Enhancing Federal IP Address Security: National Cyber Director Coker’s Strategy

By the end of the year, over 50% of IP addresses owned and used by federal agencies will have enhanced data routing security measures in place to thwart hackers from hijacking digital pathways into government networks, a White House cyber official announced on Thursday. In a speech delivered at the President’s National Security Telecommunications Advisory Committee Meeting, National Cyber Director Harry Coker emphasized the importance of public-private partnerships in strengthening cybersecurity. He praised the collaborative efforts across sectors that have driven progress in the nation’s cybersecurity posture.

The augmentations involve the Border Gateway Protocol (BGP), a critical data transmission algorithm that determines the optimal path for data packets across networks. National Cyber Director Harry Coker detailed the initiative during a National Security Telecommunications Advisory Committee meeting.

“BGP was first developed in 1989 to facilitate data movement between computers swiftly,” Coker explained. “The protocol essentially helps data find the fastest, least resistant transmission path between point A and point B in a network. However, it was built on the premise that all routed information could be trusted, a completely changed dynamic in 2024.”

Several Commerce Department bureaus recently signed contracts to establish route origin authorizations, which are digital certificates ensuring that a BGP routing pathway originates from a legitimate source. This setup will serve as a model for other agencies to follow in the coming months.

“The internet may have been built on blind trust, but for at least two decades, we’ve known that security remediation is in order,” Coker stated. He highlighted that the enhancement would leverage Resource Public Key Infrastructure (RPKI), an encryption framework that can protect the protocol from attacks like BGP hijacks, where hackers take over groups of IP addresses by sabotaging routing pathways.

Such takeovers could allow malicious attackers to reroute sensitive federal data surreptitiously. Coker cited a 2018 instance where a BGP hijack redirected internet traffic through China, posing significant data security risks.

Hijacking attacks have grown more sophisticated, enabling hackers to compromise other foundational internet protocols, including web infrastructure, to steal account credentials or plant malware used to siphon cryptocurrency. Recent incidents have resulted in millions of dollars in losses.

In response to concerns about potential cyberattacks following Russia’s February 2022 invasion of Ukraine, the Federal Communications Commission initiated a proceeding into BGP. Next month, the agency will vote on requiring major broadband providers to update the commission regularly on their efforts to secure the protocol.

National Cyber Director Coker’s Remarks

Coker addressed three primary challenges: protecting cyber infrastructure in space, strengthening internet routing security, and building a robust cybersecurity workforce.

Space System Cybersecurity

Coker highlighted the complexities of securing space systems, noting that cyberattacks are the preferred method for adversaries targeting these critical assets. The urgency of this challenge was underscored by past incidents, such as the 2022 cyberattack on satellite modems during the Russian invasion of Ukraine.

“We need to ensure that cybersecurity is as core an element of space missions as safety,” Coker said. He emphasized the importance of consistent cybersecurity requirements across federal space missions and the necessity of leading internationally.

Strengthening BGP Security

Coker reiterated the critical role of BGP in the internet ecosystem, binding together over 70,000 independent networks. However, the protocol’s lack of inherent security has made it susceptible to abuse. He cited instances such as the 2008 YouTube hijack by a Pakistani telecom provider and the 2018 redirection of traffic through China.

“Through the adoption of RPKI, we can ensure that BGP hijacking becomes a thing of the past,” Coker asserted. He announced that by the end of the year, over 50% of the federal IP space would be covered by Registration Service Agreements, paving the way for establishing ROAs for federal networks.

Building a Cybersecurity Workforce

Addressing the national cybersecurity workforce gap, Coker noted that there are currently more than 500,000 open cybersecurity jobs in the U.S. He emphasized the need for skills-based hiring to broaden the pool of talent and fill these critical positions.

“We must be relentless in our search for talent because our country needs it,” Coker said. He highlighted the commitment to overhauling the federal hiring process and the collaborative efforts with over 70 organizations to build a strong national cyber workforce.

Coker concluded by stressing the need for continued collaboration between the government and private sector to address the evolving cybersecurity challenges. “We have the responsibility to lead as some of the most capable actors in cyberspace,” he said.

Looking Ahead

The ongoing efforts to enhance data routing security measures and strengthen the cybersecurity workforce reflect a proactive approach to safeguarding the nation’s digital infrastructure. As federal agencies and private sector partners work together, the implementation of robust security frameworks like RPKI will be crucial in mitigating the risks posed by increasingly sophisticated cyber threats.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.