The global routing system determines how everything, from
email messages to videoconferences to website content, moves from network to
network across our shared cyberspace. It is, in many ways, the real backbone of
the Internet, and this is why the Mutually Agreed Norms for Routing Security
(MANRS), intended to protect this system, was one of the first initiatives
that the Cybersecurity Tech Accord endorsed in 2018. Furthermore, a number of
signatories, including KPN, Microsoft, NTT, Orange, Oracle, and Swisscom, have
since worked to implement MANRS within their own organizations to improve
security for users and customers.
Our initial endorsement also led to the creation of a
working group, which was tasked with investigating how companies beyond network
operators and IXPs could contribute to routing security. Initially established
as an exploration between the Cybersecurity Tech Accord and the Internet
Society, it has grown in scope and brought in other technology players. Working
together, we have developed a set of six actions that determine how cloud
providers and content delivery networks can do to further support routing
security. These are:
- Prevent propagation of incorrect
routing information. Cloud providers and content
delivery networks often have their own internal networks, as well as peering
relationships, where good filtering practice should still apply to help prevent
propagation of incorrect routing information. - Prevent traffic from illegitimate
source IP addresses by implementing anti-spoofing
controls to prevent packets with illegitimate source IP addresses from leaving
the network. - Facilitate global operational
communication and coordination
by maintaining up-to-date contact information in PeeringDB and relevant WHOIS RIR
databases. - Facilitate validation of routing
information on a global scale
by documenting ASNs and prefixes that are intended to be advertised to external
parties in either IRRs or an RPKI repository. - Encourage MANRS adoption by the technology industry. The adoption of these norms has
a multiplying effect, whereby the greater the number of adopters, the more
secure the entire routing system becomes. - Provide monitoring and debugging
tools to peering partners to facilitate
easy resolution of any challenges that may arise and ensure there is a clear
feedback mechanism available.
This global initiative represents an important effort to
improve cyber hygiene by promoting crucial fixes that reduce the most common
threats to routing security. As such, it was also highlighted in our commitment
to promote the cyber hygiene as part Paris Call for Trust and Security in
Cyberspace. The global Internet routing system does not, on its own, have
sufficient security controls to prevent the existence of false routing
information, which results in hundreds of incidents involving misrouted traffic
and denials of service every year. MANRS helps overcome this problem by
establishing a security baseline of concrete actions for network operators. The
steady adoption of the initiative – with over 200 network operators and 30 IXPs
on board to-date – demonstrates the power of partnership and collective response.
But more still needs to be done.
The Cybersecurity Tech Accord signatories strongly believe
that a more robust and secure global routing infrastructure demands shared
responsibility and coordinated actions from a community of security-minded
organizations. We see the efforts undertaken so far under the MANRS initiative
as a fantastic example of different stakeholders partnering towards a common
objective – a more secure environment, benefiting all of us. from users, to
governments and the industry. As such, we believe this effort firmly falls
under the 4th principle guiding our efforts – partnering with each
other and with likeminded groups to enhance cybersecurity. To this end a number
of our signatories, including Cloudflare, Facebook, Microsoft, Oracle, and
Telefonica, actively contributed to the working group, and we are determined to
see even more implement it.
For more information on MANRS, please visit the Internet Society website.
The post The MANRS initiative: Ensuring good practices are readily accessible to an even broader set of industry players appeared first on Cybersecurity Tech Accord.