Imagine a world where just a few lines of code could take control of important government sites, banks, and your personal info. This is our reality today, with hackers using internet weaknesses to cause trouble. They can block websites, steal data, and commit fraud1.
The Biden administration knows we need to act fast. They’ve created a plan to make the internet safer. This plan is based on research by Taejoong “Tijay” Chung, a computer science professor at Virginia Tech. Chung’s work is key to fixing the internet’s security problems1.
National Internet Security: Securing the internet is key for our daily lives and economy. It keeps our online services safe and running smoothly. This includes healthcare, finance, and defense. Governments must protect our digital rights and prevent data breaches to keep trust in online services.
Industry Network Security: For businesses, securing their networks is vital. It stops cyber threats and data breaches. This protects their reputation, finances, and competitive edge. Strong network security keeps their data safe and customer trust high.
Securing Routing Infrastructure: A secure routing system is essential for internet safety. It stops cyber attacks and keeps data flowing. This ensures online services are reliable and trustworthy.
Government Security Tools: Governments use many tools to keep the internet safe. These include firewalls, encryption, and advanced threat solutions. They also fund research to fight new threats. This keeps the internet secure and public trust high.
Internet routing threats are real. Hackers can use the internet’s core system to steal IP addresses and change where data goes. This can block websites, mess with government security tools, and cause big financial losses12.
Uncovering the Vulnerability in Internet Routing
The Internet is made up of about 74,000 networks called Autonomous Systems (ASes). These networks use the Border Gateway Protocol (BGP) to share routing info3. But, BGP can’t check if the info is real or if it follows the rules.
This weakness in BGP has caused problems. It has led to wrong data being sent and important systems being broken3. This is called routing hijacking. It can steal personal info, cause trouble for security, and harm the whole Internet.
The Complexity of Internet Routing and the Border Gateway Protocol (BGP)
The Internet’s routing is complex because it’s not controlled by one group3. BGP is key for sharing info between these groups3. But, BGP’s lack of security makes it open to attacks.
Risks Posed by Insecure BGP: Hijacking, Espionage, and Infrastructure Disruption
With BGP’s weaknesses, hackers can take control of internet traffic3. They can steal data and disrupt important services3. This can cause big problems for safety and security.
The Internet’s complex routing and BGP’s weaknesses are big cybersecurity threats34. We need to act fast to protect our digital world34.
The Need for Increased Action to Secure Internet Routing
Internet routing security is very important. A safe and open internet is key for the U.S. economy and national security. But, the internet’s architecture and ecosystem, like BGP, don’t offer enough security against today’s threats5.
The 2023 National Cybersecurity Strategy Implementation Plan aims to fix this. It says the Office of the National Cyber Director will work with others to boost secure internet routing adoption6.
Recent events show why we need better security. For example, a BGP hijack in February 2022 stole $1.9 million from KLAYswap. In March 2022, a Russian ISP mistakenly said it was Twitter’s IP prefix, causing some issues7.
Cloudflare, a popular DNS service, has also had problems. Misconfigurations by network engineers could have caused big outages7. These examples show we must act fast to protect the internet and its users.
The ONCD’s new plan is the result of years of work. It includes steps to use secure internet routing like RPKI, ROA, and ROV6.
By improving internet routing security, we protect the U.S. economy and national security. We also make the internet safer for everyone. It’s time to take action, and the consequences of not doing so are too high.
Baseline Approaches: RPKI, ROA, and ROV
The internet is now a key part of our lives and our critical systems. Securing internet routes is a big concern. The Roadmap to Enhancing Internet Routing Security suggests using Resource Public Key Infrastructure (RPKI). It’s seen as a mature, ready solution to fix Border Gateway Protocol (BGP) issues8.
Understanding RPKI, ROA, and ROV: The Current Best Practices
RPKI lets network operators create Route Origin Authorizations (ROA). These ROAs show which Autonomous Systems can send routes for their address blocks. Route Origin Validation (ROV) checks if BGP route announcements are real using RPKI info8.
The CableLabs’ “Cybersecurity Framework Profile for Internet Routing” (Routing Security Profile, or RSP) offers ways to make BGP safer. It includes ROAs, ROV, BGP peer authentication, prefix filtering, and watching for odd behavior. The RSP connects routing security tips to the NIST Cybersecurity Framework. This helps spot, protect, detect, respond to, and recover from security threats in IP networks8.
This framework was made by CableLabs’ Cable Routing Engineering for Security and Trust Working Group (CREST WG). They worked with experts from different industries. This shows how important it is to work together to solve this big problem8.
Challenges Hindering RPKI Adoption
RPKI, ROA, and ROV are strong security tools for internet routing. Yet, their adoption is slow due to many challenges. These include a lack of resources, fear of risks, and the complexity of setting them up.
Prioritization, Resourcing, and Perceived Risk Barriers
Network operators face many challenges, including finding time for routing security. About 46% of internet routes are covered by ROA, showing growth. However, only 15-18% of U.S. research networks use ROAs.
Only 20% of global NRENs use ROAs, which is less than half of the global Internet. The lack of urgency to adopt RPKI is a big issue, as noted by Steve9.
Administrative and Technical Barriers to Implementation
Setting up RPKI faces administrative and technical hurdles. Internet2 saw a big jump in IRR coverage to over 95%. Yet, over 80% of Internet2’s IP addresses are legacy, not covered by an RSA9.
The ARIN’s legacy fee cap ends on 31 December 2023. This might push small institutions to adopt RPKI. But, larger ones might not feel the urgency as much9.
Overcoming these challenges is key to making internet routing more secure. Network operators, service providers, and policymakers must work together. They need to tackle these barriers and make these security measures a priority.
Securing Internet Routing: Current Progress
The journey to make internet routing safer is underway. Big steps are being taken to fix the Border Gateway Protocol (BGP)10. BGP is key to the internet’s global network, helping networks talk to each other10. But, BGP’s lack of security has been a worry, leaving users open to attacks and disruptions10.
The government is leading the charge to improve security. By 2024, over 60% of the Federal government’s IP space will be secured10. The Office of the National Cyber Director (ONCD) has made tools to help federal agencies use Resource Public Key Infrastructure (RPKI)10.
The Federal Communications Commission (FCC) is also pushing for better security. FCC Chairwoman Jessica Rosenworcel wants the biggest internet providers to report on BGP security11. This move aims to stop attacks by making BGP safer11.
The internet is essential for our daily lives. Making internet routing safer is a big step towards keeping our digital world safe1011.
Recommended Actions for Enhancing Internet Routing Security
Keeping the internet safe is a top priority. The White House has a plan to make the Border Gateway Protocol (BGP) more secure. This is key to the internet’s foundation12. The plan includes 18 steps to improve security, aiming for 60% of the internet to be safer by the end of the year12.
Baseline Actions for All Network Operators
Network operators need to act fast to protect their systems. Here are some essential steps:
- Setting up Route Origin Authorizations (ROAs) to check where internet traffic comes from13.
- Using Route Origin Validation (ROV) to block bad routes and stop prefix hijacking13.
- Joining efforts like the Mutually Agreed Norms for Routing Security (MANRS) to boost security13.
Additional Actions for Network Service Providers
Network service providers have a big role in keeping the internet safe. They should do more than the basics:
- Working with the government and others to create and use strong security solutions13.
- Using advanced security to protect against wrong or harmful routing of internet traffic12.
- Watching for and fixing routing problems, teaming up with CISA and the Office of the National Cyber Director to fight threats12.
By following these steps, network operators and service providers can help make the internet safer and more reliable.
Collaborative Efforts: Government and Industry Stakeholders
The Office of the National Cyber Director (ONCD) is starting a group called the Internet Routing Security Working Group14. This group will work together to make the internet safer. It’s led by ONCD, the Cybersecurity and Infrastructure Security Agency (CISA), and the Communications and Information Technology Sector Coordinating Councils14.
This group will help network operators know how to keep their systems safe. They will focus on using IP address resources and critical route origins to apply security controls14.
Working together, the government and industry are tackling a big problem. The U.S. government has a lot of Internet address resources but doesn’t use enough security measures14. For over 20 years, there have been worries about internet routing security14.
The National Cybersecurity Strategy has made it clear that routing security is a big concern in 202314.
The National Telecommunications and Information Administration (NTIA) is taking action. They’ve created Route Origin Authorizations (ROAs) to keep the Department of Commerce’s network safe14. ROAs help prevent address hijacks, which can cause service loss or data theft14.
NTIA has been working with the Internet engineering community for two decades14.
NTIA has teamed up with NOAA N-Wave to help DOC bureaus use ROAs14. They’ve also made a playbook for routing security14. NTIA has worked with ARIN to fight address hijacks14.
They’ve also partnered with Mutually Agreed Norms of Routing Security (MANRS) and the Global Cyber Alliance14. This helps spread the word about the need for better routing security and how to do it14.
These collaborative initiatives show how important it is for the government and industry to work together1415. The Internet Routing Security Working Group is all about making the internet safer and more reliable15.
Policy Actions for the Federal Government
The Federal government plays a key role in making the internet safer and more reliable. It is taking steps to lead in policy actions. These efforts aim to improve the security of the internet infrastructure16.
The government is setting a good example by quickly adopting BGP security measures. This includes using Resource Public Key Infrastructure (RPKI) in federal agencies. It makes the government’s networks safer and sets a standard for others to follow17.
- The government is working with the Federal Communications Commission (FCC) and the National Telecommunications and Information Administration (NTIA). They are making ISPs report on their use of routing security technologies. This will help push for more regulatory actions and speed up progress in the industry17.
- Also, the government is teaming up with both public and private sectors to secure internet routing. This teamwork makes sure Federal government policies meet the needs of the internet as a whole17.
The Federal government is well-positioned to lead in making the internet safer. It aims to create a more secure digital future for everyone17.
Emerging Technologies and Future Directions
The world of cybersecurity is always changing, and so is the internet’s routing system. We need new technologies and solutions to keep up. The current methods are good for now, but we must look to the future for better security18.
The internet is made up of over 74,000 networks, each run by its own team19. This makes it hard to keep the Border Gateway Protocol (BGP) safe. New technologies, as listed in Appendix A, aim to make internet routing more secure19.
One exciting area is the growth of the Resource Public Key Infrastructure (RPKI). It includes tools like Route Origin Authorization (ROA) and Route Origin Validation (ROV)19. These help networks check if internet addresses are real and prevent BGP hijacking. This is important because it can stop things like cryptocurrency theft and malware18.
New ideas like secure routing, blockchain, and machine learning are being looked into. They could help fight the changing threats to the internet20. These technologies could make the internet safer and more reliable, leading to a better digital world18.
As the internet grows, working together will be key. Governments, industries, and researchers must join forces to bring these new solutions to life19. By working together, we can make the internet stronger and protect it from new dangers18.
Conclusion
Securing internet routing is key to keeping the internet safe and reliable. This is vital for the U.S.’s economic growth and national security21. The ONCD’s Roadmap to Enhancing Internet Routing Security offers a detailed plan to tackle vulnerabilities in the Border Gateway Protocol. It encourages the use of security tools like RPKI, ROA, and ROV21.
By working together, network operators and policymakers can make the internet safer. This will protect the nation and its industries.
The Internet has about 67,000 Autonomous Systems (ASes)22. Routing attacks have become more common and complex. They can harm internet applications by redirecting traffic22.
For example, in 2008, a BGP hijacking redirected YouTube’s traffic23. In 2018, an attack impersonated Amazon’s DNS service, leading to cryptocurrency theft23. These incidents show how crucial it is to secure internet routing.
RPKI, which uses a hierarchical model with Regional Internet Registries (RIRs), can greatly improve internet routing security23. It prevents BGP hijacking, route leaks, and helps control routing policies23. By adopting these security measures and working together, we can create a safer internet for everyone.
FAQ
What is the importance of securing internet routing for national and industry safety?
What are the risks posed by insecure BGP?
What are the current best practices for securing internet routing?
What are the challenges hindering the widespread adoption of RPKI, ROA, and ROV?
What is the current progress in securing internet routing?
What are the recommended actions for enhancing internet routing security?
How are government and industry stakeholders collaborating to secure internet routing?
What policy actions is the Federal government taking to enhance internet routing security?
What emerging technologies and future directions are being explored to address internet routing security challenges?
Source Links
- https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/ – Press Release: White House Office of the National Cyber Director Releases Roadmap to Enhance Internet Routing Security | ONCD | The White House
- https://www.whitehouse.gov/wp-content/uploads/2024/09/Roadmap-to-Enhancing-Internet-Routing-Security.pdf – PDF
- https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html – Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
- https://cybersecuritynews.com/rpki-security-vulnerabilities-exposed/ – 50+ Vulnerabilities Uncovered in RPKI security Framework for Internet Routing
- https://www.ntia.gov/blog/2024/roadmap-enhancing-internet-routing-security – The Roadmap to Enhancing Internet Routing Security
- https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/fact-sheet-biden-harris-administration-releases-roadmap-to-enhance-internet-routing-security/ – Fact Sheet: Biden-Harris Administration Releases Roadmap to Enhance Internet Routing Security | ONCD | The White House
- https://blog.cloudflare.com/white-house-routing-security – Making progress on routing security: the new White House roadmap
- https://www.cablelabs.com/blog/internet-routing-security-framework – A Framework for Improving Internet Routing Security
- https://manrs.org/2023/11/the-challenges-of-rpki-roa-diffusion-in-research-and-education/ – The Challenges of RPKI-ROA Diffusion in Research and Education – MANRS
- https://www.federalregister.gov/documents/2022/03/11/2022-05121/secure-internet-routing – Secure Internet Routing
- https://docs.fcc.gov/public/attachments/DOC-402579A1.pdf – PDF
- https://govciomedia.com/new-white-house-roadmap-looks-to-secure-internet-routing/ – New White House Roadmap Looks to Secure Internet Routing
- https://www.ntia.gov/press-release/2024/ntia-supports-fcc-internet-routing-security-proposal – NTIA Supports FCC Internet Routing Security Proposal
- https://www.commerce.gov/news/press-releases/2024/05/us-department-commerce-implements-internet-routing-security – U.S. Department of Commerce Implements Internet Routing Security
- https://www.internetsociety.org/collaborativesecurity/ – Collaborative Security – Internet Society
- https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF – PDF
- https://www.state.gov/united-states-international-cyberspace-and-digital-policy-strategy/ – United States International Cyberspace & Digital Policy Strategy – United States Department of State
- https://therecord.media/white-house-bgp-hard-problem-guidance – White House calls attention to ‘hard problem’ of securing internet traffic routing
- https://www.govtech.com/security/white-house-releases-plans-for-safer-internet-routing – White House Releases Plans for Safer Internet Routing
- https://www.internetgovernance.org/project/routing-security/ – Routing Security – Internet Governance Project
- https://www.juniper.net/documentation/en_US/day-one-books/topics/concept/introducing-routing-security.html – Introducing Routing Security – TechLibrary
- https://cacm.acm.org/research/securing-internet-applications-from-routing-attacks/ – Securing Internet Applications from Routing Attacks – Communications of the ACM
- https://blog.afrinic.net/rpki-quick-introduction – Securing Internet Routing with Cryptography: Quick Introduction to RPKI