Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Russia’s Cyber Tactics Are Prompting the FCC to Address Internet Routing Security

Standards exist for network operators to implement, but there is no rule forcing them to do so.

The Federal Communications Commission cited Russia’s aggression against Ukraine in announcing its unanimous approval of a notice of inquiry for secure use of the Border Gateway Protocol, the internet’s routing system. 

“Last week, the Department of Homeland Security warned U.S. organizations at all levels that they could face cyber threats stemming from the Russia-Ukraine conflict,” reads a Monday press release from the FCC. “This notice will begin an inquiry into the vulnerabilities of the internet’s global routing system. The inquiry will also examine the impact of these vulnerabilities on the transmission of data through email, e-commerce, bank transactions, interconnected Voice-over Internet Protocol and 911 calls—and how best to address these challenges.”

Used in conjunction with a botnet—an army of devices that is under remote control after being infected with malware—BGP can be manipulated to execute distributed denial of service attacks like those recently experienced in Ukraine. The U.S. has attributed those DDoS attacks to Russia. The FCC’s notice explains how adversaries can also exploit vulnerabilities in BGP to redirect traffic and steal data. The agency referenced reports in 2017 of traffic to and from major U.S. tech and financial-sector companies suspiciously taking an out-of-the-way path through telecommunications companies in Russia.

The notice lists various efforts over the years from both within and outside the commission to establish secure use of BGP. The National Institute of Standards and Technology, the Internet Engineering Task Force, the Internet Society and the FCC’s own Communications Security Reliability and Interoperability Council have all documented best practices to address the security risks associated with the protocol. But those have not been comprehensively implemented by internet service providers.

“Notwithstanding this work, available information suggests that the voluntary adoption and deployment of such measures has been such that many of the independently managed networks that comprise the Internet remain vulnerable because they have not taken advantage of these measures,” the FCC wrote.

Among other things, security measures include encryption and the use of certain routers. 

“We seek comment on whether and to what extent network operators anticipate integrating BGPsec-capable routers into their networks,” the notice reads. “The specification for the BGPsec extension to BGP became available in 2017, but it appears that BGPsec has not been widely deployed despite BGP’s known vulnerabilities. Why have network operators not taken more aggressive steps to adopt BGPsec? What particular obstacles or concerns about BGPsec have slowed their adoption? To what extent does the introduction of BGPsec routers potentially introduce compatibility issues among managed networks or introduce delays?”

The commission is also seeking comments on its authority to regulate secure internet routing, not just through wireline and wireless ISPs, but also “Internet Exchange Providers, interconnected VoIP providers, operators of content delivery networks, cloud service providers and other enterprise and organizational stakeholders.” 

“We seek comment on whether regulatory clarity could help network operators prioritize investments in the security of their networks,” the FCC wrote.

Comments are due within 30 days of the notice being entered into the Federal Register, with reply comments due within the succeeding 30 days.

Source: https://www.nextgov.com/cybersecurity/2022/03/russias-cyber-tactics-are-prompting-fcc-address-internet-routing-security/362616/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO