US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities Thumbnail
Strengthening the Internet 6 September 2024

US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities

By Ryan PolkDirector, Internet Policy

Released earlier this week, the White House’s Roadmap to Enhancing Routing Security (“the Roadmap”) is an important step by the US government toward strengthening routing security in the United States. The US has long lagged behind the rest of the world when it comes to routing security.

The Internet Society has been a strong advocate for routing security for over a decade. It has nurtured, developed, and continues to support the Mutually Agreed Norms for Routing Security initiative (MANRS), which is a voluntary, controls-based, industry-led effort to enhance routing security, now a project of the Global Cyber Alliance.

While the US industry has made impressive gains in recent years, the routing security of government networks has remained significantly behind. That’s why the Roadmap, along with the Office of the National Cyber Director’s (ONCD) efforts to tackle significant challenges facing the adoption of best practices by federal networks, is so important.

How Does Internet Routing Work?

Internet routing, the invisible backbone of the digital age, silently directs trillions of data packets every second, ensuring our global connectivity and powering modern life and the economy. We wouldn’t have an Internet if the networks didn’t know how to send packets to the right destination! That means that the security of how information is routed across the Internet is vital. Just like sending a physical package through the mail, users don’t want their Internet packets to be lost, sent an overly complicated and slow path, or sent to the wrong destination.

Governments have an important and nuanced role to play in improving the security of the routing ecosystem. We are incredibly excited that the Roadmap demonstrates a strong understanding of the importance of routing security best practices while recognizing these nuances.

The Roadmap avoids suggesting top-down mandates for the private sector, which could unintentionally undermine the evolving security of our routing system. The Roadmap also appropriately acknowledges the diversity of networks and their varying capabilities and needs in implementing routing security best practices.

The Roadmap also recognizes that US government’s federal networks still have a lot of work to do in terms of routing security. As the Roadmap notes, one of the biggest challenges facing the adoption of resource public key infrastructure (RPKI) on federal networks is a legal contract problem with the American Registry for Internet Numbers (ARIN). This was preventing federal networks from being able to register their routes cryptographically using RPKI, an important step towards improving routing security.

August 2023August 2024
Valid87215
Unknown15,75517,788
Invalid22
Figure 1. Route Announcements with RPKI validated prefixes from August 2023 to August 2024, US Federal Networks. Data collected from the MANRS Observatory.

The Office of the National Cyber Director (ONCD) led an effort with ARIN and other agencies “to resolve barriers to Federal agencies’ signing of the ARIN Registration Services Agreement (RSA) and develop a Federal RSA template addendum that can be used by Federal departments and agencies to facilitate their adoption of RPKI and other ARIN services.” This effort has already made a significant impact.

While the number of routes announced by federal networks being able to be validated using RPKI remains small, the number has doubled since August 2023 (see Figure 1). As noted in the Roadmap, around 21% of the IPv4 address space in the ARIN region is held by the US federal government. Improving the routing security of federal networks alone would have a large impact on the routing security ecosystem globally.

Additionally, the Roadmap’s recommendations regarding federal procurement and grant guidance utilize the unique strengths of the federal government as one of the largest consumers to incentivize the use and implementation of best practices. The United States government now requires strong routing security practices from its network providers, sending a clear message to the private sector to demand good routing security practices.

The Roadmap is an important step towards improving routing security in the United States. However, it is just the beginning. It is up to federal agencies to begin implementing these actions to improve routing security in the United States.

At the same time, it is critical that the US government does not misstep and take actions that lean more towards top-down mandates. As the Federal Communications Commission continues to weigh its own actions around routing security, it is vital that the Roadmap’s guidance is reflected in any future FCC action.


Image © Photo by René DeAnda on Unsplash

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Strengthening the Internet 19 July 2024

Global Tech Outage Demonstrates Need for Resiliency in Software Systems

Today's global outage of many systems was not an Internet outage, but it demonstrates the need for greater resilience...

Encryption 19 July 2024

Encryption is a Preventative Tool that Protects Children

Encryption is one of the best tools we have to help keep children safe online. Child safety and encryption...

Strengthening the Internet 1 July 2024

US Supreme Court Upholds Right of Websites to Moderate Content 

In a decision on the NetChoice cases, the US Supreme Court upheld the rights of social media platforms to...