ISPs Should Strongly Consider MANRS to Fight Cybercrime: World Economic Forum Report

A World Economic Forum (WEF) report released today recommends that Internet Service Providers (ISPs) should strongly consider joining the Mutually Agreed Norms for Routing Security (MANRS) initiative to improve the security of the Internet’s global routing system.

Systemic security issues about how traffic is routed on the Internet make it a relatively easy target for criminals. MANRS helps reduce the most common routing threats and increase efficiency and transparency among ISPs on peering relationships.

The WEF Centre for Cybersecurity identifies four actionable principles as effective in preventing malicious activities from getting “down the pipes” from network providers to consumers in the report Cybercrime Prevention: Principles for Internet Service Providers, released today in Davos, Switzerland.

The principles were developed and tested over a year with leading ISPs around the world and multilateral organizations, including BT, Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Korea Telecom, Proximus, Saudi Telcom, Singtel, Telstra, and ITU, WEF says in a press release.

One of the principles is to “take action to shore up the security of routing and signalling to reinforce effective defence against attacks”, and MANRS, a global initiative supported by the Internet Society, is one of the recommendations to achieve the principle to secure the backbone of the Internet.

The other principles are: protect consumers by default from widespread cyberattacks and act collectively with peers to identify and respond to known threats; take action to raise awareness and understanding of threats and support consumers in protecting themselves and their networks; and work more closely with manufacturers and vendors of hardware, software and infrastructure to increase minimum levels of security.

The set of principles focuses on the strategic actions that the ISPs should take to protect consumers from common online crimes, thereby helping to “clean up” the internet on the whole, the report says.

Like a road network, the Internet has its own highways and intersections that consist of cables and routers. The navigation system that manages the flow of data around the network is called the Border Gateway Protocol (BGP). When you visited this website, BGP determined the path through which the site’s data would be transmitted to your device.

Criminals manipulate the ways in which traffic is routed on the Internet to launch attacks that bring down networks and services. Many such attacks are result of criminals violating the underlying assumptions relating to identity which are implicit in the routing, naming and addressing systems on the internet. Some attacks result in denial-of-service (DoS) that can damage both the reputation of affected organizations and their ability to conduct business operations.

MANRS helps ISPs to implement well-established industry best practices and technological solutions that can address the most common problems, including incorrect routing information, traffic with spoofed source IP addresses, and coordination and collaboration between networks.

The WEF report also says the MANRS Observatory is one of the model examples – along with BT’s Cyber Indes42 – to help better understand the positive impact of the principles and other such initiatives would contribute to making the case for wider adoption.

The WEF says they will now use its Platform for Shaping the Future of Cybersecurity and Digital Trust to drive adoption of the principles and seek to initiate a dialogue between public- and private-sector stakeholders on how governments can incentivize uptake and establish clearer policy frameworks and expectations.

Collaboration and shared responsibility are key to the success of MANRS. So far, 275 network operators and 45 Internet Exchange Points (IXPs) have signed on. By joining, these companies are working hard to secure the fabric of the Internet.

By working collaboratively, ISPs will be better placed to protect their customers and defend their own networks than if they work alone. Routing security is vital to the stability and resilience of the Internet. Join us to protect the Internet together.

This post has been cross posted on the Internet Society’s blog.