The US FCC Signals a Dangerous New Course on BGP Security Thumbnail
Securing Border Gateway Protocol (BGP) 18 April 2024

The US FCC Signals a Dangerous New Course on BGP Security

By John MorrisPrincipal, U.S. Internet Policy and Advocacy
Ryan PolkDirector, Internet Policy

The US Federal Communications Commission recently released a draft Declaratory Ruling and Order in the Open Internet Proceeding. However, there is concerning language (paragraph 46) in this ruling that strongly implies the FCC’s intention to regulate border gateway protocol (BGP) routing security. While the FCC’s motives may be well-intentioned, regulating BGP routing security could have a catastrophic impact on the Internet, not just in the United States but globally.

On 17 April 2024, the Internet Society and the Global Cyber Alliance (GCA) sent formal comments to the FCC Commissioners’ key staff members on these issues, recommending strongly against regulating BGP routing security.

A top-down, regulatory approach to routing security from the FCC threatens to:

  • Slow the significant current progress on routing security. The United States has made substantial progress in routing security best practices in recent years, and a Commission mandate could slow down this progress during the rulemaking process and any subsequent legal challenges.
  • Build new barriers to access and competition for small providers. Mandated routing regulations can harm small providers with limited resources, leading to network consolidation, fewer new providers, and significant entry barriers, particularly in rural and tribal areas.
  • Exacerbate Internet fragmentation risks. FCC-mandated routing security measures could prompt other countries to impose conflicting standards, leading to degraded Internet security and interoperability as networks aim to meet different sets of requirements.

After more than a decade of supporting the deployment of routing security best practices through the Mutually Agreed Norms for Routing Security (MANRS) initiative, it has become clear that there is no one-size-fits-all solution for securing such a complex, decentralized global system made up of tens of thousands of individual networks. The most effective approach to improving routing security is through a coordinated, collaborative effort by the global community of network operators. Unfortunately, the FCC’s threatened regulation would severely undermine this effort.

Network operators in the United States and around the world are already making great strides to improve the security of the global routing system. The US Federal Communications Commission should not try to solve a problem that is already being addressed by the broader community.

Image © Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

About Internet Society 11 December 2019

Claudio Jeker Honored by Internet Security Research Group with Radiant Award

This week another Radiant Award has been awarded by the Internet Security Research Group, the folks behind Let’s Encrypt....

IETF 22 March 2019

Internet Resilience Discussions at IETF 104

Let’s look at what’s happening in the Internet Engineering Task Force (IETF) and the upcoming IETF 104 meeting in...

Improving Technical Security 25 February 2019

RIRs Enhance Support for Routing Security

BGP hijacking and route leaks represent significant problems in the global Internet routing systems, along with source address spoofing....