The commission adopted plans for an inquiry that FCC Chairwoman Jessica Rosenworcel floated three days earlier to examine risks faced by the worldwide network. Rosenworcel proposed the investigation after the U.S. Department of Homeland Security warned that U.S. organizations at all levels could face cyber threats as Russia seeks to counter American support for Ukraine, which has also reportedly been a target of cyberattacks.
Monday's unanimous adoption of the FCC notice of inquiry solicits public comment on vulnerabilities threatening the security and integrity of the Border Gateway Protocol, or BGP, a crucial system for routing internet traffic.
Also, the FCC wants to scrutinize how security risks could affect data transmission through email, e-commerce, bank transactions, Voice over Internet Protocol and 911, and how to tackle any challenges that are identified.
"The commission, in tandem with its federal partners, has urged the communications sector to defend against cyber threats, while also taking measures to reinforce our nation's readiness and to strengthen the cybersecurity of vital communications services and infrastructure, especially in light of Russia's escalating actions inside of Ukraine," the FCC said in the notice. "Today, we build on those efforts."
The FCC will be seeking comment for up to 30 days from the notice's publication in the Federal Register, with replies due 30 days after that.
The agency described BGP as the routing protocol used to exchange reachability information among independently managed networks on the internet.
"BGP's initial design, which remains widely deployed today, does not include explicit security features to ensure trust in this exchanged information," the commission said in a Friday statement. "As a result, a bad network actor may deliberately falsify BGP reachability information to redirect traffic."
According to the FCC, Russian network operators have been suspected of exploiting BGP's vulnerability to hijacking in the past. These "hijacks" can expose Americans' personal information, enable theft, extortion, and state-level espionage, and disrupt otherwise secure transactions, the agency said.
FCC staff declined to comment Monday beyond the commission's written statements.
Rosenworcel also recently shared with fellow commissioners a proposed rule to begin the process of strengthening federal regulations for notifying customers and federal law enforcement of breaches of customer proprietary network information.
The possibility of Russia stepping up its cyberattack campaigns by targeting U.S. interests is increasingly a subject of congressional attention. Rep. Doris Matsui, D-Calif., vice chair of the communications panel of the House Energy and Commerce Committee, told Law360 on Monday that lawmakers would receive a briefing later in the day on the cyberattack threat.
Matsui said Russia could be overestimating how advanced its cyberattack capabilities are, but that the U.S. needs to stay guarded.
"They are not as far along as they think they are," she said, but "basically now everybody knows that we have to be very much in a frontal position as far as what we can do, what we might have to do."
"The focus is obviously in Ukraine, but we're not losing our focus for what could happen here, too," she said following an event at the National Association of Broadcasters' State Leadership Conference.
--Editing by Ellen Johnson.
For a reprint of this article, please contact reprints@law360.com.
