In its tenth year, Mutually Agreed Norms for Routing Security (MANRS) continued to grow past 1,000 participants, engaged in more than 50 community events, and strengthened its future through a five-year partnership between Internet Society and the Global Cyber Alliance (GCA), which includes GCA taking on the MANRS secretariat and operation functions.
Importantly, it also encouraged networks to adopt best current routing security practices. By the end of 2023, more than 66% of MANRS participants have valid Route Origin Authorizations (ROAs) compared with 34% globally, and 16% of MANRS participants traffic filtered based on Route Origin Validation (ROV), compared with 5% globally.
In an effort to increase the exposure of the good routing hygiene practiced by MANRS network operator participants and improve the transparency and credibility of the MANRS initiative, we also began publishing the MANRS readiness scores for Actions 2—4 with plans to publish the scores for Action 1 in early 2024.
The MANRS+ Working Group continued to meet during the year to continue working towards an elevated tier of MANRS participation for organizations that comply with more stringent requirements and auditing. Two key outcomes were the MANRS+ concept and a set of control and auditing requirements. In 2024, the working group will focus on developing detailed audit requirements, including descriptions of the audit metrics and creating an extended measurement framework and infrastructure.
As part of our efforts to encourage more people to participate in MANRS and engage our global participants, we participated in 50 events and also held five MANRS Community Events, including the first in the LATAM region, which is home to the greatest number of MANRS participants. A large proportion of this community engagement was coordinated by the fourth cohort of MANRS Champions.
In 2023, three mentors and eight ambassadors worked together in their regions and industries to train engineers in routing security best practices, conduct research on detecting incidents, build new tools for the MANRS community, and help policymakers better understand why routing security matters. Collectively, they conducted 20 training events in eight countries, reaching hundreds of people around the globe.
Another critical engagement involved the MANRS team and some participants continuing years of work with governments to improve routing hygiene in their countries by participating in government workshops and submitting public comments.
In the United States, the Federal Communications Commission (FCC) held a Border Gateway Protocol (BGP) Security Workshop at which MANRS participants highlighted the importance of addressing BGP vulnerabilities and securing Internet routing. Meanwhile in the Netherlands, the Dutch government announced that it will upgrade the routing security of government networks by adopting the RPKI standard before the end of 2024.
Reaching more people and encouraging more networks to become MANRS compliant means we all benefit from a more secure Internet.