A new report examines public agency practices to prevent the exploitation of vulnerabilities within the modern internet framework.
Modern internet infrastructure is broadly resilient, but remains riddled with risk-prone areas susceptible to malicious attacks such as malware and ransomware.
In a Congressional-commissioned report, researchers at the Government Accountability Office identified several key weaknesses within the internet’s architecture, specifically within public agencies, including the U.S. Department of Commerce, Department of Defense, the Federal Communications Commission, and National Science Foundation.
Based on panel discussions with experts and publicly available reports, the GAO determined that two protocols, domain name routing and broader gateway protocol, risk being tampered with by malicious hackers. These two protocols are also subject to unintentional failures, such as damage to fiber optic cables, hardware and software failures, as well as user errors.
“Risks, if realized, may result in incidents that disrupt the proper functioning of the internet, including outages, degradation of performance, and interception of traffic,” the report says.
In surveying respondents for the report, the GAO found that subject matter experts emphasized how critical supply chain infrastructure is to support internet access. They specifically cited the reliance on software code and the threat of supply chain interruptions regarding hardware devices.
Despite these weaknesses, the report found that many public agencies take mitigating measures to prevent exploitation. Some of these steps include international strategic partnerships, cyber research and development, incident response, and criminal investigations.
Multi-stakeholder engagement across the government and consistent modernization efforts are key to strengthening the internet architecture. Private sector engagement––a stance the Biden administration has advocated––is also helpful in preventing cyberattacks.
“No one organization is responsible for the entirety of internet policy, operations, and security,” the report reads. “However, the federal government fulfills a number of different roles that directly address risks to the internet architecture.”