The US Federal Communications Commission (FCC) has begun an investigation into security issues related to the Border Gateway Protocol (BGP), a widely used standard for managing communications between large parts of the Internet.

According to the commission’s notification of the initiation, this decision was made in response to “the escalation of Russian actions in Ukraine.”

Check also:

BGP is basically a way to ensure that the independently managed networks that make up the global Internet can communicate with each other. The original draft BGP, which is still widely used according to the Federal Communications Commission, lacks important security features, meaning that simply by misconfiguring their BGP information, a bad entity can redirect their Internet traffic to wherever it sees fit. This could allow an attacker to send incorrect information to their target, read or hack login credentials, or simply disrupt any type of traffic.

The FCC says the potential consequences of a BGP hack are very serious, noting that such an attack could affect critical infrastructure such as financial markets, transportation and utilities.

There is a security framework for the BGP — the Internet Engineering Task Force and the National Institute of Standards and Technology have created several standards to make BGP more secure, as well as other projects to make it happen — but the FCC said that many networks have not taken advantage of this feature of them and it remains vulnerable.

Accordingly, the commission’s study has several goals, including identifying the potential harm that may arise from malicious attacks on BGP, ways to monitor BGP attacks, and any possible means to speed up the implementation of BGP security standards.

The FCC is investigating BGP vulnerabilities in light of the threat posed by Russian hackers

The Basic Internet Routing Protocol is at the center of the FCC’s focus regarding potential Internet threats from government entities such as Russia.

“Maintaining the continued leadership of the United States requires exploring opportunities to advance trustworthy innovation for safer communications and critical infrastructure,” the FCC said.

BGP hijackings can happen accidentally rather than maliciously – but either way, the consequences can be far-reaching. One incident in April 2020 saw traffic destined for major internet companies like Google, Facebook and Amazon briefly redirected by Russia’s state-owned internet service provider Rostelecom.

The second “hijacking” in the same month directed traffic to Rostelecom among others, Visa and Mastercard. As part of the Routing Security Agreed Rules Project (MANRS), which is led by the Internet Society, it was found that in 2021 alone, approximately 775 potential BGP hijackings were identified.

“The FCC announcement addresses issues related to the BGP, but also the ecosystem of service providers and network operators. It is seeking feedback on the security measures, controls, and degree of regulatory oversight needed across the ecosystem,” said Jeff Pollard, Vice President and Principal Analyst for Forrester. Entirely for operators and network providers (and beyond). v “This is about finding out what’s new or interesting in BGP, and more about building momentum to make the necessary changes that will make BGP more secure given its importance. He added that the Internet would not work without it.

Source: Enter text to connect Network World here