MANRS Compliance Increasing, More Work Needed in India

Worldwide collaboration and shared accountability have been critical in enabling the Internet’s development, and more recently its security.

Since 2014, the industry-led MANRS effort has sought to increase Internet routing security around the world by recruiting network operators to implement and maintain critical improvements required to lessen routing risks within their networks.

While the number of MANRS members has dramatically expanded in recent years, there is still uncertainty if the initiative will affect overall Internet routing security.

In this post, I will share some insights into a study my guide Dr. Naveen Chaudhary and I at the National Forensic Sciences University recently published looking at the compliance of MANRS members and discuss the need to promote the initiative more in rapidly developing countries such as India, which are historically more prone to routing security incidents.

MANRS Statistical Analysis and Adoption in India as a Collaborative Security Tool

Our research involved examining the routing behavior of participating MANRS networks, using publicly available data, to present the first unbiased examination of the MANRS ecosystem.

We measured the degree of MANRS participants’ compliance with the established standards and contrasted their network behavior with that of non-MANRS networks. While not all MANRS members fully adhere to all necessary actions, our research showed that they are more likely to adopt the routing security procedures outlined in MANRS actions.

We also evaluated the MANRS initiative’s value in protecting the entire routing ecology. By dropping BGP messages with invalid information by authoritative records, we discovered that more than 83% of MANRS networks were conformant to the route filtering requirement as of May 2022, and more than 95% were conformant to the routing information facilitation requirement by registering their resources in authoritative databases.

Read: Why Network Operators Should use Hierarchical as-sets

While we can say that those participants in MANRS are conforming to best practices, there is still work to be done to expand the program into countries where its impact can be even more greatly felt, such as my home country India.

MANRS in India

The need to implement MANRS in India has become increasingly important due to the rapid growth of the Internet in the country—India is home to the second-largest Internet user base in the world—and the increasing reliance on it for economic and social activities.

Currently, there are only three MANRS participants in India, one of which is Kolkata IX, the first community Internet Exchange in India. Having joined the MANRS community in April 2021, Kolkata IX has been implementing RPKI validation and as part of its security best practices, its members are expected to put RPKI into effect.

One of the key ways to promote and implement MANRS in India, and other fast-developing countries, is through developing policies and regulations that encourage the adoption of its norms. This could include incentives for ISPs and other stakeholders to implement routing security measures and penalties for non-compliance. In addition, the government could provide funding and support for developing and deploying routing security technologies and solutions.

Raising awareness and educating people about the significance of these standards is also crucial in putting mutually agreed-upon guidelines for routing security in India into practice. This could involve instructing users on safe online conduct and how to identify and defend against threats to routing security, as well as teaching ISPs and other stakeholders how to put routing security measures into effect.

Through these actions, we as a community can help further ensure the security of Internet routing globally and with it the further development of the Internet.

Harish Chowdhary is an Internet Governance Specialist, Research Scholar at the National Forensic Sciences University and 2022 MANRS Policy Fellow.

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of the Internet Society.