White House Pushes for Enhanced Internet Routing Security Amid China Concerns
The US government is urging federal agencies to improve internet routing security, addressing vulnerabilities in the Border Gateway Protocol. This move comes amid concerns about China's potential to divert internet traffic.
The White House has initiated a campaign to strengthen internet routing security across federal agencies, addressing vulnerabilities in the Border Gateway Protocol (BGP). This move comes in response to growing concerns about potential threats to national security, particularly from China.
BGP, introduced in 1989, serves as the "postal service of the internet," facilitating traffic routing among over 70,000 autonomous systems. However, its design, originally intended for a much smaller internet, relies heavily on trust between network operators, making it susceptible to both unintentional and malicious hijacking.
The White House Office of the National Cyber Director has outlined several measures to address these vulnerabilities:
- Federal agencies must implement routing security on their networks
- Government-contracted service providers are required to deploy current commercially viable internet routing security technologies
These steps aim to mitigate risks associated with BGP vulnerabilities, which can lead to:
- Exposure of personal information
- Theft and extortion
- State-level espionage
- Disruption of critical infrastructure operations
The Federal Communications Commission (FCC) has also been actively involved in addressing these concerns. In June 2024, the FCC advanced a proposal to enhance BGP security, following reports that China Telecom had exploited BGP vulnerabilities to misroute U.S. internet traffic on at least six occasions.
Jessica Rosenworcel, FCC Chair, emphasized the potential consequences of BGP hijacks, including the exposure of personal information and facilitation of various cyber threats.
In a series of actions targeting Chinese telecommunications companies, the FCC has:
- Ordered U.S. units of China Telecom, China Unicom, China Mobile, Pacific Networks, and its subsidiary ComNet to discontinue U.S. broadband internet operations
- Barred these companies from providing telecommunications services due to national security concerns
- Prohibited approvals of new telecommunications equipment from Huawei Technologies and ZTE
These measures reflect the broader context of U.S.-China tensions in the technology sector. The U.S. government's "Secure Cloud Business Applications" program and guidelines from the National Institute of Standards and Technology (NIST) further demonstrate the commitment to improving cybersecurity.
As the internet continues to evolve, initiatives like the Mutually Agreed Norms for Routing Security (MANRS) and the implementation of Resource Public Key Infrastructure (RPKI) are becoming increasingly crucial in addressing BGP security challenges.
"These 'BGP hijacks' can expose personal information, enable theft, extortion, and state-level espionage."
The White House's initiative, coupled with the FCC's actions, represents a significant step towards securing the internet's core infrastructure against potential threats, both domestic and foreign.
