Working with CSIRTs to improve routing security

Whilst the global routing system of the Internet is a key element of critical infrastructure, most Computer Security and Incident Response Teams (CSIRTs) do not include routing security within their service portfolios.

Therefore, it is crucial for MANRS to engage with the CSIRT community to raise awareness about the importance of securing the Internet’s foundational, universal routing system, and why, essentially, all Internet security depends on getting routing security right.

We presented the MANRS initiative and demonstrated the MANRS Observatory during the 32nd Annual FIRST Conference last month to do just that. The Forum of Incident Response and Security Teams, better known as FIRST, is the global forum of over 500 CSIRTs and its annual conference is the pre-eminent event bringing together those working to prevent and mitigate network security incidents.

CSIRTs are well placed to raise awareness of routing security issues within their constituencies as well as national critical infrastructure activities. They could also include routing security within their capacity building programmes and add routing security to their auditing activities.

The MANRS Observatory will add another tool to their armory. The MANRS Observatory is a web-based tool that collates publicly available data sources including BGPStream, the CIDR Report, the CAIDA Spoofer Database, Regional Internet Registry Whois and IRR databases and PeeringDB to view routing incidents on any network (ASN) that is publicly visible on the Internet. It is also able to check the general routing health of particular networks, countries and regions, and provide a longer-term overview on whether routing incidents are getting better or worse.

MANRS is offering Observatory accounts to all FIRST-accredited CSIRTs. If you are interested, please complete the form at We look forward to protecting the core of the Internet together.

Leave a Comment