TLDR: The cable industry is paving the way for safer internet routing

The cable industry, including CableLabs, NCTA – The Internet & Television Association, and a group of cable operators, has introduced a new framework for internet routing security. The framework, called the Routing Security Profile (RSP), provides best practices for routing protocols like the Border Gateway Protocol (BGP) and outlines other technologies and techniques used for routing. CableLabs developed the RSP with input from various cable operators. The next step is to engage with the broader internet community to further advance the document.

Key Points:

• The cable industry introduces the Routing Security Profile (RSP), a guide to best practices for routing protocols like BGP.
• The RSP is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and will continue to evolve.
• The cable industry has been working on improving routing security for years, with efforts from the FCC and other government entities.
• Cable operators are advocating for the use of resource public key infrastructure (RPKI) as a critical tool for securing internet routing infrastructure.
• The Biden administration recognizes routing security as a key piece of the national cybersecurity strategy, but the federal government lags in the adoption of secure routing technologies.

Summary:

The cable industry, represented by CableLabs, NCTA – The Internet & Television Association, and several cable operators, has unveiled a new framework for internet routing security. The framework, known as the Routing Security Profile (RSP), aims to address the imperfections and vulnerabilities in internet routing, particularly with the Border Gateway Protocol (BGP). The RSP provides best practices for routing protocols, including BGP, and outlines other technologies and techniques used for routing, such as internet routing registries (IRRs) and resource public key infrastructure (RPKI).

CableLabs developed the RSP in collaboration with cable operators like Armstrong Cable, Charter Communications, Comcast, Cox Communications, and Liberty Global, among others. Mark Walker, CableLabs VP of technology policy, emphasized that the RSP is just a starting point and that the industry will continue to work with the broader internet community to further improve and evolve the document.

The RSP aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which calls for the industry to submit examples of profiles mapped to the framework. This alignment ensures that the RSP follows recognized cybersecurity standards and keeps pace with a constantly changing threat landscape.

The cable industry has long been committed to enhancing routing security standards. In 2022, the Federal Communications Commission (FCC) initiated a review of internet routing security, and the U.S. Departments of Defense and Justice urged the FCC to implement unified standards to bolster routing security. The cable industry’s focus on securing routing infrastructure is evident in its advocacy for the use of resource public key infrastructure (RPKI).

RPKI, a public infrastructure framework, connects Internet number resource information to a trust anchor. It allows network operators to distinguish valid routing announcements from invalid ones, ensuring traffic is routed as intended. Comcast Engineering fellow Tony Tauber emphasized the importance of RPKI and noted that NTCA brought together cable operators to develop recommendations for deploying RPKI. The Routing Security Profile serves as another opportunity to improve the state of play and make all networks better.

The adoption of secure routing technologies, including RPKI, is crucial for safeguarding critical services. However, Deputy Assistant for the National Cyber Director Brian Scott highlighted that the federal government lags behind in the adoption of such technologies. The Biden administration recognizes routing security as a key piece of the national cybersecurity strategy and is working towards the adoption of secure routing technologies.