“`html

TLDR:

• The FCC has approved a notice of proposed rulemaking requiring ISPs to prepare and update confidential BGP security plans to prevent hijacking.
• The FCC is pushing for the implementation of RPKI-based security to address BGP vulnerabilities.

US broadband providers will soon have to provide proof to the FCC that they are taking steps to prevent Border Gateway Protocol (BGP) hijacking. The FCC has approved a notice of proposed rulemaking that will require internet service providers to prepare, and annually update, a confidential BGP security risk management plan. BGP is a protocol that establishes traffic routes between systems on the internet but was not designed with security in mind. Rogue or bungling network administrators can maliciously or accidentally redirect traffic through BGP hijacking.

The FCC wants to see movement towards implementing Resource Public Key Infrastructure (RPKI) to prevent route leaks and BGP hijacking. Larger ISPs will have to file confidential reports annually and quarterly public statements. Smaller ISPs do not have to file regular BGP security plans with the FCC but must submit details if asked. Companies and individuals can submit public comments on the proposal before it is finalized.

Commissioner Geoffrey Starks emphasized that the FCC’s actions are part of a multi-pronged government approach to securing the internet and are in line with national cybersecurity strategy goals.

“`