April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
The National Cybersecurity Center of Excellence (NCCoE) is pleased to announce the release of a new draft project description: Secure Inter-Domain Routing: Route Hijacks
Since the creation of the internet, the Border Gateway Protocol (BGP) has been the default routing protocol to route traffic among organizations (Internet Service Providers (ISPs) and Autonomous Systems (ASes)). While the BGP protocol performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited. As a result, attacks against internet routing functions are a significant and systemic threat to internet-based information systems. The consequences of these attacks can: (1) deny access to internet services; (2) detour internet traffic to permit eavesdropping and to facilitate on-path attacks on endpoints (sites); (3) misdeliver internet network traffic to malicious endpoints; (4) undermine IP address-based reputation and filtering systems; and (5) cause routing instability in the internet.
To improve the security of inter-domain routing traffic exchange, NIST has begun development of a Special Publication (SP 800-189 – in preparation) that provides security recommendations for the use of Inter-Domain protocols and routing technologies. These recommendations aim to protect the integrity of internet traffic exchange. Implementing BGP Route Origin Validation (ROV) based upon the Resource Public Key Infrastructure (RPKI) can mitigate accidental and malicious attacks associated with route hijacking. The NCCoE understands that organizations and individuals have internet performance expectations, requirements, and the need to protect against malicious cyber attacks. It is expected that eventual wide-scale deployment of RPKI-based ROV will significantly enhance the overall security and robustness of the internet.
We value and welcome your input. Please submit your comments on the Secure Inter-Domain Routing project description draft by Thursday, June 29, 2017.
After the project description is finalized, NCCoE cybersecurity experts will collaborate with Internet Service Provider (ISP) and Autonomous System (AS) organizations as well as vendors of cybersecurity technologies to develop a reference design addressing this challenge. The project will result in a NIST Cybersecurity Practice Guide (SP 1800 series) that will detail an approach that can be used by organizations to improve their cybersecurity.
Interested in joining our Community of Interest to guide this project as it moves forward? Send us an email at [email protected].