On June 7, 2024, the Federal Communications Commission released a Notice of Proposed Rulemaking (“NPRM”), which was adopted at their June Open Meeting, addressing forthcoming steps applicable to broadband Internet access service (“BIAS”) providers to strengthen the security of the routing system for the Border Gateway Protocol (“BGP”). The NPRM proposes that service providers prepare and update confidential BGP security risk management plans (“BGP Plans”) at least once annually. Comments are due 30 days after publication in the Federal Register and reply comments are due 45 days after publication in the Federal Register.
BGP Plans would describe the specific efforts a service provider has taken or will take to secure its BGP routing architecture using available methods, such as Resource Public Key Infrastructure (“RPKI”). BGP Plans are proposed to include the service provider’s plans for Route Origin Authorization (“ROA”) registration and maintenance, and the status and plans for deployment of Route Origin Validation (“ROV”). The FCC proposes to require only a select number of the largest service providers to file their BGP Plans with the FCC, while the remaining service providers must have theirs available upon request. The proposed list of providers who must submit their Plans to the FCC are: AT&T, Inc.; Altice USA; Charter Communications; Comcast Corporation; Cox Communications, Inc.; Lumen Technologies, Inc.; T-Mobile USA, Inc.; Telephone & Data Systems (including US Cellular); and Verizon Communications, Inc. In addition to creation of BGP Plans, the FCC proposes that service providers report selected data related to measuring progress of RPKI deployment quarterly.
Among other things, the NPRM seeks comment on how to address providers who cannot register ROAs for the implementation of RPKI, additional service providers who should be included in the proceeding, how to choose which service providers should be required to submit their BGP Plans, what information should be included in the BGP Plans, and how they should be evaluated. Additionally, the FCC seeks comment on other ways to promote the deployment of RPKI-based routing security.
Please Contact Us if you have any questions.