White House brands BGP routing a ‘national security concern’ as it unveils reform roadmap

Despite this, the roadmap identifies various blocks slowing down a BGP overhaul long term. One is that the adverse effects of its insecurity are often not felt directly by service providers for whom investment offers no direct financial return. Nor does it help that some providers will also need to replace or upgrade routers to be compatible with ROV.

Pushing back, the ONCD recommends that ISPs audit the technical effects ROA and ROV implementation might have on their organization and include the issue of BGP security as part of cybersecurity risk assessments.

The full recommendations run to multiple points, which also go into detail as to how ISPs should draw up contracts for IP transit, cloud and infrastructure. The bigger message is clear: service providers should monitor the quality and threat profile of their BGP setup rather than leaving other people to clean up the mess.   

Anyone working in the ISP space will need to read the roadmap’s ROA and ROV recommendations carefully. For larger ISPs, certainly, these mitigations are now part of best practice. 

Going it alone?

Network World spoke to experienced Internet expert and former journalist Kieren McCarthy, who was positive about the ONCD banging heads together to get broader adoption. However, he had some reservations.

“What is a little worrying is that the US government appears to going on its own, even setting up a new working group whose members it hasn’t announced,” said McCarthy.