The FCC has adopted a Notice of Proposed Rulemaking (NPRM) proposing to require broadband internet access service (BIAS) providers to create and submit reports, updated at least annually, on Border Gateway Protocol (BGP) security measures. Due to concern about BGP vulnerabilities, the FCC is proposing to require all BIAS providers to annually file confidential reports on their security risk mitigation measures that utilize Resource Public Key Infrastructure (RPKI). The Commission hopes that this reporting will allow it to more easily track security mitigation measures and the progress of RPKI implementation. Additionally, the nine largest U.S. BIAS providers would be required to file certain risk mitigation data quarterly. These large BIAS providers would be able to reduce their reporting obligations if they demonstrate sufficient security measures.
The FCC seeks comment on these proposals and other RPKI-based security measures. Comments will be due 30 days after Federal Register publication of the NPRM and reply comments will be due 45 days after Federal Register publication.