![Page 1: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/1.jpg)
www.internetsociety.org
What do we know about routing resilience and how to make it better? Internet Society
![Page 2: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/2.jpg)
The Challenge
Economic factors– Externalities, information asymmetry, free riding
Technical factors– Technology building blocks
– Common understanding of the problem
– Common understanding of solutions
Social factors
– Collective responsibility
– Collaborative spirit
![Page 3: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/3.jpg)
Global Internet Routing Infrastructure
Our global commons
– We all depend on and benefit from it
Far reaching effects
– Configuration errors, malicious actors
– Example: Indosat event
Interconnectivity and interdependence– “Inward” and “Outward” risks
– Example: 300Gbps attack on Spamhaus
![Page 4: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/4.jpg)
www.internetsociety.org
Routing resilience survey
![Page 5: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/5.jpg)
How “risky” is the global routing system?
How often do incidents happen?– Routing Resilience Measurements Workshop
http://www.internetsociety.org/doc/report-routing-resiliency-measurements-workshop
– Frequency very much depends on the threshold for false positives
What is the impact?– Data are missing, sensitive or not collected at all
– Risk assessment is a guess at best
Is your network affected?
– Detect incidents
– Eliminate false positives
– Assess the impact
Are you adequately protected?
![Page 6: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/6.jpg)
https://www.internetsociety.org/rrs/
![Page 7: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/7.jpg)
Data collection
Network Information– Once, during the initial sign up.– Network type, connectivity, and practices used in mitigating routing security incidents. It should take approximately 10-15 minutes to fill out the registration form.
Data related to routing security incidents via an automated monitoring effort
– On first login a “historical” overview will be presented, listing detected suspicious events over last 6-12 months
– After that once a week newly detected suspicious events are collected and displayed in the portal
– Participants are asked to validate and classify these events Impact: severe, moderate, insignificant, not an incident
Detection: monitoring system, customer call, this alert
![Page 8: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/8.jpg)
Evidence based risk analysis
64500
64500
64500
64500
64500
64500
![Page 9: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/9.jpg)
Evidence based risk analysis
64500
64500
64500
64500
64500
64500
Check and Classify
![Page 10: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/10.jpg)
Confidentiality concerns
We understand the sensitivity of some of the data involved in this effort. Therefore, the Internet Society is committed to ensuring participant-specific information remains confidential.
All data collected is stored on Internet Society servers. Any information or analyses shared beyond a specific network will be fully anonymized.
![Page 11: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/11.jpg)
Some statistics: participation
4 months
24 participants
311 networks
442 events registered
264 events classified
![Page 12: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/12.jpg)
0
5
10
15
20
25
30
35
408/28/11
9/28/11
10/28/11
11/28/11
12/28/11
1/28/12
2/28/12
3/28/12
4/28/12
5/28/12
6/28/12
7/28/12
8/28/12
9/28/12
10/28/12
11/28/12
12/28/12
1/28/13
2/28/13
3/31/13
4/30/13
5/31/13
6/30/13
7/31/13
8/31/13
9/30/13
10/31/13
11/30/13
12/31/13
1/31/14
Unknown
Not an incident
Insignificant
Moderate
Severe
Impact severity
![Page 13: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/13.jpg)
Impact severity (II)
1%3%
6%
42%48% Severe
Moderate
Insignifcant
Unknown
Not an incident
![Page 14: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/14.jpg)
How did you learn about the event?
NMS Alert
Customer Call
RRS Alert
Not an incident
![Page 15: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/15.jpg)
Interested in Participating?
If you decide to participate, please send a request for the creation of your account to [email protected].
In the request please indicate – your AS number and – e-mail address for notifications.
You may also include AS numbers of your customers for which you would like to monitor and classify related security incidents.
![Page 16: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/16.jpg)
www.internetsociety.org
Collective responsibility and collaboration for Routing Resilience and Security
![Page 17: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/17.jpg)
Routing Resilience Manifesto
- Principles of addressing issues of routing resilience- Interdependence and reciprocity (including collaboration)
- Commitment to Best Practices
- Encouragement of customers and peers
- Guidelines indicating the most important requirements- BGP Filtering
- Anti-spoofing
- Coordination and collaboration
![Page 18: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/18.jpg)
Anti-spoofing movement
spoofed traffi c
normal traffi c
Networks not allowing IP-spoofing
test ing site
![Page 19: ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience](https://reader033.vdocuments.site/reader033/viewer/2022060205/55a1d7891a28abe5318b480b/html5/thumbnails/19.jpg)
Objectives
•Raise awareness and encourage actions by demonstrating commitment of the growing group of supporters
•Demonstrate industry ability to address complex issues
•Provide guidance