09/05/2024 | News release | Archived content
By: Robert Cannon, Senior Telecommunications Policy Analyst
On September 3, 2024, the White House Office of the National Cyber Director (ONCD) released the Roadmap to Enhancing Internet Routing Security report. The report recommends actions the federal government and all Internet networks should take to advance routing security.
Internet networks use the Border Gateway Protocol (BGP) to exchange information about destinations and routes to destinations - in effect creating maps of how to navigate the Internet. That creates two problems. First, the destination information may be wrong, and second, the route to the destination may be wrong.
When routing information is wrong, bad things happen - misdirection of traffic, loss of service, and theft of data. But the federal government is making progress on routing security.
Report Recommendations
The Roadmap Report recommends actions to address these routing vulnerabilities. It calls for all network operators to implement routing security, which requires them to create Route Origin Authorizations (ROAs), or cryptographic verifications that the destination is correct.
The Report also recommends that large transit networks implement Route Origin Validation, ensuring that BGP announcements match ROAs - and filter invalid BGP announcements. The Mutually Agreed Norms for Routing Security (MANRS) has recommended baseline actions that every network should be able to affordably implement.
Department of Commerce Internet Routing Security Work
Everyone needs to do their part to ensure that we continue to secure our networks. NTIA is pleased to have been part of the interagency working group, collaborating with ONCD, the National Institute of Standards and Technology (NIST), the Department of Justice (DOJ), the Federal Communications Commission (FCC), the Cybersecurity and Infrastructure Security Agency (CISA) and other agencies, to develop these recommendations for how the federal government can advance routing security.
At the Department of Commerce, we are answering the call on improving routing security. NOAA N-Wave, the backbone network serving many of the Department's bureaus, was the first federal network to robustly implement routing security. N-Wave produced a playbook providing guidance to federal agencies on routing security implementation. N-Wave has been leading the advocacy within the Department of Commerce, leading the Department's Route Signing Day, and working with individual bureaus to secure their routes. As of August 30th, 83% of address blocks on Department networks have ROAs, up from 33% in 2023.
NTIA is also conducting stakeholder education and outreach through the Communications Supply Chain Risk Information Partnership (C-SCRIP). We launched a new webpage with resources dedicated to helping small and medium-sized telecommunications providers achieve secure Internet routing practices. C-SCRIP is hosting a webinar with ARIN on how to create ROAs on September 24 at 3:00pm EDT.
More work needs to be done. The federal government is securing its address space. The Internet community continues to conduct outreach and training. NIST continues to work with engineers from the IETF to develop further solutions to other BGP vulnerabilities. CISA will be conducting outreach. The ONCD will be collaborating with industry through a Critical Infrastructure Partnership Advisory Council working group.
The U.S. Government is committed to working closely with the multistakeholder community to identify and implement best practices for BGP security and other Internet governance challenges. Collaboration with stakeholders makes us all stronger when tackling what the National Cybersecurity Strategy calls "pervasive concerns" like BGP security.
The Roadmap report is the product of engagement with the routing security community. We want to express gratitude to the Internet community for the tremendous work in advancing routing security: The American Registry for Internet Numbers (ARIN), The Internet Society, Mutually Agreed Norms for Routing Security (MANRS), The Global Cyber Alliance, Internet2 Routing Integrity, Network Startup Resource Center (RouteViews), Center for Applied Internet Data Analysis, the RoVista project at Virginia Tech, and others.