The White House’s cybersecurity office has issued a call to network operators to take action in securing the Border Gateway Protocol (BGP)—a critical yet vulnerable technology responsible for routing internet traffic. The Office of the National Cyber Director (ONCD) highlighted the importance of addressing BGP security issues, some of which have persisted for over 25 years.
In a new set of guidelines released Tuesday, ONCD warned that BGP lacks the necessary security and resilience features required to counter modern cyber threats. This echoes concerns raised by cybersecurity experts, technology companies, and federal agencies alike.
BGP serves as the system that allows networks to communicate routing information, such as which internet addresses are actively accepting traffic. It plays a key role in keeping the internet functioning, whether it’s enabling mobile wireless networks to exchange traffic with cloud resources or connecting residential broadband networks to the global web.
Vulnerabilities of BGP: A Risk to Internet Security
Without proper security measures, BGP is susceptible to dangerous exploits that could enable a range of cybercrimes, including cryptocurrency theft, malware distribution, and privacy breaches. The ONCD’s roadmap for securing BGP highlights the importance of adopting Resource Public Key Infrastructure (RPKI), a digital certification system managed by the world’s five Regional Internet Registries (RIRs). These registries control essential internet resources, including IP addresses.
By utilizing RPKI, network operators can deploy technologies like Route Origin Validation (ROV) and Route Origin Authorization (ROA), which work together to verify the legitimacy of internet addresses and ensure they are reachable. Despite being widely available and commercially viable, many networks have yet to implement these solutions.
A ‘Hard Problem’ with a Roadmap for Progress
The ONCD acknowledged that securing BGP is a “hard problem.” The 19-page guidance issued on Tuesday provides an in-depth explanation of how BGP functions and why it remains vulnerable. Federal networks, for example, have not fully implemented ROA security measures. However, the government is working towards progress, with plans for over 60% of the federal government’s IP space to have ROAs in place by the end of the year.
In a broader effort to tackle this issue, ONCD announced the formation of a new Internet Routing Security Working Group, which will collaborate with the Cybersecurity and Infrastructure Security Agency (CISA) and key industry partners. The group aims to address the threats posed by BGP vulnerabilities.
The Consequences of BGP Hijacking
BGP hijacking occurs when attackers manipulate the protocol to reroute internet traffic, potentially directing users to malicious websites where data and cryptocurrency theft can occur. These attacks can also facilitate distributed denial-of-service (DDoS) incidents or disrupt telecommunications services, leading to widespread outages and significant damage.
As cyber threats continue to evolve, securing BGP is not just a technical challenge but a critical national security issue. The White House and ONCD are urging network operators to adopt these available technologies to strengthen the internet’s infrastructure and reduce the risks associated with BGP exploitation.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
