White House asks agencies to step up internet routing security efforts

By David Shepardson

WASHINGTON (Reuters) – The White House said on Tuesday it wants federal agencies to boost internet routing security on networks in the face of concerns raised by U.S. officials about China’s ability to divert internet traffic.

The White House Office of the National Cyber Director in a report outlined a series of efforts aimed at addressing a key security vulnerability associated with the Border Gateway Protocol, or BGP, which is central to the internet’s global information routing system.

The office said federal agencies should implement routing security on their networks and seeks to require U.S government-contracted service providers to deploy current commercially viable internet routing security technologies.

“Traffic can be inadvertently or purposely diverted, which may expose personal information; enable theft, extortion, and state-level espionage; disrupt security-critical transactions; and disrupt critical infrastructure operations,” the report said.

The internet consists of more than 70,000 interconnected networks and BGP is used to exchange information to route traffic.

The White House report said the BGP’s “original design properties do not adequately address the threat to and resilience requirements of today’s internet ecosystem.”

In June, the Federal Communications Commission advanced a proposal to boost BGP security after U.S. agencies said China Telecom used BGP vulnerabilities “to misroute United States internet traffic on at least six occasions.”

The Defense and Justice Departments said BGP provided China “with opportunities to disrupt, capture, examine, and alter U.S. traffic.”

FCC Chair Jessica Rosenworcel said in June “these ‘BGP hijacks’ can expose personal information, enable theft, extortion, and state-level espionage.”

In April, the FCC said it was ordering the U.S. units of China Telecom, China Unicom, China Mobile, and Chinese telecommunications company Pacific Networks and its wholly owned subsidiary ComNet to discontinue fixed or mobile U.S. broadband internet operations.

The commission previously had barred the Chinese companies from providing telecommunications services, cited national security concerns.

The FCC earlier barred approvals of new telecommunications equipment from China’s Huawei Technologies and ZTE, saying they pose “an unacceptable risk” to U.S. national security.

(Reporting by David Shepardson; editing by Jonathan Oatis)