Securing internet amid the risk of cyberwarfare
In 1989, three engineers came up with a short-term solution to fix internet routing issues. They drew it up on two napkins over lunch. Thirty-two years later, their “two-napkin solution” is still used for global internet routing. However, the solution is vulnerable to hacking and hijacking. With escalating concerns over cyber risk and warfare, an inquiry has been launched to fix it. Let’s have a look.
This was the beginning of the Border Gateway Protocol (BGP). It provides a way for independently managed networks on the internet to exchange routing and reachability information among border gateways. From these humble beginnings, the idea made its way to RFC 1105 and deployment across the internet.
Vulnerabilities
BGP is vulnerable to bad actors who use it to advertise shorter routes to internet destinations. Other border control gateways alter routing information to the destination specified by the bad actor. Internet traffic is hijacked.
The IETF calls this a route leak. Other terms for this are BGP hijacking and route hijacking.
There have been many notable BGP hijacking incidents. Some were mistakes, like when Pakistan Telecom attempted to block YouTube in Pakistan but accidentally brought it down worldwide. Others diverted internet traffic for nefarious purposes, like the recent theft of $1.9 million in cryptocurrency.
BGP security
A common suggestion to prevent BGP hijacking is to use digital certificates to sign and authenticate BGP routing and discovery announcements. Why hasn’t this happened yet?
This isn’t a technology problem. This is a problem with economic incentives. It’s difficult to cost justify upgrades to provide cryptographic security.
BGP hijacking is now seen as an international security threat. In the current environment, this has drawn new interest in fixing this problem.
FCC launches BGP inquiry
On February 28, 2022, FCC Chair Rosenworcel launched an inquiry to reduce cyber risks.
In this notice of inquiry, the Commission requests comments on the following:
- Specific IETF proposals to secure BGP
- Why hasn’t cryptographic security been deployed?
- Do best practice standards help? Should more be done?
- Costs and benefits of implementing security measures?
- What should the Commission’s role be?
Comments are due 30 days after the publication of this notice of inquiry in the Federal Register.
TransNexus solutions
TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.
Contact us today to learn more.
Protect your network from Telephony Denial-of-Service (TDoS) attacks.
Learn more about TDoS prevention