Securing Internet Routing: Resilience Challenges

Explore the critical vulnerabilities in global Internet routing and initiatives driving security improvements for a more resilient network.

By Sneha Tete, Integrated MA, Certified Relationship Coach

Created on May 9, 2026

Explore the critical vulnerabilities in global Internet routing and initiatives driving security improvements for a more resilient network.

The Internet’s backbone relies on Border Gateway Protocol (BGP) to direct data across autonomous systems worldwide. Yet, this foundational system faces persistent threats that can disrupt connectivity, compromise privacy, and enable large-scale attacks. As networks grow more complex, understanding and mitigating routing vulnerabilities has become imperative. This article examines the core issues, measurement efforts, technological solutions, and collaborative initiatives propelling routing security forward.

Understanding BGP and Its Inherent Vulnerabilities

BGP, standardized in RFC 4271, enables routers to exchange reachability information between networks. It operates without built-in authentication, trusting announcements based on policy rather than verification. This design, sufficient for the early Internet, now exposes systemic weaknesses.

Key vulnerabilities include:

Route Hijacking: Malicious actors announce false paths, diverting traffic to unauthorized destinations.
Route Leaks: Legitimate but unintended announcements propagate incorrect paths, causing instability.
Denial-of-Service Exploitation: Amplified attacks leverage BGP to flood targets.

These issues have real-world consequences. In 2021, a route leak by a major cloud provider disrupted services globally. More insidiously, state-sponsored hijacks have redirected cryptocurrency traffic, leading to thefts worth millions.

Quantifying the Risks: The Need for Data-Driven Insights

Assessing routing risks requires comprehensive data on incident frequency and impact. Without it, operators underestimate threats, delaying security adoption. Early efforts like the Internet Society’s initiatives highlighted this gap, prompting structured measurement projects.

Modern tools now monitor BGP globally. Platforms analyze announcement patterns, detecting anomalies in real-time. For instance, research networks employ active probing to identify leaks between sectors, providing visibility into inter-domain behaviors.

Metric	Description	Typical Impact
Leak Frequency	Number of unintended announcements per month	Outages lasting hours to days
Hijack Duration	Average time false routes persist	Traffic diversion, data interception
Affected Prefixes	Proportion of global IP space impacted	Global reachability failures

Such metrics reveal trends: leaks occur daily, with major incidents affecting millions of users. Data collection enables risk modeling, prioritizing interventions.

Technological Defenses: From RPKI to Advanced Protocols

Several standards address BGP flaws. Resource Public Key Infrastructure (RPKI) deploys cryptographic validation of route origins, preventing unauthorized announcements. NIST’s efforts standardize complementary tools like ASPA for path authorization.

RPKI adoption has surged, with over 50% of IPv4 prefixes validated by 2025. Yet challenges persist: deployment varies by region, and validation overhead strains routers.

Emerging protocols include:

ASPA (Autonomous System Provider Authorization): Validates customer-provider relationships, curbing leaks.
BAR-SAV (BGP AS-Path and Route Validation): Ensures path integrity against leaks and hijacks.
SPL (Signed Prefix Lists): Enhances prefix origin security.

These integrate into BGP speakers, offering layered protection. Commercial routers now support them, accelerating rollout.

Operational Best Practices: MANRS and Beyond

Technology alone insufficient; operators must adopt norms. Mutually Agreed Norms for Routing Security (MANRS) outlines four actions:

Filter announcements to prevent leaks.
Implement global validation using RPKI.
Maintain accurate registration data.
Publish peering policies transparently.

Over 1,000 networks participate, reducing incidents significantly. MANRS fosters peer pressure, incentivizing compliance.

Research networks exemplify progress. Projects like ROOTBEER develop dashboards for anomaly detection, engaging communities to deploy filters proactively.

Government and Policy Momentum

U.S. policy elevates routing security. The 2023 National Cybersecurity Strategy mandates roadmaps for BGP enhancements. NIST leads standardization, while NTIA coordinates adoption across sectors.

The Roadmap to Enhancing Internet Routing Security outlines federal actions: incentivizing deployment, funding tools, and measuring progress. International alignment via IETF ensures global standards.

Improving BGP security is a national priority, as route failures threaten critical infrastructure resilience.

Case Studies: Lessons from Real Incidents

Analyzing past events informs defenses. In 2018, Russia’s Rostelecom leaked routes, blackholing European traffic. RPKI validation contained propagation.

2024’s Pakistan Telecom hijack diverted YouTube traffic nationwide, intercepted by observers using origin validation. These underscore monitoring’s value.

Positive examples abound: MANRS members report 40% fewer leaks post-implementation.

Future Directions: Automation and AI Integration

Future resilience demands automation. AI-driven systems predict anomalies, auto-applying filters. Intent-Based Networking verifies policies against announcements.

Challenges remain: scaling to billions of prefixes, IPv6 parity, and equitable adoption in developing regions. Initiatives like Internet Society grants fund community networks, bolstering disaster resilience.

FAQs on Internet Routing Security

What is a BGP route hijack?

A malicious entity advertises routes it doesn’t own, redirecting traffic through its network.

How does RPKI work?

RPKI issues digital certificates (ROAs) binding prefixes to origins, validated by routers before accepting routes.

Is MANRS mandatory?

No, but voluntary adoption by peers and customers drives compliance.

Can individuals contribute to routing security?

Yes, by selecting MANRS-compliant ISPs and advocating for RPKI in enterprises.

What is the status of BGP security in 2026?

Significant progress with 60%+ RPKI coverage, but full resilience requires universal adoption.

Conclusion: Building a Fortified Routing Foundation

Internet routing’s evolution from vulnerable protocol to secure infrastructure demands sustained effort. Through measurement, standards like RPKI and ASPA, norms via MANRS, and policy support, the community advances resilience. Network operators hold the key: participate in surveys, deploy validations, and collaborate. A secure BGP ensures the Internet remains a reliable global utility.

References

Robust Inter-Domain Routing — NIST. 2025. https://www.nist.gov/programs-projects/robust-inter-domain-routing
Roadmap to Enhancing Internet Routing Security — The White House. 2024-09. https://www.bidenwhitehouse.archives.gov/wp-content/uploads/2024/09/Roadmap-to-Enhancing-Internet-Routing-Security.pdf
Mutually Agreed Norms for Routing Security (MANRS) — Internet Society. 2025. https://www.internetsociety.org/learning/manrs/
The Roadmap to Enhancing Internet Routing Security — NTIA. 2024. https://www.ntia.gov/blog/2024/roadmap-enhancing-internet-routing-security
Internet Security Project to Benefit U.S. Research and Education Networks — UC San Diego. 2025. https://today.ucsd.edu/story/internet-security-project-to-benefit-u-s-research-and-education-networks

Author

Sneha TeteBeauty & Lifestyle Writer

Sneha is a relationships and lifestyle writer with a strong foundation in applied linguistics and certified training in relationship coaching. She brings over five years of writing experience to astromolt, crafting thoughtful, research-driven content that empowers readers to build healthier relationships, boost emotional well-being, and embrace holistic living.

Read full bio of Sneha Tete