US proposes to boost BGP security and integrity – Strategy


The US Federal Communications Commission has voted to advance a proposal to boost the security of information transmitted across the internet after government agencies said a Chinese carrier had misrouted traffic.



The US telecommunications regulator since 2022 has been studying vulnerabilities that it says threaten the security and integrity of the Border Gateway Protocol, central to the internet’s global information routing system.

The proposal would require broadband providers to create BGP security plans and file reports on risk-mitigation progress.

FCC Chair Jessica Rosenworcel said that US agencies had recently publicly disclosed that China Telecom used BGP vulnerabilities “to misroute United States internet traffic on at least six occasions.”

She added, “These ‘BGP hijacks’ can expose personal information, enable theft, extortion, and state-level espionage.”

This is the latest action by Washington to restrict Chinese telecom carriers including on undersea cables handling internet traffic and on US operations.

China Telecom did not immediately respond to a request for comment.

The internet consists of tens of thousands of interconnected networks and BGP is used to exchange information to route traffic.

But the FCC noted the design of BGP “did not include security features to ensure trust in the information that is relied upon to route Internet traffic.”

In April, the FCC said it was ordering the US units of China Telecom, China Unicom, China Mobile and Chinese telecommunications company Pacific Networks and its wholly owned subsidiary ComNet to discontinue fixed or mobile broadband internet operations in the United States.

China Telecom told Reuters earlier it does not provide broadband internet access services as defined by the FCC order.

The commission previously had barred the Chinese companies from providing telecommunications services.

Rosenworcel said earlier the commission had evidence that Chinese telecom carriers were providing broadband services in the United States.

The FCC had cited national security concerns in revoking or denying Chinese companies the right to provide US telecommunications services.

The FCC previously barred approvals of new telecommunications equipment from China’s Huawei Technologies and ZTE and other companies, saying they pose “an unacceptable risk” to US national security.



Source link