The White House Office of the National Cyber Director (ONCD) has released a guide to improve the security of the Border Gateway Protocol (BGP). BGP is essential to internet operation for more than 70,000 independent networks, as internet traffic is directed between networks via the BGP to determine the destinations reachable through those networks. The BGP is foundational to networks such as cloud providers, universities, internet service providers, energy companies, and federal, state, and local governments. By addressing this threat, the ONCD intends to confront an issue that has been a longtime threat to internet traffic security.
“Securing internet routing has been a long-term effort. It is a difficult one because it takes a lot of different players all taking action to be useful,” says Ari Schwartz, Coordinator of the Center for Cybersecurity Policy and Law. “The ONCD’s roadmap is showing us how to get secure routing done and starting up the collective action efforts needed to get us to the finish line.”
The guide released by the ONCD supports adopting a Resource Public Key Infrastructure (RPKI) as a method to manage vulnerabilities within the BGP, including suggested actions applicable to all types of networks. The provided recommendations are important to operators and owners of critical infrastructure, government entities (both state and local), and any entity dependent on internet access for purposes of high value.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, commented, “We are decades late in securing BGP. Now we have a few good ways to better secure BGP. The United States government supports one of the methods... not the best... but an incremental way forward, and all we need to do is get vendors and organizations to implement it. Getting CISA involved is one great way to accomplish this. I’m not usually very optimistic for any good cybersecurity standard to be well-implemented in a timely manner, but I have great hope for this one. If it is pulled off like we all want it to, in a year or two, BGP will finally be harder to compromise than it has been for decades.”
Schwartz remarks, “The roadmap released by the ONCD marks just the beginning of a comprehensive and collaborative effort to secure our internet’s core ecosystem. We must continue to work across sectors to upgrade the infrastructure and address the evolving challenges in internet security and protect the integrity of our global networks.”