How can we work together to improve the security and resilience of the global routing system? Vulnerabilities are well known and have manifested themselves many times – from the YouTube incident, to China’s deflection of Internet traffic, to the Indosat incident.
Last year, we published “Understanding Security and Resilience of the Internet” in which we explained our view that collaboration is an essential component of effective security – “Ultimately, it is people that hold the Internet together.” There are several technologies and best practices available to mitigate these risks, but the traditional approach of just protecting our own assets is not good enough; the Internet demands a sense of collective stewardship and shared responsibility to be truly secure and truly resilient to attack.
A small group of network operators has been working on defining a minimal – but absolutely feasible – package of recommended measures that, if deployed on a wide scale, could result in visible improvements to the security and resilience of the global routing system. Many operators are ahead of the curve and already implement much more than the proposed recommendations. But we believe that gathering support for these relatively small steps could pave the road to more significant actions on a global scale.
We called this set of recommendations a Routing Resilience Manifesto. You can find the proposed document here: https://www.routingmanifesto.org/.
This initial Manifesto was drafted by a small group, but we need a wider community review, your feedback, and, ultimately, your support to make this initiative fly. It was already presented at several venues, like RIPE and NANOG, and now we open it for a more detailed review. This is very much a work in progress and your input is essential in improving the document. For example, it would be useful if we could point to specific BCOPs and other documents providing detailed guidance on implementing the Manifesto recommendations.
I invite you to read the document and send your feedback and text suggestions online or via firstname.lastname@example.org by 31 August 2014.
Once the document gets a thorough community review and the feedback is incorporated, we will be ready for the next phase – spreading the word and mounting support for the recommendations outlined in the Manifesto.
The objective is to publish this Manifesto along with a growing list of supporters – operators that publicly commit to collective responsibility and collaboration for routing resilience and security and implement the measures defined in the Manifesto.
In the meantime, please review the document and also think whether you’d be able to publicly commit to this Manifesto. Why or why not? This feedback is also important.