The US government, through the Office of the National Cyber Director (ONCD) [1] [2] [3] [4] [7] [8], has introduced a comprehensive Roadmap to Enhance Internet Routing Security, with a focus on strengthening the Border Gateway Protocol (BGP) against vulnerabilities.

Description

Recognizing critical security flaws in BGP, such as the absence of authority validation for remote networks, message integrity verification [6], and routing violation detection, the plan highlights the importance of implementing cryptographic authentication measures like Resource Public Key Infrastructure (RPKI). Currently, only 39% of prefixes are safeguarded by Route Origin Authorizations (ROAs), underscoring the necessity for broader adoption of RPKI to address issues like route hijacking, leaks [4] [6] [9], and IP resource hijacks [4]. This initiative is particularly crucial for operators of critical infrastructure [4], state and local governments [4], and entities heavily reliant on the internet for essential functions. To encourage adoption [2], network operators are advised to develop cybersecurity risk management plans [2] [9], publish ROAs [2], and monitor BGP security threats [2]. Cloudflare has stressed the significance of enhancing internet routing security to mitigate threats like data breaches and theft, noting that only half of networks currently utilize RPKI [4]. Businesses are strongly encouraged to prioritize security by implementing RPKI and similar frameworks to protect sensitive data during transit [4]. Despite challenges like the lack of direct financial incentives for service providers to invest in BGP security [7], the ONCD aims to have at least 60% of the US Federal government’s IP space covered by ROAs by the end of the year. Internet Service Providers (ISPs) are urged to conduct audits, integrate BGP security into cybersecurity risk assessments [7], and deploy Route Origin Validation (ROV) filtering to oversee and enhance the quality of their BGP setup and prevent disruptions and malicious traffic diversion. Additionally, the White House Cyber Director has issued guidance addressing key vulnerabilities in BGP security [5], urging network operators to adopt RPKI to mitigate BGP vulnerabilities. This guidance aims to raise awareness of best practices for BGP security and includes recommended baseline actions for all network operators [5]. NTIA Administrator Alan Davidson has welcomed the guidance as a crucial step towards protecting users from malicious attacks [5]. ONCD has also announced the formation of a public-private stakeholder working group to develop resources and materials to advance the objectives outlined in the roadmap.

Conclusion

The Roadmap to Enhance Internet Routing Security [1] [8] [9], spearheaded by the US government and ONCD, is a significant step towards fortifying BGP against vulnerabilities and safeguarding critical infrastructure and essential functions. By promoting the adoption of RPKI and enhancing BGP security measures, the initiative aims to mitigate threats like data breaches, route hijacking [4], and IP resource hijacks [4]. The guidance issued by the White House Cyber Director and the formation of a public-private stakeholder working group underscore the commitment to improving internet routing security and protecting users from malicious attacks. Moving forward [3], continued collaboration and implementation of best practices will be essential to ensure a secure and resilient internet infrastructure.

References

[1] https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/
[2] https://www.techtarget.com/searchSecurity/news/366609603/White-House-unveils-plan-to-improve-BGP-security
[3] https://cyberscoop.com/white-house-publishes-latest-plan-to-protect-a-key-component-of-the-internet/
[4] https://www.infosecurity-magazine.com/news/us-internet-routing-security/
[5] https://communicationsdaily.com/article/2024/09/04/white-house-releases-roadmap-of-border-gateway-security-best-practices-2409030027
[6] https://www.itpro.com/security/white-house-outlines-plans-to-finally-secure-the-border-gateway-protocol
[7] https://www.networkworld.com/article/3504845/white-house-brands-bgp-routing-a-national-security-concern-as-it-unveils-reform-roadmap.html
[8] https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/fact-sheet-biden-harris-administration-releases-roadmap-to-enhance-internet-routing-security/
[9] https://cybermaterial.com/oncd-releases-bgp-security-roadmap-for-2024/