October 13, 2024

Free Your Rive

Building Bridges to the Digital Age

White House calls attention to ‘hard problem’ of securing internet traffic routing

White House calls attention to ‘hard problem’ of securing internet traffic routing

Network operators should consider using the readily available options for protecting a crucial but vulnerable technology that routes internet traffic, the White House’s cybersecurity office said Tuesday, noting that some concerns stretch back 25 years.

The new guidance on securing the Border Gateway Protocol (BGP) says the technology “does not provide adequate security and resilience features for the risks we currently face,” echoing assessments by cybersecurity experts, tech companies and other federal agencies. 

Networks use BGP to communicate routing information — such as the internet addresses that are currently accepting traffic — with other networks. A mobile wireless network, for example, would use BGP when exchanging internet traffic with a cloud resource or a residential broadband network.

Without adjustments, BGP is exposed to exploits that “enable cryptocurrency theft and malware distribution” as well as operations that “compromise privacy or censor individual communications,” ONCD said. 

The ONCD’s roadmap calls for network operators to adopt Resource Public Key Infrastructure (RPKI) if they have not already. RPKI involves digital certificates managed by the world’s five Regional Internet Registries, which control resources such as IP addresses.

Using RPKI allows network operators to adopt “widely and commercially available” technologies known as Route Origin Validation (ROV) and Route Origin Authorization (ROA), which essentially work together to help networks verify which internet addresses are reachable.

The office called securing BGP a “hard problem,” and the 19-page guidance issued Tuesday spends several pages explaining how the protocol works. Federal networks themselves have not fully implemented ROAs, the ONCD said, noting that the government is trying to make progress on it. By the end of the year “over 60% of the Federal government’s advertised IP space” will have the necessary features to put ROAs in place, the agency said.

ONCD said it will lead a new Internet Routing Security Working Group that will include the federal Cybersecurity and Infrastructure Security Agency (CISA) as well as industry partners.

Hijacking BGP allows attackers to reroute internet users to malicious sites, where they are potentially exposed to theft of cryptocurrency or data. Other abuses of BGP can facilitate the junk traffic of distributed denial-of-service (DDoS) incidents or disrupt telecommunications services. 

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

link

Copyright © All rights reserved. | Newsphere by AF themes.