The plans would provide detail on their progress and plans for implementing BGP security measures that utilize the Resource Public Key Infrastructure (RPKI), a critical component of BGP security.
* The nine largest broadband service providers would file their BGP plans confidentially with the Commission as well as file quarterly data that would also be available to the public that would allow the Commission to monitor the progress towards the implementation of RPKI-based security measures and to assess the reasonableness of the BGP plans.
* Smaller broadband service providers would not be required to file their plans with the Commission but would be required to make their BGP plans available upon request.
Comments on the NPRM are due by July 17, 2024, and Reply Comments are due by August 1, 2024. We anticipate a significant level of comments will be filed in this proceeding. We will provide updates as more information becomes available.
