Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The White House relies on RPKI, ROA, and ROVs to protect traffic.
A new White House report details the steps that need to be taken to improve the security of Internet routing using the Border Gateway Protocol (BGP), which plays a key role in managing Internet traffic between networks around the world.
Routing security issues began to attract the attention of the US government back in 2022, when it became known about cases of interception of Internet traffic by foreign hackers through vulnerabilities in the BGP protocol. Such attacks, known as BGP hijacking, were one of the reasons for the development of this roadmap.
Several key government agencies participated in the report, including the Department of Justice (DOJ), the Department of Defense (DOD), the Federal Communications Commission (FCC), the Cybersecurity and Infrastructure Protection Agency (CISA), and the Office of the National Director for Cybersecurity (ONCD) of the White House.
While the ONCD's recommendations are not revolutionary, they are in line with current industry best practices. In particular, Internet network operators are recommended to use technologies such as RPKI, ROA and ROV. These cryptographic tools help ensure that the organization managing the IP addresses actually owns them and can advertise routes through those addresses.
The report focuses on the implementation of RPKI and related technologies, such as ROA, which allows for confirmation that only a certain network has the authority to advertise routes for a specific block of IP addresses. ROV technology, in turn, verifies that routes advertised by other networks are correct and safe.
Apart from this, the White House also mentioned BGPsec technology, which is an extension of the BGP protocol that offers additional security features. However, the introduction of such technology is not a priority at the current stage. Instead, the U.S. government has opted for a gradual approach that encourages network operators to start by implementing ROA as the first step to improving routing security.
Cooperation with the private sector is an important part of the strategy. The White House plans to work with CISA to create a working group that will develop recommendations and materials aimed at simplifying the process of implementing RPKI, ROA and ROV technologies.
According to the National Institute of Standards and Technology (NIST), today almost half of the routes in the BGP network are already tested using ROVs, and according to a study by Kentik, more than 70% of IPv4 routes are already protected with ROA. However, as Cloudflare notes, the main problem is that most of this secure traffic comes from overseas network operators, while companies in the U.S. are still lagging behind in adopting these technologies.
Source
A new White House report details the steps that need to be taken to improve the security of Internet routing using the Border Gateway Protocol (BGP), which plays a key role in managing Internet traffic between networks around the world.
Routing security issues began to attract the attention of the US government back in 2022, when it became known about cases of interception of Internet traffic by foreign hackers through vulnerabilities in the BGP protocol. Such attacks, known as BGP hijacking, were one of the reasons for the development of this roadmap.
Several key government agencies participated in the report, including the Department of Justice (DOJ), the Department of Defense (DOD), the Federal Communications Commission (FCC), the Cybersecurity and Infrastructure Protection Agency (CISA), and the Office of the National Director for Cybersecurity (ONCD) of the White House.
While the ONCD's recommendations are not revolutionary, they are in line with current industry best practices. In particular, Internet network operators are recommended to use technologies such as RPKI, ROA and ROV. These cryptographic tools help ensure that the organization managing the IP addresses actually owns them and can advertise routes through those addresses.
The report focuses on the implementation of RPKI and related technologies, such as ROA, which allows for confirmation that only a certain network has the authority to advertise routes for a specific block of IP addresses. ROV technology, in turn, verifies that routes advertised by other networks are correct and safe.
Apart from this, the White House also mentioned BGPsec technology, which is an extension of the BGP protocol that offers additional security features. However, the introduction of such technology is not a priority at the current stage. Instead, the U.S. government has opted for a gradual approach that encourages network operators to start by implementing ROA as the first step to improving routing security.
Cooperation with the private sector is an important part of the strategy. The White House plans to work with CISA to create a working group that will develop recommendations and materials aimed at simplifying the process of implementing RPKI, ROA and ROV technologies.
According to the National Institute of Standards and Technology (NIST), today almost half of the routes in the BGP network are already tested using ROVs, and according to a study by Kentik, more than 70% of IPv4 routes are already protected with ROA. However, as Cloudflare notes, the main problem is that most of this secure traffic comes from overseas network operators, while companies in the U.S. are still lagging behind in adopting these technologies.
Source
