MANRS mission aligns closely with Team Cymru’s objective of reducing the most common threats to the Internet’s routing system through technical and collaborative action across the Internet.
The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, today announced that Team Cymru has joined the program. MANRS mission aligns closely with Team Cymru’s objective of reducing the most common threats to the Internet’s routing system.
Routing security is vital to the future and stability of the Internet. Last year alone, there were 12,600 routing outages or incidents, such as route hijacking and leaks, that led to large-scale Distributed Denial of Service (DDoS) attacks, stolen data, lost revenue, reputational damage, and more. Whether it’s a planned attack or a configuration mistake, routing incidents have global impact and in many cases are difficult to detect.
MANRS addresses these threats through technical and collaborative action across the Internet, creating a baseline of routing security for network operators around the world. Those who join MANRS agree to specific actions to improve the resilience and security of the routing infrastructure to keep the Internet safe for businesses and consumers alike. Over 300 ISPs as well as IXPs, CDNs and cloud networks now participate.
Team Cymru, a trusted leader in Internet Security across the globe, will join MANRS’ efforts to secure the Border Gateway Protocol (BGP). One of Team Cymru’s longest running services, the Bogon Reference Project, seeks to assist network operators in increasing their routing policy security. Team Cymru’s Unwanted Traffic Removal Service (UTRS) runs over BGP, and the company maintains searchable records of changes to the global routing table for audit purposes. The spirit of the MANRS effort resonates with Team Cymru’s vision of a more secure Internet brought about by coordinated community engagement and response.
“We joined MANRS because we believe in the community of the Internet and the potential it creates. MANRS captures the spirit of efficient and safe networking and shows that when the community comes together, and when there is a growing sense of shared responsibility, we can protect the core of the Internet. We look forward to doing our part to make MANRS and the Internet as successful as possible,” said David Monnier, Team Cymru Fellow and Director of Client Success at Team Cymru.
Awareness of MANRS and routing security in general has also been increasing in the wider world. In January 2020, a World Economic Forum (WEF) report recommended that ISPs should strongly consider joining MANRS to improve the security of the Internet’s global routing system.
“Having Team Cymru as part of the MANRS community is an important step in adding routing security information to existing data sources such as the MANRS Observatory. Team Cymru is the first cybersecurity team to join the MANRS initiative and will help increase visibility of routing security issues that have not traditionally been part of CSIRT (Computer Security & Incident Response Team) portfolios,” said Aftab Siddiqui, Internet Society’s Senior Manager of Internet Technology.
MANRS comprises simple but concrete steps for network operators that are essential to improving Internet security and reliability. In joining MANRS, participants commit to implement actions to address common challenges related to routing security:
- Filtering: prevents the propagation of incorrect routing information. This technique provides assurance against configuration errors that can lead to “hijacking” traffic directed to other networks, resulting in widespread outages.
- Anti-spoofing: prevents traffic with spoofed source IP addresses, a practice that can help dramatically diminish the prevalence and impact of distributed denial of service (DDoS) attacks.
- Coordination: facilitates timely communication and coordination among peers, which is essential for incident mitigation and better assurance of the technical quality of relationships.
- Global validation: encourages network operators to publish routing data, which is essential for limiting the scope of routing incidents, making the global system more resilient.