Routing Security for Policymakers
An Internet Society White Paper
Although unseen to the average user, Internet Protocol (IP) routing underpins the Internet. By ensuring that packets[1] go where they are supposed to, routing[2] has a central role in the reliable function of the Internet. It ensures that emails reach the right recipients, e-commerce sites remain operational, and e-government services continue to serve citizens. The security of the global routing system is crucial to the Internet’s continued growth and to safeguard the opportunities it provides for all users.
Every year, thousands of routing incidents[3] occur, each with the potential to harm user trust and handicap the Internet’s potential.[4] These routing incidents can also create real economic harms. Key services may become unreachable, disrupting the ability of companies and users to participate in e-commerce.[5] Or packets may get diverted through malicious networks, providing an opportunity to spy on them.[6] While known security measures can address many of these routing incidents, misaligned incentives limit their use.
All stakeholders including policymakers, must take steps to strengthen the security of the global routing system.[7] This can only be done while also preserving the vital aspects of the routing system that have enabled the Internet to be so ubiquitous and improving their security. Through leading by example in their own networks, strengthening communication, and helping realign incentives to favor stronger security, policymakers can help improve the routing security ecosystem.
Read and download “Routing Security for Policymakers.” The white paper is also available in French and Spanish.
Endnotes
[1] Network packets or “packets,” are data sent over a network or networks.
[2] Routing is the practice of determining the way to get data from one location to another location over a network or multiple networks.
[3] Routing incidents are Border Gateway Protocol updates that have a negative impact.
[4] https://www.internetsociety.org/blog/2018/01/14000-incidents-2017-routing-security-year-review/
[5] For example, in April 2017, a route leak caused a “large-scale internet disruption that slowed or blocked access to websites and online services for dozens of Japanese companies.” https://bgpmon.net/bgp-leak-causing-internet-outages-in-japan-and-beyond/
[6] For several minutes in April of 2017, a network operator suspiciously hijacked the Internet traffic of several financial services. If intentional, the hijack could have been used to allow the network operator to read unencrypted financial information as it passed through its networks, or to attempt to decrypt encrypted financial information. https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/
[7] While other forms of security (e.g. physical security or data security) are important for all stakeholders, including network operators, this policy brief is scoped to focus solely on improving routing security. For more information on securing the infrastructure of Internet service providers please see: https://www.rfc-editor.org/rfc/rfc3871.txt
MANRS Project Study Report
MANRS was founded with the ambitious goal of improving the security and reliability of the global Internet routing system, based on collaboration among participants and shared responsibility for Internet infrastructure. These are undoubtedly essential pillars supporting the Internet’s tremendous growth and success, but we must better articulate the incentives of contributing to global security and resilience to grow MANRS participation and reach our goals.
To do so, we engaged 451 Research to understand the attitudes and perceptions of Internet service providers and the broader enterprise community around MANRS and how it relates to their organizations. The results of the study are documented in the report below.
There are also two specific use cases available that outline the benefits of MANRS participation for service providers and enterprise organizations: