The internet has about 74,000 networks called Autonomous Systems (ASes) that work together¹. These networks use the Border Gateway Protocol (BGP) to share important routing info. But, BGP lacks security, making it vulnerable to attacks like unauthorized announcements and lack of message checks¹. For over 25 years, experts have worried about these BGP weaknesses¹.

Securing Federal Internet: Keeping the federal internet safe is very important. Cyberattacks and data breaches are big threats. Our federal agencies must protect their networks and systems well. They need to use strong security, check for weaknesses often, and use the latest tech. This helps keep services like healthcare and defense safe and working well.

Government Internet Security: Government agencies face big risks online. They need to keep their networks safe for important work and talking to citizens. To fight cyber threats, they must use many security tools. Things like firewalls and encryption are key. Training employees to stay safe online is also crucial. This helps protect sensitive info and keeps national interests safe.

Industry Routing Solutions: Industry routing solutions are vital for moving important data well. Companies with big networks need good routing to work fast and smoothly. New tech like SDN and NFV make this easier. These solutions also help fight cyber threats. They keep networks and systems safe from harm.

The Biden administration has launched a plan to fix these problems². This Roadmap to Enhance Internet Routing Security was made with the ONCD, government partners, and industry leaders². It includes 18 steps to make internet routing safer, with a big push for using Resource Public Key Infrastructure (RPKI) to fight BGP threats².

Taejoong “Tijay” Chung, a computer science professor at Virginia Tech, is key in the U.S. fight against these threats. His work, mentioned by the FCC and NTIA, includes creating RoVISTA. This tool helps track RPKI use in real-time. It’s vital as the government and industry aim to protect internet routing for everyone.

Introduction to Internet Routing Vulnerabilities

The internet is made up of about 74,000 networks called Autonomous Systems (ASes). They use the Border Gateway Protocol (BGP) to share routing info³. But, BGP can’t check if a network is real, if messages are safe, or if info is true³.

Complexity of Internet Routing and Associated Risks

The internet has grown a lot in the last 20 years. This growth has shown the weaknesses in BGP. These weaknesses have caused problems like data theft and service outages³. In 2003, the White House said internet routing issues were a big risk³.

Lack of Adequate Security in BGP Protocol

The Border Gateway Protocol (BGP) is a big worry for network security³. Even though the U.S. has a lot of internet address resources, not many use security measures³. The 2023 National Cybersecurity Strategy says BGP security is a big problem. It asks federal agencies to do more³.

The internet’s routing system is complex and has big security risks. We need better security to stop problems like data breaches and attacks³⁴⁵.

Securing Internet Routing: A National Cybersecurity Priority

The 2023 National Cybersecurity Strategy has made securing the internet’s technical foundation a key goal⁶. The Office of the National Cyber Director (ONCD) is working on a plan to boost the use of secure internet routing. They aim to tackle security issues, find ways to fix them, and understand why some solutions are hard to use⁷.

Internet routing, especially the Border Gateway Protocol (BGP), is vital to the internet. But, it has weaknesses that hackers can use to steal IP addresses and disrupt traffic. The government sees fixing these problems as a key part of its cybersecurity plan⁶.

The ONCD’s plan includes 18 steps to tackle BGP’s security issues⁷. They suggest using secure methods like Resource Public Key Infrastructure (RPKI) for better internet security. They also plan to create a group of experts from both the public and private sectors to work together on internet security⁷.

By focusing on internet routing security, the government is making a big step towards better cybersecurity for the country⁷. This move will help prevent big problems and keep the nation safe from BGP’s weaknesses⁷.

The ONCD’s roadmap is a big step in the government’s effort to secure the internet’s foundation⁷. It shows that the government sees internet routing security as a top priority. It also highlights the need for teamwork between the government and the private sector to solve these big challenges⁷.

Baseline Approaches: RPKI, ROA, and ROV

To fix the problems in the Border Gateway Protocol (BGP), we have RPKI, ROAs, and ROV. These are key steps to make internet routing safer⁸. RPKI lets network owners show who can send out certain IP addresses. ROAs and ROV check if these claims are true⁸.

These tools help make internet routing safer. But, they are not used by everyone yet.

Understanding RPKI, ROA, and ROV

RPKI is key for internet routing security. It sets up a trusted system for checking BGP route announcements⁸. ROAs are digital certificates that show who can send out certain IP addresses⁸.

ROV checks if BGP route announcements match the ROAs. This helps networks spot and block bad or wrong routes.

Advantages and Limitations

RPKI, ROAs, and ROV have helped fix some internet routing problems⁸⁹. But, getting them used everywhere has been hard. Only networks use RPKI filtering¹⁰.

ROV is getting more use, but it’s not perfect. Bad routes can still get through at Internet Exchange Points (IXPs). Not enough places use it¹⁰. We need to keep working to make these tools better and get more people using them.

Challenges to RPKI Adoption

RPKI, ROA, and ROV are strong security tools for the internet. Yet, they are not used by many. Network operators might not see the need for them, thinking the risk is low¹¹. Also, setting them up can be hard due to lack of resources and barriers like getting everyone to work together¹¹.

Prioritization, Resourcing, and Risk Perception

For many, making the internet safer is not a big deal. They have other things to worry about. But, the truth is, over 3,000 attacks happened in 2020¹².

Using RPKI, ROA, and ROV takes a lot of work. Small places might not have the time or people to do it. This is especially true since funding changes at ARIN in 2024¹¹.

Leaders don’t always get how important internet safety is. This makes it hard to get the help and money needed for RPKI¹¹.

To solve these problems, we need to see the dangers of the internet. We must make protecting it a key part of our safety plans. We need more awareness, money, and teamwork to make the internet safer for everyone¹¹¹².

Current Progress and Industry Efforts

Despite challenges, there’s been significant progress in making the internet safer. Groups like Mutually Agreed Norms for Routing Security (MANRS)¹³ and the Global Cyber Alliance have pushed for better security. They offer advice to network operators¹³.

These groups and others are helping to improve internet security. CableLabs has created the Routing Security Profile (RSP)¹⁴. It follows the Cybersecurity Framework and helps networks get safer¹⁴.

The RSP has become a key tool for the government and other projects. The NTIA’s C-SCRIP project and the FCC’s BGP rules see its value¹⁴.

This teamwork shows the industry’s dedication to fixing BGP’s problems¹³. They aim to make the internet safer and more reliable¹³.

Federal Government Initiatives

The federal government is taking steps to improve internet routing security¹⁵. They aim to protect America’s communications networks and critical infrastructure. They focus on fixing vulnerabilities in the Border Gateway Protocol (BGP), which is key to the internet¹⁵.

BGP lacks security features, making it vulnerable to attacks. These attacks can redirect internet traffic¹⁵.

National Cybersecurity Strategy Roadmap

The government has a plan to make internet routing more secure¹⁵. They see the big impact of BGP issues on important sectors like transportation and energy. They’ve set up a Commission to boost communications security for defense and safety¹⁵.

NTIA’s Role in Promoting Routing Security

The National Telecommunications and Information Administration (NTIA) is key in routing security¹⁶. They work with others to add security features, like Route Origin Authorizations (ROAs). They also help federal agencies use the Resource Public Key Infrastructure (RPKI) framework¹⁶.

As agencies use TIC 3.0, they must work with the NCPS Program. This is to share the right information with CISA¹⁶.

The government is serious about making internet routing secure. They’re using their National Cybersecurity Strategy and NTIA’s help. This is to protect the nation’s networks and keep its infrastructure strong¹⁵¹⁶¹⁷.

Securing Internet Routing

Securing internet routing is key to keeping our online world safe. The Border Gateway Protocol (BGP) has weaknesses, and the internet’s complex structure makes it hard to protect. Securing internet routing needs a mix of security tools and teamwork between governments, industries, and others.

The Department of Commerce is leading the charge in making the internet safer¹⁸. The National Oceanic and Atmospheric Administration’s N-Wave network was the first to use strong routing security¹⁸. Also, over 60% of the Federal government’s IP space is set to have the needed security by the end of the year¹⁹.

The Communications Supply Chain Risk Information Partnership (C-SCRIP) helps small telecom providers stay safe online¹⁸. They’re hosting a webinar with ARIN on September 24 at 3:00pm EDT to teach about ROAs¹⁸.

The Office of the National Cyber Director (ONCD) is working on BGP security measures and internet routing protection with CISA and industry partners¹⁹. This team effort is vital for making the internet’s routing system more secure and reliable.

Recommended Actions for Stakeholders

To keep the internet safe, we need to act fast. Network operators and service providers are key in making the internet more secure²⁰.

Baseline Actions for Network Operators

Network operators must start with basic security steps. They should use the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and Route Origin Validation (ROV)²⁰. They also need to join efforts like the Mutually Agreed Norms for Routing Security (MANRS) initiative²⁰.

Additional Actions for Service Providers

Service providers can do more to secure the internet. They should show how they use RPKI and push for more security among their customers²⁰. They must also keep up with security updates, audits, and firewall settings²¹.

By following these steps, we can make the internet safer. This will protect businesses, people, and important areas from BGP threats²⁰.

Conclusion

Keeping the internet safe is a top priority for the country. It needs teamwork from the government, businesses, and others²². Researchers, the Biden team, and companies are working hard to fix the internet’s weak spots²³.

By using security tools like RPKI²² and working together, the U.S. can make its online world safer. This will help protect everyone from dangers in the internet’s paths²⁴.

The way the internet works today is based on trust between different networks²³. It’s very important to make this trust stronger²². Tools like RPKI help check who is sending data and stop bad things from happening²².

As the internet grows, working together to keep it safe will be key. This will protect users, important services, and the whole digital world from threats²⁴. By acting early and using good solutions, the U.S. can keep its internet safe and sound for the future²³.

Source Links

1. https://www.whitehouse.gov/wp-content/uploads/2024/09/Roadmap-to-Enhancing-Internet-Routing-Security.pdf – PDF
2. https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/fact-sheet-biden-harris-administration-releases-roadmap-to-enhance-internet-routing-security/ – Fact Sheet: Biden-Harris Administration Releases Roadmap to Enhance Internet Routing Security | ONCD | The White House
3. https://www.commerce.gov/news/press-releases/2024/05/us-department-commerce-implements-internet-routing-security – U.S. Department of Commerce Implements Internet Routing Security
4. https://www.internetsociety.org/blog/2024/09/white-house-roadmap-tackles-routing-vulnerabilities/ – US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities – Internet Society
5. https://www.networkcomputing.com/wan-networks/white-house-road-map-provides-guidance-on-bgp-internet-routing-security – White House Road Map Provides Guidance on BGP Internet Routing Security
6. https://news.vt.edu/articles/2024/10/virginia-tech-carilion-school-of-medicine-receives-recognition-f/internet-routing-federal-priority.html – Securing internet routing becomes federal priority: Expert provides real-time tools for industry and government
7. https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/ – Press Release: White House Office of the National Cyber Director Releases Roadmap to Enhance Internet Routing Security | ONCD | The White House
8. https://www.meritalk.com/articles/oncd-creates-new-working-group-to-bolster-internet-routing-security/ – ONCD Creates new Working Group to Bolster Internet Routing Security
9. https://www.cablelabs.com/blog/internet-routing-security-framework – A Framework for Improving Internet Routing Security
10. https://www.usenix.org/system/files/usenixsecurity23-hlavacek.pdf – PDF
11. https://manrs.org/2023/11/the-challenges-of-rpki-roa-diffusion-in-research-and-education/ – The Challenges of RPKI-ROA Diffusion in Research and Education – MANRS
12. https://blog.cloudflare.com/rpki-updates-data – Helping build a safer Internet by measuring BGP RPKI Route Origin Validation
13. https://blog.cloudflare.com/white-house-routing-security – Making progress on routing security: the new White House roadmap
14. https://www.cablelabs.com/blog/cablelabs-updates-framework-for-improving-internet-routing-security – CableLabs Updates Framework for Improving Internet Routing Security
15. https://www.federalregister.gov/documents/2022/03/11/2022-05121/secure-internet-routing – Secure Internet Routing
16. https://www.cisa.gov/resources-tools/programs/trusted-internet-connections-tic – Trusted Internet Connections (TIC) | CISA
17. https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/trusted-internet-connections – Trusted internet connections
18. https://www.ntia.gov/blog/2024/roadmap-enhancing-internet-routing-security – The Roadmap to Enhancing Internet Routing Security
19. https://therecord.media/white-house-bgp-hard-problem-guidance – White House calls attention to ‘hard problem’ of securing internet traffic routing
20. https://www.cisa.gov/news-events/news/most-important-part-internet-youve-probably-never-heard – The Most Important Part of the Internet You’ve Probably Never Heard Of | CISA
21. https://www.checkpoint.com/cyber-hub/network-security/what-is-firewall/8-firewall-best-practices-for-securing-the-network/ – 8 Firewall Best Practices for Securing the Network – Check Point Software
22. https://blog.afrinic.net/rpki-quick-introduction – Securing Internet Routing with Cryptography: Quick Introduction to RPKI
23. https://web.cs.ucla.edu/~lixia/papers/routesec.pdf – PDF
24. https://cacm.acm.org/research/securing-internet-applications-from-routing-attacks/ – Securing Internet Applications from Routing Attacks – Communications of the ACM