The US Makes a Big Step Toward Better Routing Security Thumbnail
Strengthening the Internet 14 May 2024

The US Makes a Big Step Toward Better Routing Security

By Ryan PolkDirector, Internet Policy

Governments should set the standard for improving routing security. This is crucial because many government services are considered critical infrastructure, and they have a significant role in establishing best practices for running safe and secure networks. Until recently, the US Federal Government faced challenges in this area. As the child of two dedicated civil servants, it was particularly disappointing for me to see that the US Government was falling so far behind in such an important area. 

That’s why I am so excited by the news the United States Department of Commerce released that the National Telecommunications and Information Administration (NTIA) and several other Commerce agencies and bureaus began implementing Resource Public Key Infrastructure (RPKI) on their networks. This means that adversaries cannot more easily impersonate or hijack the routes sending data on US government networks.

Why Routing Security is Critical  

Using RPKI to create Route Origin Authorizations (ROAs) is a vital action for network operators to take to improve routing security online. ROAs are cryptographically signed objects that state which network is authorized to originate a particular IP address prefix or set of prefixes. In short, ROAs provide a verified example of what routes on the Internet should look like, enabling network operators to filter out accidentally misconfigured or intentionally malicious routes—limiting the spread and impacts of routing incidents. Enabling the global validation of routing information is a key action of the Mutually Agreed Norms for Routing Security (MANRS). 

Non-governmental networks in the United States have continued to rapidly improve their implementation of RPKI, increasing by nearly three and a half times since 2019. However, the US government has lagged much further behind. Until this week, only around 1% of routes from US government-run networks could be verified using RPKI.  

By implementing RPKI, NTIA and the other components of the US Department of Commerce are not only securing their routing infrastructure but are also paving the way for other US government departments and agencies to move forward in this important effort. The US government controls hundreds of networks on the Internet, and it is vital that the government take steps to implement routing security best practices on these networks.  

How the US and Other Governments Can Influence Wider Routing Security Adoption 

In addition, with an eye towards improving private networks in the US, the US government should also make strong routing security a procurement requirement for network services. The US government can lead by example by both implementing strong routing security practices on its own networks, but also demanding that contracted private network providers also follow those practices. 

We appreciate the Commerce Department’s recognition of the important work that the Internet Society, Global Cyber Alliance, and MANRS have done in the area of routing security. Securing the global routing system is not only vital but requires a group effort. 

I am ecstatic that NTIA and the other agencies and bureaus in the US Department of Commerce took this crucial step toward helping secure the routing infrastructure of both the Federal Government and the wider Internet.  

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Strengthening the Internet 6 May 2024

Montana’s TikTok Ban: Breaking the Internet and Undermining Online Privacy 

Asking TikTok, Google, and Apple to more intrusively track nearly every American with a cell phone, based on the...

Strengthening the Internet 29 April 2024

NDSS Symposium Showcases the Importance of Securing Your Connected Life

It may be a cliché to say that the most interesting conversations you have at a conference are those...

Securing Border Gateway Protocol (BGP) 18 April 2024

The US FCC Signals a Dangerous New Course on BGP Security

The US Federal Communications Commission recently released a draft Declaratory Ruling and Order in the Open Internet Proceeding. However,...