The Federal Communications Commission will vote Thursday on advancing a proposal to improve security for a key component of the modern Internet, a rule that eases some — but not all — of the criticism of the agency’s previously announced plans to strengthen Border Gate Protocol. .
Under the proposed rule, broadband Internet providers would have to develop and maintain secure Internet routing plans. The nine largest providers will be required to file quarterly reports with the FCC about their efforts.
“Whether you’re banking online, using telemedicine to see the doctor, or attending school remotely, you rely on a set of technical rules called the Border Gateway Protocol (BGP) to route your data efficiently ,” FCC Chair Jessica Rosenworcel said in May. when announcing the rule. “This protocol is designed for purpose, not security. Therefore, it lacks clear security features, which has allowed criminals to ‘hijack’ Internet traffic.”
If the FCC votes to approve the Notice of Proposed Rulemaking, it would move the rule one step closer to final approval by opening it up to public comment. To argue for strengthening BGP’s security, the announcement cites an incident in which attackers used BGP hijacking to steal cryptocurrency and another in which Russian network operators allegedly exploited a BGP vulnerability to disrupt financial services prior to the invasion of Ukraine. .
The telecommunications industry and some groups working toward a secure and open Internet had raised concerns both when the FCC first floated the idea of BGP security regulations in 2022 and again when the commission resurfaced the notion during the debate over restoring net neutrality rules. . Those concerns included fears that the FCC’s then-unclear deliberations would lead to overly prescriptive regulations that could trigger conflicting proposals from other nations.
The nonprofit Global Cyber Alliance, whose partners include a who’s who of major tech companies, wrote to the FCC in April, along with the nonprofit Internet Society, about these concerns. But the Notice of Proposed Rulemaking (NPRM) that laid out the specifics assuaged some of the concerns of the Global Cyber Alliance.
“Acknowledging that progress on Internet infrastructure improvements can seem icy at times, it seemed like the FCC might be ready for something more definite in terms of routing infrastructure requirements,” said Leslie Daigle, chief technical and director of the Internet Integrity Program. in the alliance. “To the extent that the NPRM is supporting the direction the industry is already going, by setting some targets and focusing on explanations when companies do not meet them, it mitigates the main concerns expressed in our filing.”
The Internet Society, an advocacy group that works to support Internet infrastructure and has the backing of major technology companies, also saw improvements in the FCC’s proposal, but not enough to support the measure.
“We appreciate that the Commission took a lighter initial approach to BGP security than they had suggested in their Open Internet Order, but the entire timeline of the NPRM leans heavily toward more top-down regulation,” said John Morris and Ryan Polk of the Internet Society. in a statement. “This includes problematic regulatory ideas that threaten to undermine pre-existing global multi-stakeholder processes relevant to the Internet.”
In Morris and Polk’s view, the FCC’s proposal, “seems to demonstrate a lack of understanding of multi-stakeholder governance of the Internet, and we hope that the Commission will tread carefully in this space moving forward.”
NCTA, which represents the broadband and cable television industries, is also seeking changes to the BGP proposal. The trade group wants the FCC to drop quarterly reporting requirements once providers reach a high level of secure deployment.
Doing so “would reduce compliance costs and burdens on those companies that are best helping to achieve the Commission’s goals and would free up significant resources for those providers to continue other efforts to enhance security for customers.” them,” and would provide incentives for providers to move quickly, the group wrote last month. Ultimately, NCTA members “believe that prescriptive rules are not necessary in this area,” he wrote.
The FCC proposal, however, is a positive response to some industry feedback, said Daigle of the Global Cyber Alliance, whose organization is the formal sponsoring organization for a voluntary BGP security initiative. It’s “a good signal to the industry that the FCC is serious about looking at improvements in roadway infrastructure safety, leaving considerable latitude to the industry to determine how best to do that,” she said.
#FCC #voted #rules #secure #basic #component #Internet
Image Source : cyberscoop.com