Today, the Justice Department’s National Security Division and the U.S. Department of Defense (DOD) filed a submission with the Federal Communications Commission (FCC) in support of action to improve the security of internet routing.
This submission was filed in connection with an FCC Notice of Inquiry on Secure Internet Routing launched in February and offered in support of the comment previously submitted by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency.
“We applaud the FCC’s decision to launch this inquiry on this important issue,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “We appreciate the opportunity to provide our input on how to address vulnerabilities threatening the security of internet routing.”
According to the filing, known vulnerabilities in the Border Gateway Protocol (BGP), which governs internet traffic routing, continue to put U.S. person and commercial data and communications at risk of theft, espionage and sabotage by foreign adversaries. Though BGP enables network providers to share information about traffic routing so that they can identify the “best” routes for traffic to reach its destination, it does not include any security features. Accordingly, the Justice Department and DOD recommended today that the FCC manage BGP-associated vulnerabilities through a combination of technical security standards and increased transparency.
As an example, BGP vulnerabilities facilitated China Telecom America’s ability to misroute U.S. internet traffic to the People’s Republic of China (PRC), according to Executive Branch recommendations previously filed with the FCC. As an entity under the control of the PRC government, China Telecom’s exploitation of BGP vulnerabilities provided a foreign adversary of the United States with opportunities to disrupt, capture, examine and alter U.S. traffic.
The nation’s longstanding reliance upon voluntary measures to secure sensitive U.S. data may no longer be sufficient to address this vulnerability. As a result, the Justice Department and DOD support FCC’s initiation of a process to better secure BGP, including through technical security and transparency measures that will help safeguard the data and communications that are so central to U.S. national security interests.