MANRS Group Intends to Ramp Up Internet Routing Security

A group of Big Tech companies — including Akamai, Amazon, Facebook, Google, Microsoft and Netflix — have signed on to Mutually Agreed Norms for Routing Security (MANRS), a group designed to improve the Internet’s routing security. The ability to hijack Internet connections has proven too tempting and too easy for some evildoers, and MANRS is intended to tighten up security in an environment that has emboldened criminals and nation-state spies to create ever-bigger, more dangerous disruptions.

The Register reports that, “the MANRS group pushes four main approaches, two technical and two cultural: filtering, anti-spoofing, and then coordination and validation.” In combination, it says, those efforts “help weed out bad routing information and so reduce the ability to carry out attacks.”

With the recent sign-ups of Azion and Cloudflare, MANRS now has a membership of “up to over 300 organizations and cover[s] a significant chunk of global Internet traffic (roughly 50 percent in fact).” Cloudflare CTO John Graham-Cumming added that, “route leaks have a cascading negative impact on businesses, and coordinated action is needed by the Internet infrastructure community to improve the security, resilience, and reliability of networks.”

Netflix Open Connect’s vice president Gina Haspilaire said that, “a secure routing framework is essential to maintaining the ongoing health and stability of the global Internet, and MANRS provides the resources to develop, foster, and promote this framework.”

Because these companies “interconnect with thousands of other networks,” the hope is that their MANRS membership “will lead to concrete action among the roughly 60,000 network operators that make up the global Internet — and that routing security will be taken more seriously.”

According to Internet Society senior director for technology programs Andrei Robachevsky, the hope is that this “will lead to a significant reduction in the number of route hijackings, blunders, and misconfigurations … [by building] peer pressure inside the community” as well as increasing scalability and providing more transparency. He reported that there’s been a decrease in incidents “in each of the three years that MANRS has been running and expanding.”

Although MANRS has added new features, “only members can see behind the curtain where those network operators that are causing most of the problems are visible.” Robachevsky also said it is too early for trend analysis that would point to the worst offenders, noting that “most routing problems are more a result of bad configuration settings and lax security controls by operators.”

“You have to create a process and have a security framework that creates ongoing checks on compliance,” he said, calling the situation an “arms race.”

Every new MANRS member “is given an audit check … that may need to be expanded to occasional spot-checks to ensure that organizations remain compliant with the group’s standards.” When The Register pointed out China Telecom as one “that has been repeatedly fingered as a source of problematic routing,” Robachevsky said the network had already reached out to MANRS and “seemed genuinely interested in working with MANRS to fix its issues.”