The National Institute of Standards and Technology is seeking public comments on its draft guidance on securing internet routing, particularly Border Gateway Protocol, or BGP. The draft document published Friday provides information and recommendations on how information security officers and managers can prevent internet routing incidents across federal enterprise networks.
The BGP is the routing protocol that distributes compute pathways between autonomous networks, allowing for the seamless transfer of information. It is a critical component of the internet, which is why its security, especially in government, is paramount.
Table of Contents
BGP Vulnerabilities, Solutions
According to NIST, the guidance is part of its response to increasing internet routing incidents, especially involving BGP. The BGP reportedly lacks security and resilience, making it vulnerable to malicious attacks.
Threats targeting the BGP include prefix hijacking and route leaks, which can result in denial of service and network performance degradation.
Another internet routing vulnerability is source address spoofing to avoid traceability. Many malicious actors use IP source address spoofing to carry out denial of service attacks, potentially crippling a target network.
The draft document identifies all vulnerabilities associated with BGP, and provides mitigation strategies to potential risks.
For instance, NIST recommends Resource Public Key Infrastructure certification and Route Origin Authorization to enhance internet routing security and resilience. The agency also listed down technologies that can minimize vulnerabilities such as remotely triggered black hole filtering, source address validation and unicast Reverse Path Forwarding.
Comments on the public draft of the NIST Special Publication 800-189, Border Gateway Protocol Security and Resilience will be accepted until Feb. 25.
Wider Government Effort to Strengthen Internet Routing Security
The NIST publication is part of the U.S. government’s efforts to address the vulnerabilities of internet routing. The White House Office of the National Cyber Director on Sept. 4, 2024, published a 19-page report titled ”Roadmap to Enhancing Internet Routing Security.”
The ONCD also partnered with the Cybersecurity and Infrastructure Security Agency to establish the Internet Routing Security Working Group. The working group will create a risk assessment framework for network operators to prioritize IP address resources.