Latest in the News: RPKI, BGP and Other Internet Security Best Practices

At times, internet security best practices do not cross the minds of internet users. That is because they often assume that internet-connected devices are relatively secure and that as long as they do not visit suspicious sites or respond to spam emails, they will be safe. Of course, things are a little more complicated than that. 

It is true that what we do can significantly influence our own virtual security. However, internet security, in most cases, is in the hands of technology developers and device manufacturers.  

The Resource Public Key Infrastructure (RPKI) was introduced in 2008 to support the Border Gateway Protocol (BGP) routing infrastructure. It was clear from the get-go how important this framework would be. Today, network security researchers still keep pushing for wider RPKI adoption. The developers and manufacturers of internet-connected devices also have a long way to go to ensure security for end users. 

Dutch network security researchers highlight the importance of RPKI ROV

Route Origin Authorization (ROA) enables classifying BGP announcements as valid, invalid or not found. The general rule of thumb is that network operators reject invalid announcements. 

Koen van Hove, a network security researcher at the University of Twente, took part in an experiment related to RPKI ROV (route origin validation). During the experiment, the researchers investigated where traffic goes. They concluded that 75% of the traffic reached the intended location, thus highlighting the importance of RPKI ROV. 

More on the topic: Where did my packet go? Measuring the impact of RPKI ROV 

FCC prepares to tackle BPG vulnerabilities

It is important to research internet security, but it is perhaps even more important to apply the findings and introduce changes. That is why the US Department of Justice and the Department of Defense support Federal Communications Commission’s advances to improve internet routing security. 

According to the FCC, BGP vulnerabilities place personal and commercial data at risk of “theft, espionage and sabotage.” The commission claims that while BGP is essential for effective routing, it essentially has no security features. FCC hopes that new technical security standards and more transparency can help ensure better internet security overall.  

More on the topic: Department of Justice and Department of Defense Support Federal Communications Commission Inquiry into Internet Security 

The EU aims to protect the users of internet-connected devices

The first of its kind, the Cyber Resilience Act, introduced by the European Union, aims to enhance the security of all wired and wireless devices connected to the internet. The Act targets hardware and software manufacturers and developers responsible for the products within the EU market.  

According to the EU Cyber Resilience Act announcement, the Act will protect end users by ensuring they are properly informed. It is argued that while manufacturers may face reputational damage when cyberattacks affect their products, the end users are the ones who pay for the exploited vulnerabilities. Especially when they do not have sufficient information about their products and how they are secured.  

More on the topic: State of the Union: EU Cyber Resilience Act – Questions & Answers