The Register: White House thinks it’s time to fix the insecure glue of the internet: Yup, BGP

Source URL: https://www.theregister.com/2024/09/03/white_house_bgp_security/
Source: The Register
Title: White House thinks it’s time to fix the insecure glue of the internet: Yup, BGP

Feedly Summary: Better late than never
The White House on Tuesday indicated it hopes to shore up the weak security of internet routing, specifically the Border Gateway Protocol (BGP).…

AI Summary and Description: Yes

Summary: The White House is taking steps to enhance the security of the Border Gateway Protocol (BGP), a critical component of internet infrastructure that has long been vulnerable to security issues. The recent roadmap published by the Office of the National Cyber Director highlights the importance of implementing cryptographic authentication measures like Resource Public Key Infrastructure (RPKI) to mitigate these risks, which are increasingly viewed as a national security priority.

Detailed Description:

– The Border Gateway Protocol (BGP) is vital for traffic management between autonomous systems on the internet; however, it was not designed with security considerations, leading to significant vulnerabilities.
– The White House’s report highlights several longstanding issues with BGP, including:
– Lack of verification for whether a remote network can announce a traffic path change.
– Absence of measures to authenticate messages exchanged between networks, thereby allowing route hijackings.
– Notable historical examples of BGP vulnerabilities include:
– The 2008 incident where Pakistan cut off YouTube traffic.
– A 2022 occurrence where Russia manipulated BGP to disrupt Twitter during the Ukraine invasion.
– Route hijacking poses serious risks, such as:
– Exposure of personal information.
– Facilitation of theft, extortion, and espionage.
– Disruption of security-critical transactions and critical infrastructure.
– While many incidents are accidental, the increasing prevalence of malicious exploitation makes addressing BGP vulnerabilities a national security concern.
– The US Department of Justice and Defense has officially recognized this issue, highlighting past errant actions by entities like China Telecom Americas, which has a history of misrouting American traffic.
– The report advocates for more widespread adoption of Resource Public Key Infrastructure (RPKI), which provides a cryptographic approach for authenticating BGP route announcements.
– RPKI tools like Route Origin Validation (ROV) and Route Origin Authorization (ROA) are available to enhance BGP security, but they are not widely implemented.
– Current adoption rates reveal a disparity, with 70% of BGP routes in Europe having RPKI measures compared to only 39% in the US.
– The roadmap aims to catalyze RPKI adoption across both public and private sectors in the United States.
– The Federal government is positioning itself to lead by example, emphasizing the importance of BGP security for overall internet reliability.

– Key Takeaways:
– BGP is integral to internet functioning yet poses significant security risks.
– There’s a compelling need for improved security protocols, especially in the face of national security risks.
– Adoption of RPKI and associated measures must be accelerated to safeguard the internet infrastructure effectively.