An Internet Society White Paper

October 2018

Although unseen to the average user, Internet Protocol (IP) routing underpins the Internet. By ensuring that packets[1] go where they are supposed to, routing[2] has a central role in the reliable function of the Internet. It ensures that emails reach the right recipients, e-commerce sites remain operational, and e-government services continue to serve citizens. The security of the global routing system is crucial to the Internet’s continued growth and to safeguard the opportunities it provides for all users.

Every year, thousands of routing incidents[3] occur, each with the potential to harm user trust and handicap the Internet’s potential.[4] These routing incidents can also create real economic harms. Key services may become unreachable, disrupting the ability of companies and users to participate in e-commerce.[5] Or packets may get diverted through malicious networks, providing an opportunity to spy on them.[6] While known security measures can address many of these routing incidents, misaligned incentives limit their use.

All stakeholders including policymakers, must take steps to strengthen the security of the global routing system.[7] This can only be done while also preserving the vital aspects of the routing system that have enabled the Internet to be so ubiquitous and improving their security.  Through leading by example in their own networks, strengthening communication, and helping realign incentives to favor stronger security, policymakers can help improve the routing security ecosystem.

Read and download “Routing Security for Policymakers.

The white paper is also available in French and Spanish.

Endnotes

[1] Network packets or “packets,” are data sent over a network or networks.
[2] Routing is the practice of determining the way to get data from one location to another location over a network or multiple networks.
[3] Routing incidents are Border Gateway Protocol updates that have a negative impact.
[4] https://www.internetsociety.org/blog/2018/01/14000-incidents-2017-routing-security-year-review/
[5] For example, in April 2017, a route leak caused a “large-scale internet disruption that slowed or blocked access to websites and online services for dozens of Japanese companies.” https://bgpmon.net/bgp-leak-causing-internet-outages-in-japan-and-beyond/
[6] For several minutes in April of 2017, a network operator suspiciously hijacked the Internet traffic of several financial services. If intentional, the hijack could have been used to allow the network operator to read unencrypted financial information as it passed through its networks, or to attempt to decrypt encrypted financial information.  https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/
[7] While other forms of security (e.g. physical security or data security) are important for all stakeholders, including network operators, this policy brief is scoped to focus solely on improving routing security. For more information on securing the infrastructure of Internet service providers please see: https://www.rfc-editor.org/rfc/rfc3871.txt