Internet Routing Security Reaches Milestone Growth
How collaborative standards strengthened global routing protection
The Accelerating Momentum Behind Global Routing Security Initiatives
The year 2020 marked a transformative period for Internet infrastructure security, particularly in the realm of routing protocols and Border Gateway Protocol (BGP) management. As digital connectivity became increasingly critical to global operations amid unprecedented global circumstances, the importance of securing how data packets travel across the Internet gained heightened attention from network operators, Internet service providers, and technology organizations worldwide. This convergence of necessity and awareness created an environment where collaborative security standards flourished, demonstrating that the industry could unite around common technical objectives to strengthen the entire Internet ecosystem.
Unprecedented Expansion in Network Operator Participation
The most striking development in 2020 was the explosive growth in organizations committing to routing security best practices. What began as a modest initiative years earlier had evolved into a movement that nearly doubled its participant base within a single calendar year. By the end of 2020, the community had expanded to include nearly 600 participating entities managing over 650 autonomous systems, representing operations distributed across more than 60 countries and every inhabited continent. This geographic diversity underscored that routing security concerns transcended regional boundaries and reflected a genuinely global challenge requiring coordinated solutions.
To appreciate the magnitude of this growth, consider the trajectory of adoption over preceding years. The initiative had required four years following its 2014 launch to reach 100 participating network operators. However, the pace of adoption accelerated dramatically in the subsequent period. Between 2019 and 2020 alone, participation increased by nearly 40 percent, with 244 new operators joining during 2020. This acceleration revealed that once sufficient critical mass had been achieved, network effects amplified the value proposition for joining, creating a virtuous cycle where each new participant strengthened the entire network’s security posture.
Diversification Beyond Traditional Network Operators
While the growth of network operator participation remained the headline story, an equally significant development occurred in the expansion of the initiative beyond its original constituency. The program began to encompass Internet exchange points, which serve as critical interconnection hubs where multiple networks peer with one another. Additionally, content delivery networks and cloud service providers joined the community, recognizing that routing security affected their operational resilience and their ability to serve global customers reliably.
This diversification reflected a maturing understanding of routing security’s implications across the Internet ecosystem. Rather than remaining confined to traditional ISPs and regional network operators, the security framework became applicable to a broader range of organizations whose infrastructure decisions influenced global routing tables. Internet exchange points, for instance, wielded considerable influence over how traffic flowed between connected networks, making their participation particularly valuable. Similarly, content providers and cloud platforms recognized that routing attacks could misdirect traffic away from their legitimate infrastructure, potentially causing service disruptions and user harm.
Measurable Decline in Routing Incidents and Security Events
Beyond the participation metrics, perhaps the most compelling evidence of the initiative’s impact lay in empirical data regarding routing security incidents. Analysis of publicly reported routing incidents revealed a declining trend that corresponded with the expansion of participation in security best practices. The number of reported routing incidents had declined from over 5,000 in 2017 to below 4,000 by late 2020, representing a substantial reduction in observable attacks or misconfigurations affecting Internet routing infrastructure.
However, it is important to note that incident categorization revealed nuanced patterns. While certain categories of incidents, such as route leaks caused by misconfigurations or operational errors, demonstrated declining trends, other attack categories evolved. Route hijacking incidents, where malicious actors or negligent operators announced Internet address space they did not legitimately control, showed an increase in some regional analyses during 2020. This pattern suggested that while the security community was successfully defending against certain threat vectors, adversaries and misconfigured systems continued to attempt alternative attack methodologies.
Key Technical Actions Driving Security Improvements
The foundation of the security initiative rested upon a series of specific technical actions that participants committed to implementing. These actions addressed the most common vulnerabilities in routing security:
- Route Origin Validation: Implementing mechanisms to verify that organizations announcing particular Internet address blocks actually held legitimate authority over those resources, preventing spoofed announcements from propagating across the Internet.
- Prefix Filtering: Configuring routers to reject routing announcements that did not align with expected patterns based on peering relationships and historical data, blocking obviously bogus or unintended advertisements.
- Resource Public Key Infrastructure (RPKI): Deploying cryptographic validation systems that provided authoritative proof of which autonomous systems legitimately controlled specific address blocks and could announce routing information about them.
- Monitoring and Analysis: Establishing surveillance systems to detect anomalous routing behavior that might indicate attacks or configuration errors requiring immediate attention.
- Coordination and Communication: Developing incident response procedures and communication channels enabling rapid notification and mitigation when suspicious routing activity was detected.
Strategic Partnerships Strengthening the Ecosystem
A notable development during 2020 involved the formation of strategic partnerships between the security initiative and complementary organizations. Technology companies with global reach began actively participating, including major search and infrastructure providers that contacted peers about suspicious routing advertisements. Cybersecurity organizations joined as formal partners, bringing forensic capabilities and threat intelligence resources. These partnerships multiplied the initiative’s collective resources and extended its reach into domains where pure technical practice might not have naturally extended.
The formalization of mentor and ambassador programs during 2020 represented another strategic evolution. These programs aimed to promote understanding of routing security across three critical dimensions: academic and research institutions developing new defensive techniques, policy organizations shaping regulatory and governance frameworks, and training organizations educating network operators about implementation best practices. By establishing dedicated roles focused on outreach and knowledge transfer, the community acknowledged that scaling security awareness required deliberate educational effort rather than assuming technical knowledge would naturally disseminate.
Regional Variations in Routing Threats and Responses
Although global statistics told an encouraging story of declining incidents, regional analysis revealed that threat landscapes varied considerably across different geographic areas and network topologies. Some regions experienced higher concentrations of particular attack types, reflecting differences in network maturity, regulatory environments, and adversarial incentives. This geographic variation highlighted the importance of maintaining a global perspective while also enabling regional customization of security responses.
Network operators working in regions with historically higher incident rates found particular value in participating in a global community where peers shared similar challenges and collaborated on solutions. Information sharing about emerging threats, configuration recommendations, and incident response procedures proved invaluable for operators whose technical resources might be more constrained than those in well-developed markets. The global framework thus served as a mechanism for distributing expertise and defensive capabilities more equitably across regions with varying levels of infrastructure maturity.
Implications for Internet Resilience and Stability
The expansion of routing security participation and the corresponding decline in incident reports carried profound implications for Internet resilience. Internet routing constitutes a critical system affecting virtually all digital communications and economic activity. Large-scale routing attacks or widespread misconfigurations could potentially fragment the Internet, misdirect significant traffic volumes, or enable man-in-the-middle attacks affecting sensitive communications. By successfully implementing coordinated security practices across an expanding community of network operators, the initiative helped protect against these catastrophic scenarios.
Furthermore, the standardization of security baselines created a reference architecture that elevated the entire industry’s security posture. Organizations that might previously have operated with minimal routing security controls now faced peer pressure and market incentives to align with community standards. This standardization effect benefited even organizations that did not formally participate in the initiative, as they increasingly encountered expectations for security practices aligned with community norms.
Ongoing Challenges and Future Directions
Despite the encouraging progress, significant challenges remained as the community entered 2021. The continued evolution of attack techniques meant that defenders needed to maintain constant vigilance and adapt their approaches. Coverage remained incomplete, with substantial portions of the global Internet still operating without the security practices endorsed by the initiative. Additionally, the technical barriers to implementation, including the complexity of deploying cryptographic validation systems and the operational overhead of monitoring, meant that smaller operators sometimes struggled with full compliance.
The initiative’s governance model continued to evolve to accommodate the expanded constituency beyond the original network operator base. Ensuring that diverse stakeholders could meaningfully participate in decision-making while maintaining technical rigor presented ongoing organizational challenges. Balancing the need for security rigor against the practical constraints faced by operators in varying circumstances required continuous dialogue and adjustment.
Why 2020 Represented a Watershed Moment
The year 2020 ultimately represented a watershed moment not because a single breakthrough occurred, but because multiple positive trends reached critical junctures simultaneously. Global reliance on digital infrastructure intensified, focusing attention on the Internet’s underlying systems. Participation reached sufficient scale that the initiative began to exercise meaningful influence over industry practices. Technical tools matured sufficiently to make implementation feasible for diverse organization types. Strategic partnerships multiplied the initiative’s resources and reach. These convergent factors created an environment where routing security transitioned from a specialized technical concern into a mainstream infrastructure priority.
The momentum established in 2020 demonstrated that the global Internet community could organize itself around shared technical challenges and implement coordinated solutions despite diverse interests and geopolitical complexities. This precedent suggested that other critical Internet infrastructure challenges might likewise benefit from similar collaborative approaches emphasizing technical excellence, community engagement, and verifiable security improvements.
References
- MANRS Community Report 2020 — Mutually Agreed Norms for Routing Security. December 2020. https://manrs.org/resources/community-report-2020/
- 2020: A Record Year for MANRS — Mutually Agreed Norms for Routing Security. February 2021. https://manrs.org/2021/02/2020-a-record-year-for-manrs/
- MANRS Welcomes 500th Network Operator — Internet Society. December 2020. https://www.internetsociety.org/blog/2020/12/manrs-welcomes-500th-network-operator/
- BGP, RPKI, and MANRS: 2020 in Review — APNIC Blog. February 2021. https://blog.apnic.net/2021/02/05/bgp-rpki-and-manrs-2020-in-review/
- Mind Your MANRS: Measuring the MANRS Ecosystem — CAIDA. 2022. https://www.caida.org/catalog/papers/2022_mind_your_manrs/mind_your_manrs.pdf
- A Regional Look into BGP Incidents in 2020 — Mutually Agreed Norms for Routing Security. March 2021. https://manrs.org/2021/03/a-regional-look-into-bgp-incidents-in-2020/
- Achieving Greater Heights for MANRS — Global Cyber Alliance. 2024. https://globalcyberalliance.org/achieving-greater-heights-manrs/
Similar Articles
Read full bio of Sneha Tete
