FCC Chairwoman Jessica Rosenworcel has asked the Commission to consider examining vulnerabilities of the Internet’s global routing system as a result of potential risks to cybersecurity stemming from the Russia-Ukraine conflict.
If Rosenworcel’s proposal is adopted by a vote of the full Commission as a Notice of Inquiry, the FCC would seek comment on vulnerabilities threatening the security and integrity of the Border Gateway Protocol (BGP), which is central to the Internet’s global routing system.
“BGP is the routing protocol used to exchange reachability information among independently managed networks on the Internet,” the FCC explains in a press release. “BGP’s initial design, still widely deployed today, does not include explicit security features to ensure trust in this exchanged information.”
That means a hacker may deliberately falsify BGP reachability information to redirect traffic. Such hijacks can “expose Americans’ personal information, enable theft, extortion and state-level espionage, and disrupt otherwise-secure transactions,” the FCC said in the press release about cybersecurity and the Ukraine conflict, also noting that Russian network operators have been suspected of exploiting BGP’s vulnerability to hijacking in the past.
The Notice would also look at the impact of these vulnerabilities on the transmission of data through bank transactions, e-commerce, email, interconnected Voice-over Internet Protocol (VoIP), and 911 calls—and how best to address these potential threats.
The FCC noted in the that it has urged the communications indsutry “to defend against cyber threats, while also taking measures to reinforce the nation’s readiness and to strengthen the cybersecurity of vital communications services and infrastructure, especially in light of Russia’s actions inside of Ukraine.”
Chairwoman Rosenworcel also recently shared a Notice of Proposed Rulemaking that would begin the process of strengthening rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI).
Last month, Vint Cerf, who many consider to be the “father” of the Internet, recommended that a portion of broadband funding be used to help strengthen cybersecurity.