The White House recently released its National Cybersecurity Strategy Implementation Plan, a follow-up to the Administration’s National Cybersecurity Strategy, setting forth a wide range of government initiatives to bolster the nation’s cybersecurity. One of its key strategic goals is to develop a roadmap to “drive secure internet routing” technology through an inter-agency effort in collaboration with ISPs, cloud providers, and other key entities.
The cable industry is an internet routing security leader. As the nation’s primary broadband service providers, NCTA members work every day to detect, prevent, and mitigate cybersecurity threats to minimize their impact on broadband networks and customers. With hundreds of millions of devices connected to cable’s broadband networks, cable providers have invested in cybersecurity to stay ahead of emerging threats.
For well over a decade, cable’s significant efforts have included:
- Development of consensus-based internet routing security standards
- Funding of associated open-source software to enable deployment
- Implementing secure routing best practices, including co-founding what is now the Mutually Agreed Norms for Routing Security (MANRS) initiative
- Participating in the FCC’s Communications Security, Reliability, and Interoperability Council reports on best practices to mitigate cybersecurity risks in IP-based protocols
In addition, major cable ISPs have implemented key security measures:
- Filtering customer routes in the Border Gateway Protocol (BGP)
- Using the Resource Public Key Infrastructure (RPKI) for both signing address spaces (Route Origin Authorizations or ROAs) and validating routes (Route Origin Validations or ROVs)
- Source address validation (SAV)
- Anti-distributed denial of service attack (DDoS) tools
Last year, CableLabs, the industry’s research and development consortium, published a guide and other resources for deploying RPKI to assist network operators that are seeking to upgrade their routing security tools.
And NCTA members had leadership roles in the development of the recent Security of the Internet’s Routing Infrastructure paper by the Broadband Internet Technical Advisory Group, known as BITAG. Finally, Comcast has funded open-source software projects and other research projects concerning routing security over the years via the Comcast Innovation Fund.
The cable industry also has worked closely with NIST in a years-long lead-up to publication of the Cybersecurity Framework 2.0 (CSF), which is expected at the end of this year. The CSF provides comprehensive guidance to organizations to evaluate their cyber readiness and implement effective cyber defense and risk management tools, techniques, and processes.
In response to NIST’s call to action in its CSF 2.0 Concept Paper, NCTA and CableLabs are working to jointly develop and publicly share a NIST CSF “Profile for Routing Security” which can:
- Serve as a roadmap for improving the cybersecurity of the internet’s routing system for the communications sector, especially smaller network operators
- Support funding requests for federal grants and assistance to meet required compliance with NIST cybersecurity standards, such as under NTIA’s Broadband Equity, Access and Deployment (BEAD) program
- Assist with investments and next steps in peering arrangements and long-term resilience
- Raise awareness of the importance of detecting and deterring route hijacks, particularly among smaller and non-ISP networks
The inter-dependent and global nature of the internet requires a combination of security techniques and collective action by a range of actors. The cable industry is playing a significant role and remains committed to leading the way toward a more secure internet ecosystem, including working with the National Cyber Director, the FCC, and other federal agencies in a whole-of-government approach to improving secure internet routing and other security objectives.