![[article image]](https://cacm.acm.org/system/assets/0002/5064/092116_CACMpg49_Rethinking-Security.large.jpg?1476779523&1474481643 "Rethinking Security for Internet Routing, illustration")
On June 12, 2015, an incident in the Asia-Pacific region caused network performance problems for hundreds of thousands of Internet destinations, including Facebook and Amazon.24,37 It was not the result of a natural disaster, a failed transatlantic cable, or a malicious attack. Instead, it resulted from a misconfiguration at a Malaysian ISP that inadvertently exploited the Internet's Border Gateway Protocol (BGP) to disrupt connectivity at networks in Malaysia and beyond. BGP establishes Internet connectivity by setting up routes between independently operated networks. Over the past two decades, several high-profile routing incidents (often resulting from misconfigurations4,8,28,30,37) have regularly demonstrated that BGP is highly vulnerable to malicious attacks. BGP attacks cause a victim network Internet traffic to be rerouted to the attacker's own network. The rerouted traffic might then be dropped before it reaches its legitimate destination4,28,30,37 or, more deviously, be subject to eavesdropping,2,32 traffic analysis,36 or tampering.15,21,34
Key Insights
Barriers to securing BGP. To deal with these vulnerabilities, the Internet community has spent almost two decades considering a variety of protocols for securing BGP.5 Today, however, Internet routing remains largely unprotected by BGP security protocols. The sluggish deployment of BGP security is the result of economic, operational, and policy challenges. The root cause for this situation is that the Internet lacks a single authority that can mandate deployment of BGP security upgrades. Deployment decisions are instead made by independently operated networks according to their own local policy and business objectives. BGP security is adopted by a network only if its security benefits are thought to justify its deployment and operational costs. Moreover, the diversity of BGP security protocols has led to some controversy as to which protocol should actually be deployed. This issue is exacerbated by the fact that each protocol offers different security benefits and comes with different costs.
Russ White
Several things -- the reason BGP security is not deployed is not because "there is no central authority to impose it on the Internet..." The reason is that the folks who design these things haven't come up with something that actually makes sense in the real world in terms of cost versus benefit. Second, path validation in the way BGPSEC does it is not "the gold standard" -- it actually opens its own set of security holes that often simply aren't addressed.
What really needs to happen is a group of like minded operators need to work together to find and build a set of systems that will solve 80% of the problems actually seen, and then to find ways to solve the other 20% over time -- especially as that 20% is likely to change over time. There are already groups working on such solutions -- though they tend to stay "under the radar" because of the many political issues involved with working in this space.
Overall, interesting article, but a somewhat incomplete and one sided view of the problem space and available solutions.