WASHINGTON - The Department of Commerce's National Telecommunications and Information Administration (NTIA) on Wednesday filed, on behalf of the Biden Administration, in support of the Federal Communications Commission's (FCC) creation of a narrowly tailored Internet routing security reporting requirement.

The United States Government is tackling concerns about routing security through a whole-of-government approach. Misconfigurations of routing information can lead to significant degradation and loss of service.

Route Origin Authorizations (ROAs) are an effective solution against accidental misconfigurations, but misaligned incentives have led to low rates of adoption by certain networks.

"In our increasingly digital world, safety and security must remain a top priority," said U.S. Deputy Secretary of Commerce Don Graves. "The Commerce Department has played a leading role in federal adoption of routing security. It will take all of government, including the FCC, working with industry and other stakeholders to secure our networks. We are proud to support the important steps the FCC is taking to decrease routing incidents."

As the President's principal advisor on telecommunications and information policy, NTIA is charged with developing, coordinating, and presenting Executive Branch views to the FCC.

"The U.S. Government's goal in improving routing security is to reduce routing incidents," said Alan Davidson, Assistant Secretary of Commerce for Communications and Information and NTIA Administrator. "Promoting use of mature routing security solutions is a way of reaching that goal. The FCC's narrowly tailored approach to this problem is designed to make routing security a priority, re-align incentives, and lower barriers to adoption - all while respecting existing multi-stakeholder processes."

The Administration supports FCC adoption of a narrow and appropriately targeted border gateway protocol (BGP) reporting requirement. This requirement can address the misaligned incentives of large Internet service providers with low ROA adoption by prioritizing the creation of ROAs.

The Administration recommends that the FCC's reporting requirement focus on mature routing solutions that are achievable today, and that the agency terminate the requirement when its policy objectives are achieved. The FCC also should rely on publicly available data to analyze the progress of routing security adoption, and refrain from creating a reporting requirement for the data that is already publicly available.

Internet networks exchange routing information following the BGP. They share information that a destination can be found on a specific network, or the route to the network where a destination can be found. Both the information about the destination and the route can be false. The American Registry for Internet Numbers (ARIN) offers Resource Public Key Infrastructure: Route Origin Authorization (ROA). A ROA is a cryptographically verifiable statement that a destination can be found on a specific network. An upstream network can compare a BGP announcement with a ROA in a process known as Route Origin Validation. If the two agree, then the destination announcement is valid. If the BGP announcement is invalid, then it is filtered and is not used to route traffic.

All Internet networks should take steps to secure their routing. The Mutually Agreed Norms of Routing Security (MANRS), a project of the Internet Society and the Global Cyber Alliance, has set four baseline actions that any network provider can affordably take that will substantially improve routing security.

• Prevent propagation of incorrect routing information
• Prevent traffic with spoofed source IP addresses - filtering
• Facilitate global operational communication and coordination
• Facilitate routing information on a global scale - ROA.

As the National Cybersecurity Strategy stated, routing security requires "close collaboration between public and private sectors … to develop and drive adoption of solutions that will improve the security of the Internet ecosystem and support research to understand and address reasons for slow adoption."

###

The National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, is the Executive Branch agency that advises the President on telecommunications and information policy issues. NTIA's programs and policymaking focus largely on expanding broadband Internet access and adoption in America, expanding the use of spectrum by all users, advancing public safety communications, and ensuring that the Internet remains an engine for innovation and economic growth.

Public link

Please use the above public link if you want to share this noodl on another website.