The US Makes a Big Step Toward Better Routing Security
It’s imperative for governments to establish the benchmark for enhancing routing security. This is vital due to the designation of many government services as critical infrastructure, underscoring their pivotal role in shaping protocols for operating secure networks. Until recently, the US Federal Government encountered hurdles in this domain.
According to Internet Society, using RPKI to create Route Origin Authorizations (ROAs) is a vital action for network operators to take to improve routing security online. ROAs are cryptographically signed objects that state which network is authorized to originate a particular IP address prefix or set of prefixes. In short, ROAs provide a verified example of what routes on the Internet should look like, enabling network operators to filter out accidentally misconfigured or intentionally malicious routes—limiting the spread and impacts of routing incidents. Enabling the global validation of routing information is a key action of the Mutually Agreed Norms for Routing Security (MANRS).
Non-governmental networks in the United States have continued to rapidly improve their implementation of RPKI, increasing by nearly three and a half times since 2019. However, the US government has lagged much further behind. Until this week, only around 1% of routes from US government-run networks could be verified using RPKI.
By implementing RPKI, NTIA and the other components of the US Department of Commerce are not only securing their routing infrastructure but are also paving the way for other US government departments and agencies to move forward in this important effort. The US government controls hundreds of networks on the Internet, and it is vital that the government take steps to implement routing security best practices on these networks.