In light of Russia’s attack on the Ukraine, FCC Chair Jessica Rosenworcel has proposed action to help protect America’s communications networks guard against cyberattacks. Earlier in the week, the Department of Homeland Security warned U.S. organizations at all levels that they could face cyber threats stemming from the Russia–Ukraine conflict; the FCC said Rosenworcel’s proposal would begin an inquiry into the vulnerabilities of the internet’s global routing system.
If adopted by a vote of the full commission, the Notice of Inquiry would seek public comment on vulnerabilities threatening the security and integrity of the Border Gateway Protocol (BGP), which the FCC says is central to the internet’s global routing system. The inquiry would also examine the impact these vulnerabilities would have on the transmission of data through email, e-commerce, bank transactions, interconnected voice-over-internet protocol (VoIP), and 911 calls — and how best to address these challenges.
BGP is the routing protocol used to exchange reachability information among independently managed networks on the Internet. BGP’s initial design, which remains widely deployed today, does not include explicit security features to ensure trust in this exchanged information.
As a result, the FCC said, a bad network actor may deliberately falsify BGP reachability information to redirect traffic. Russian network operators have been suspected of exploiting BGP’s vulnerability to hijacking in the past. “BGP hijacks” can expose Americans’ personal information, enable theft, extortion, and state-level espionage, and disrupt otherwise-secure transactions.
Working with its federal partners, the commission has urged the communications sector to defend against cyber threats, while also taking measures to reinforce the nation’s readiness and to strengthen the cybersecurity of vital communications services and infrastructure, especially in light of Russia’s actions inside of Ukraine.
Rosenworcel also recently shared with her colleagues a Notice of Proposed Rulemaking that would begin the process of strengthening the commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The inquiry under consideration would build on those efforts, the FCC said.