FCC Proposes Internet Routing Security Reporting Requirements

The Federal Communications Commission proposed action to help protect America’s communications networks against cyberattacks by improving internet routing security. The proposal would require broadband providers to create confidential reports on the steps they have taken, and plan to undertake, to mitigate vulnerabilities in the Border Gateway Protocol (BGP), the technical protocol used to route information across the internet. The nation’s largest broadband providers would also be required to file specific public data on a quarterly basis demonstrating their BGP risk mitigation progress. The proposal would promote more secure internet routing and provide the FCC and its national security partners with up-to-date information on this critical issue. The Notice of Proposed Rulemaking proposing that:

• Broadband internet access service providers prepare and update confidential BGP security risk management plans at least annually. These plans would detail their progress and plans for implementing BGP security measures that utilize the Resource Public Key Infrastructure (RPKI), a critical component of BGP security.
• The nine largest broadband providers file their BGP plans confidentially with the FCC as well as file quarterly data available to the public that would allow the Commission to measure progress in the implementation of RPKI-based security measures and assess the reasonableness of the BGP plans. These large providers would not have to file subsequent detailed plans with the FCC if they met a certain security threshold.
• Smaller broadband providers would not be required to file their plans with the Commission but rather make them available to the FCC upon request.