Comment Period Closes on Monday, October 15
The National Cybersecurity Center of Excellence (NCCoE) recently released draft practice guide National Institute of Standards and Technology Special Publication 1800-14: Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation. We look forward to receiving your comments on the guide regarding the approach, the architectures, and possible alternatives.
The comment period is open until October 15, 2018. Submit comments online or via email to sidr-nccoe@nist.gov.
Key Considerations When Commenting
Comments on the draft practice guide can be supportive or critical and may include suggestions for changes or additions that you believe will improve the project.
Some questions to consider as you review the document and provide feedback:
- The guide was designed to help organizations prepare for and mitigate a route hijack attack that may result in a denial of access to internet services, delivery of traffic to malicious end points, or routing instability. Did you find the guide useful to prevent and/or respond to such an occurrence?
- Has the draft guide helped your organization better understand the risk, security, and/or technology to implement BGP Route Origin Validation (ROV)?
- Do you have feedback on the implementation of BGP ROV?
About the Guide
It is difficult to overstate the importance of the internet to modern business and society in general. The internet is not a single network but rather a complex grid of independent, interconnected networks that relies on a protocol known as BGP to route traffic to its intended destination.
Unfortunately, BGP was not designed with security in mind and a route hijack attack can deny access to internet services, misdeliver traffic to malicious endpoints, and cause routing instability. A technique known as BPG ROV is designed to protect against route hijacking.
The NCCoE, together with several technology vendors, has developed proof-of-concept demonstrations of BGP ROV implementation designed to improve the security of the internet’s routing infrastructure.
This cybersecurity practice guide contains step-by-step example solutions using commercially available technologies. By implementing the example solutions, organizations can better secure the safe delivery of internet traffic to its intended destination, reduce the number of outages due to BGP route hijacks, and make more informed decisions regarding routes that may be compromised.
The draft practice guide is available for download here.
Your feedback is important to us, and we look forward to receiving your comments on this draft guide.