Federal agencies must boost internet routing security, China can divert traffic

The White House said on Tuesday it wants federal agencies to boost internet routing security on networks in the face of concerns raised by US officials about China’s ability to divert internet traffic.

The White House Office of the National Cyber Director in a report outlined a series of efforts aimed at addressing a key security vulnerability associated with the Border Gateway Protocol, or BGP, which is central to the internet’s global information routing system.

The office said federal agencies should implement routing security on their networks and seeks to require U.S government-contracted service providers to deploy current commercially viable internet routing security technologies.

“Traffic can be inadvertently or purposely diverted, which may expose personal information; enable theft, extortion, and state-level espionage; disrupt security-critical transactions; and disrupt critical infrastructure operations,” the report said.

The internet consists of more than 70,000 interconnected networks and BGP is used to exchange information to route traffic.

The White House report said the BGP’s “original design properties do not adequately address the threat to and resilience requirements of today’s internet ecosystem.”

In June, the Federal Communications Commission advanced a proposal to boost BGP security after US agencies said China Telecom used BGP vulnerabilities “to misroute United States internet traffic on at least six occasions.”

The Defense and Justice Departments said BGP provided China “with opportunities to disrupt, capture, examine, and alter US traffic.”

FCC Chair Jessica Rosenworcel said in June “these ‘BGP hijacks’ can expose personal information, enable theft, extortion, and state-level espionage.”

In April, the FCC said it was ordering the US units of China Telecom, China Unicom, China Mobile, and Chinese telecommunications company Pacific Networks and its wholly owned subsidiary ComNet to discontinue fixed or mobile US broadband internet operations.

The commission previously had barred the Chinese companies from providing telecommunications services, cited national security concerns.

The FCC earlier barred approvals of new telecommunications equipment from China’s Huawei Technologies and ZTE, saying they pose “an unacceptable risk” to US national security. Reuters