[Congressional Record Volume 167, Number 198 (Monday, November 15, 2021)]
[Senate]
[Page S8091]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 4560. Mr. KING (for himself, Mr. Rounds, Mr. Sasse, Ms. Rosen, Ms. 
Hassan, and Mr. Ossoff) submitted an amendment intended to be proposed 
to amendment SA 3867 submitted by Mr. Reed and intended to be proposed 
to the bill H.R. 4350, to authorize appropriations for fiscal year 2022 
for military activities of the Department of Defense, for military 
construction, and for defense activities of the Department of Energy, 
to prescribe military personnel strengths for such fiscal year, and for 
other purposes; which was ordered to lie on the table; as follows:

        At the appropriate place, insert the following:

     SEC. __. SECURE FOUNDATIONAL INTERNET PROTOCOLS.

       (a) Definitions.--In this section:
       (1) Border gateway protocol.--The term ``border gateway 
     protocol'' means a protocol designed to optimize routing of 
     information exchanged through the internet.
       (2) Domain name system.--The term ``domain name system'' 
     means a system that stores information associated with domain 
     names in a distributed database on networks.
       (3) Information and communications technology 
     infrastructure providers.--The term ``information and 
     communications technology infrastructure providers'' means 
     all systems that enable connectivity and operability of 
     internet service, backbone, cloud, web hosting, content 
     delivery, domain name system, and software-defined networks 
     and other systems and services.
       (b) Creation of a Strategy to Encourage Implementation of 
     Measures to Secure Foundational Internet Protocols.--
       (1) Protocol security strategy.--In order to encourage 
     implementation of measures to secure foundational internet 
     protocols by information and communications technology 
     infrastructure providers, not later than 180 days after the 
     date of enactment of this Act, the Assistant Secretary for 
     Communications and Information of the Department of Commerce, 
     in coordination with the Director of the National Institute 
     Standards and Technology and the Director of the 
     Cybersecurity and Infrastructure Security Agency, shall 
     establish a working group composed of appropriate 
     stakeholders, including representatives of the Internet 
     Engineering Task Force and information and communications 
     technology infrastructure providers, to prepare and submit to 
     Congress a strategy to encourage implementation of measures 
     to secure the border gateway protocol and the domain name 
     system.
       (2) Strategy requirements.--The strategy required under 
     paragraph (1) shall--
       (A) articulate the motivation and goal of the strategy to 
     reduce incidents of border gateway protocol hijacking and 
     domain name system hijacking;
       (B) articulate the security and privacy benefits of 
     implementing the most up-to-date and secure instances of the 
     border gateway protocol and the domain name system and the 
     burdens of implementation and the entities on whom those 
     burdens will most likely fall;
       (C) identify key United States and international 
     stakeholders;
       (D) outline varying measures that could be used to 
     implement security or provide authentication for the border 
     gateway protocol and the domain name system;
       (E) identify any barriers to implementing security for the 
     border gateway protocol and the domain name system at scale;
       (F) identify operational security and robustness concerns 
     in other aspects of the core infrastructure of the internet;
       (G) propose a strategy to implement identified security 
     measures at scale, accounting for barriers to implementation 
     and balancing benefits and burdens, where feasible; and
       (H) provide an initial estimate of the total cost to the 
     Government and implementing entities in the private sector of 
     implementing security for the border gateway protocol and the 
     domain name system and propose recommendations for defraying 
     these costs, if applicable.
                                 ______