New White House Roadmap Looks to Secure Internet Routing

The White House Tuesday released a plan to secure the Border Gateway Protocol (BGP), the data-routing framework that makes up much of the internet’s data transmission foundation.

The Office of the National Cyber Director revealed the plan as part of the White House’s National Cybersecurity Strategy Implementation Plan to secure the technical foundation of the internet. Called the Roadmap to Enhancing Internet Routing Security, it outlines fixing a key security vulnerability in the internet ecosystem. The original 1989 design properties, initially developed to facilitate quickly transferring data between computers, do not address cybersecurity threats and cyber resilience requirements of the modern internet.

“Internet security is too important to ignore, which is why the federal government is leading by example by pushing for a rapid increase in adoption of BGP security measures by our agencies,” said White House National Cyber Director Harry Coker. “ONCD, along with our public and private sector partners, are guiding a risk-informed path forward toward our communal objective. We aim for this roadmap to mitigate a longstanding vulnerability and lead to a more secure internet that is vital to our national security and the economic prosperity of all Americans.”

Coker expanded on the security concerns connected to the protocol and emphasized the call for the federal government to be leaders in security.

“We’ve had instances where internet traffic has been rerouted accidentally and maliciously by our nation-state actors. This is going to help address that problem,” said Coker during the 2024 Billington Cybersecurity Summit. “It’s certainly not going to fix it all, but this is a case where the federal government is going to lead by example. By the end of this calendar year, we’ll have 60% of our internet space with registered address capabilities.”

The roadmap outlines 18 recommendations that include:

• Instructing the Office of Management and Budget to create guidance for agencies to bring forward security measures soon.
• Directing the State Department to engage international partners.
• Partnering between the government and industry to monitor data moving through networks and build risk management frameworks for network operators.
• Taking the National Institutes of Standards and Technology with coordinating government efforts to “standardize, and foster commercialization” of BGP security.

NIST Director Laurie Locascio highlighted the agency’s role in creating standards for industry operators.

“NIST has a long history of working collaboratively with industry to design, measure, and standardize technologies that make internet protocols more resilient and secure,” said Locascio. “This roadmap establishes a clear plan of action to expedite the adoption of current, commercially viable BGP security technologies while highlighting the need for further research and development of additional solutions.”

ONCD also said Tuesday it is partnering with the Cybersecurity and Infrastructure Security Agency to establish an Internet Routing Security Working Group to develop resources to advance cybersecurity recommendations contained in the roadmap.

“We’re going to have a joint private sector, public sector working group to address a path forward,” Coker said Tuesday.