Better routing security through concerted action

There is nearly universal agreement that the Internet routing system is vulnerable to attack, but thoughts on how to address the problem vary from better technolog …

There is nearly universal agreement that the Internet routing system is vulnerable to attack, but thoughts on how to address the problem vary from better technology to peer pressure to business incentives. Routing security requires voluntary actions from every network, but there is little incentive for any individual network to take action. So what do we do? We believe there is enough incentive to implement the minimal, absolutely essential elements of routing security - especially if they are perceived as a common business expectation, a norm. These norms many not necessarily bring tangible benefits to the individual network adhering to them, but they benefit society and the Internet as a whole. Norms can have wide societal support and help expose those who do not adhere to them, allowing for corrective actions. In this talk, we will look at the Internet routing ecosystem and identify three main categories of actors: ISPs, IXPs, and cloud/content providers. We will explore which actions can have the biggest impact on the security of inter-domain routing and look at some of the incidents from 2018 and how they could have been avoided. Finally, we’ll present three minimum baselines for the respective categories and discuss how they can become norms. To make the discussion more interactive, it will include real-time polling of the audience.