{"id":213935,"date":"2024-09-06T20:02:32","date_gmt":"2024-09-06T20:02:32","guid":{"rendered":"https:\/\/www.internetsociety.org\/?p=213935"},"modified":"2025-11-19T21:12:33","modified_gmt":"2025-11-19T21:12:33","slug":"us-government-networks-get-a-security-boost-white-house-roadmap-tackles-routing-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.internetsociety.org\/blog\/2024\/09\/white-house-roadmap-tackles-routing-vulnerabilities\/","title":{"rendered":"US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities"},"content":{"rendered":"\n<p>Released earlier this week, the <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2024\/09\/Roadmap-to-Enhancing-Internet-Routing-Security.pdf\">White House&#8217;s Roadmap to Enhancing Routing Security (\u201cthe Roadmap\u201d)<\/a> is an important step by the US government toward strengthening routing security in the United States. The US has long lagged behind the rest of the world when it comes to routing security.<\/p>\n\n\n\n<p>The Internet Society has been a strong advocate for routing security for over a decade. It has nurtured, developed, and continues to support the <a href=\"https:\/\/manrs.org\/\">Mutually Agreed Norms for Routing Security initiative<\/a> (MANRS), which is a voluntary, controls-based, industry-led effort to enhance routing security, now a project of the Global Cyber Alliance.<\/p>\n\n\n\n<p>While the US industry has made impressive gains in recent years, the routing security of government networks has remained significantly behind. That\u2019s why the Roadmap, along with the Office of the National Cyber Director\u2019s (ONCD) efforts to tackle significant challenges facing the adoption of best practices by federal networks, is so important.<\/p>\n\n\n\n<div class=\"wp-block-cover is-light\" style=\"min-height:304px;aspect-ratio:unset;\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-neutral-white-background-color has-background-dim-100 has-background-dim\"><\/span><div class=\"wp-block-cover__inner-container is-layout-constrained wp-block-cover-is-layout-constrained\">\n<h4 class=\"wp-block-heading\">How Does Internet Routing Work?<\/h4>\n\n\n\n<p>Internet routing, the invisible backbone of the digital age, silently directs trillions of data packets every second, ensuring our global connectivity and powering modern life and the economy. We wouldn\u2019t have an Internet if the networks didn\u2019t know how to send packets to the right destination! That means that the security of how information is routed across the Internet is vital. Just like sending a physical package through the mail, users don\u2019t want their Internet packets to be lost, sent an overly complicated and slow path, or sent to the wrong destination.<\/p>\n<\/div><\/div>\n\n\n\n<p>Governments have <a href=\"https:\/\/www.internetsociety.org\/resources\/doc\/2018\/routing-security-for-policymakers\/\">an important and nuanced role<\/a> to play in improving the security of the routing ecosystem. We are incredibly excited that the Roadmap demonstrates a strong understanding of the importance of routing security best practices while recognizing these nuances. <\/p>\n\n\n\n<p>The Roadmap avoids suggesting top-down mandates for the private sector, which could unintentionally <a href=\"https:\/\/www.internetsociety.org\/blog\/2024\/04\/the-us-fcc-signals-a-dangerous-new-course-on-bgp-security\/\">undermine the evolving security of our routing system<\/a>. The Roadmap also appropriately acknowledges the diversity of networks and their varying capabilities and needs in implementing routing security best practices.<\/p>\n\n\n\n<p>The Roadmap also recognizes that US government&#8217;s federal networks still have a lot of work to do in terms of routing security. As the Roadmap notes, one of the biggest challenges facing the adoption of resource public key infrastructure (RPKI) on federal networks is a legal contract problem with the American Registry for Internet Numbers (ARIN). This was preventing federal networks from being able to register their routes cryptographically using RPKI, an important step towards improving routing security.<\/p>\n\n\n\n<figure class=\"wp-block-table has-12-font-size\"><table><thead><tr><th><\/th><th>August 2023<\/th><th>August 2024<\/th><\/tr><\/thead><tbody><tr><td>Valid<\/td><td>87<\/td><td>215<\/td><\/tr><tr><td>Unknown<\/td><td>15,755<\/td><td>17,788<\/td><\/tr><tr><td>Invalid<\/td><td>2<\/td><td>2<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">Figure 1. Route Announcements with RPKI validated prefixes from August 2023 to August 2024, US Federal Networks. Data collected from the <a href=\"https:\/\/observatory.manrs.org\/#\/overview\">MANRS Observatory<\/a>.<\/figcaption><\/figure>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The Office of the National Cyber Director (ONCD) led an effort with ARIN and other agencies \u201cto resolve barriers to Federal agencies\u2019 signing of the ARIN Registration Services Agreement (RSA) and develop a Federal RSA template addendum that can be used by Federal departments and agencies to facilitate their adoption of RPKI and other ARIN services.\u201d This effort has already made a significant impact. <\/p>\n\n\n\n<p>While the number of routes announced by federal networks being able to be validated using RPKI remains small, the number has doubled since August 2023 (see Figure 1). As noted in the Roadmap, around 21% of the IPv4 address space in the ARIN region is held by the US federal government. Improving the routing security of federal networks alone would have a large impact on the routing security ecosystem globally.<\/p>\n\n\n\n<p>Additionally, the Roadmap&#8217;s recommendations regarding federal procurement and grant guidance utilize the unique strengths of the federal government as one of the largest consumers to incentivize the use and implementation of best practices. The United States government now requires strong routing security practices from its network providers, sending a clear message to the private sector to demand good routing security practices.<\/p>\n\n\n\n<p>The Roadmap is an important step towards improving routing security in the United States. However, it is just the beginning. It is up to federal agencies to begin implementing these actions to improve routing security in the United States.<\/p>\n\n\n\n<p>At the same time, it is critical that the US government does not misstep and take actions that lean more towards top-down mandates. As the Federal Communications Commission continues to weigh its own actions around routing security, it is vital that the Roadmap\u2019s guidance is reflected in any future FCC action.<\/p>\n\n\n\n<h5 class=\"wp-block-heading has-accent-purple-color has-text-color has-link-color wp-elements-9490615f51cb9b7eb3bbd3dfe38f545e\">Secure global routing makes the Internet safer and more resilient. Learn more about\u00a0<a href=\"https:\/\/www.internetsociety.org\/action-plan\/securing-global-routing\/\" target=\"_blank\" rel=\"noreferrer noopener\">the work we\u2019re doing\u00a0<\/a>for better routing security.<\/h5>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-18-font-size\">Image \u00a9 Photo by <a href=\"https:\/\/unsplash.com\/@renedeanda\">Ren\u00e9 DeAnda<\/a> on <a href=\"https:\/\/unsplash.com\/photos\/architectural-photography-of-white-house-zfKlCKK-Ql0\">Unsplash<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The White House&#8217;s Roadmap to Enhancing Routing Security is an important step toward strengthening routing security in the United States. <\/p>\n","protected":false},"author":1029,"featured_media":213943,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","footnotes":""},"categories":[6147,92,1159,4898,4738],"tags":[4811,782],"region_news_regions":[37],"content_category":[6085],"ppma_author":[4063],"class_list":["post-213935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-the-internet-works","category-deploy360","category-manrs","category-strong-internet","category-security-1","tag-mutually-agreed-norms-for-routing-security-manrs","tag-routing-security","region_news_regions-north-america","content_category-blog-type"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House.jpg",1440,500,false],"thumbnail":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House-150x150.jpg",150,150,true],"medium":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House-450x156.jpg",450,156,true],"medium_large":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House-768x267.jpg",768,267,true],"large":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House-1024x356.jpg",1024,356,true],"1536x1536":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House.jpg",1440,500,false],"2048x2048":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House.jpg",1440,500,false],"post-thumbnail":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House-250x87.jpg",250,87,true],"square":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House-600x500.jpg",600,500,true],"gform-image-choice-sm":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House.jpg",300,104,false],"gform-image-choice-md":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House.jpg",400,139,false],"gform-image-choice-lg":["https:\/\/www.internetsociety.org\/wp-content\/uploads\/2024\/09\/White-House.jpg",600,208,false]},"uagb_author_info":{"display_name":"Ryan Polk","author_link":"https:\/\/www.internetsociety.org\/author\/polk\/"},"uagb_comment_info":0,"uagb_excerpt":"The White House's Roadmap to Enhancing Routing Security is an important step toward strengthening routing security in the United States.","authors":[{"term_id":4063,"user_id":1029,"is_guest":0,"slug":"polk","display_name":"Ryan Polk","avatar_url":{"url":"https:\/\/www.internetsociety.org\/wp-content\/uploads\/2022\/06\/Ryan-Polk.jpg","url2x":"https:\/\/www.internetsociety.org\/wp-content\/uploads\/2022\/06\/Ryan-Polk.jpg"},"author_category":"","last_name":"Polk","first_name":"Ryan Polk","job_title":"","user_url":"","description":""}],"_links":{"self":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/posts\/213935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/users\/1029"}],"replies":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/comments?post=213935"}],"version-history":[{"count":0,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/posts\/213935\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/media\/213943"}],"wp:attachment":[{"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/media?parent=213935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/categories?post=213935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/tags?post=213935"},{"taxonomy":"region_news_regions","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/region_news_regions?post=213935"},{"taxonomy":"content_category","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/content_category?post=213935"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.internetsociety.org\/wp-json\/wp\/v2\/ppma_author?post=213935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}