5 Reasons Regulating Border Gateway Protocol (BGP) Won’t Actually Help Improve Routing Security

Earlier this month, the United States Federal Communications Commission (FCC) released a draft Declaratory Ruling and Order in the Open Internet Proceeding. Among its 435 pages, the FCC implies its intention to regulate Border Gateway Protocol (BGP) routing security. 

The Global Cyber Alliance strongly disagrees with the idea of regulating BGP security for five key reasons, as outlined in the formal comments submitted with our partner, the Internet Society. As stated in the filing:

  1. The United States Internet networks operated by the private sector have made and are continuing to make tremendous strides in improving network security, making a Commission routing security mandate unnecessary. 
  2. A Commission mandate would certainly slow down current progress on routing security during the pendency of the proceeding and any subsequent legal challenges. 
  3. If the Commission were to finalize mandates of routing security actions, networks in the United States would likely then lag behind the global best security practices, which evolve and improve much faster than regulations. 
  4. Depending on the scope of the Commission’s mandates, routing regulations could harm the ability of small providers to operate, and lead to network consolidation or lack of access in rural areas. 
  5. Internationally, if the Commission imposes mandated steps on routing security, a range of other countries could follow that example and impose possibly differing and conflicting standards. Having a diversity of global routing security requirements would most likely degrade security and interoperability on the Internet.

Routing security – like so many of the technical issues facing the Internet – is a team sport. Our Internet Integrity Program brings together key players in Internet infrastructure operations and other stakeholders to identify top priorities for addressing cybersecurity issues that cannot be solved by any single actor or subset of actors independently.

As part of this work, we’re proud to be the secretariat of Mutually Agreed Norms for Routing Security (MANRS), a ten-year-old global initiative to support the deployment of routing security best practices. We fully believe in the ability of the international community of network operators to work in a coordinated and collaborative way to continue improving routing security practices. 

There is no single entity that can “lay down the law” for the Internet and its use. Better coordination of discussions and practices, along with collaboration between stakeholders in the Internet ecosystem and beyond, is necessary to ensure a fully functional — and safer — Internet of the future. Collaboration is the way forward, not regulation.