AT&T, Verizon, Lumen propose 'strike force' for Internet security
Three of the largest telecom network operators in the US – AT&T, Verizon and Lumen Technologies – teamed up to urge federal regulators to create a "strike force" that would focus on Internet protocol (IP) security.
Representatives from the companies told the FCC in a recent meeting that the effort should include "a broad collection of government and industry stakeholders" to coordinate "routing security practices among critical infrastructure entities in the United States and its allies."
The companies made the pitch to the FCC as the agency works to address weaknesses in Border Gateway Protocol (BGP) technology, which is a basic routing protocol used to exchange information among various networks on the Internet. The FCC began looking into the issue shortly after Russia invaded Ukraine. Russia reportedly has used BGP hacks against a number of targets including a Ukrainian bank.
The FCC's investigation into BGP security has generated plenty of debate about the best way to improve US Internet security. Last week, top executives from Lumen, AT&T and Verizon met with one of FCC Chairwoman Jessica Rosenworcel's top advisers to outline their proposals.
"Participants in the meeting discussed possible ideas for government and industry action," the companies wrote in an FCC filing. One of their suggestions is "an Internet protocol 'strike force' that would include a broad collection of government and industry stakeholders."
Assembling a team
In the filing, the companies explained what they have in mind: "The FCC could help convene an effort to coordinate key US government agencies and other relevant stakeholders, including industry entities that do not traditionally engage with the FCC. Such an effort would bring to the table a wide variety of key stakeholders and lead to significant new concrete policy mechanisms and operational partnerships regarding a wide variety of internet protocol considerations, including BGP."
The companies explained that the strike force should include large US Internet service providers (ISPs) and government agencies, as well as cloud providers, Internet exchange providers, large enterprises, standards bodies, the Internet Corporation for Assigned Names and Numbers (ICANN), "and other pertinent entities."
The companies wrote that the effort should start with "a targeted focus on promoting the routing security practices among critical infrastructure entities in the United States and its allies to allow for ISPs to protect these entities' routing security via filtering. For instance, a broad stakeholder information collection based on sound measurement methodologies, along with further coordinated joint agency initiatives, could encourage all entities to register route origin authorizations (ROAs)."
They added that the effort could also work with US allies on an international level.
"Finally, this initiative could also develop cost-benefit analyses for various approaches for local and/or regional ISPs and other smaller stakeholders in the global internet ecosystem," the companies wrote.
A complex issue
The strike force was one of several suggestions outlined by AT&T, Verizon and Lumen. The companies also urged FCC officials to create a "confidential reporting" mechanism that would allow ISPs, government agencies and others to share information related to the topic.
Further, the companies urged regulators to avoid heavy-handed government mandates on Internet security. They also emphasized that any solution must be flexible in order to work across hundreds of national, regional and local network operators in the US and elsewhere.
Finally, the companies also cautioned against security protocols that run against international telecommunications standards developed by standards bodies such as the Internet Engineering Task Force (IETF) or the International Telecommunication Union (ITU).
"This would create barriers to US leadership in the global digital economy and US national security and is directly contrary to core interests of the United States and our free market democratic allies," they argued.
The companies concluded: "Participants stated that their organizations want to work with the US government, including the FCC, to meaningfully address this challenge. Routing security is essential to ISPs' future, and these organizations recognize the global imperative to reduce the risk of BGP vulnerabilities in a time of war and unprecedented cybercrime and cyber espionage."
- Feds push for BGP security updates, but ISPs balk at mandates
- 5G security suffering from too many cooks in the kitchen
- Dish's 5G sales pitch thickens around security
— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano