Today, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) alongside several other bureaus within Commerce including the Bureau of Economic Analysis (BEA), the Bureau of Industry and Security (BIS), the National Oceanic and Atmospheric Administration (NOAA)  and the International Trade Administration (ITA), began implementing an important Internet routing security measure, enhancing cybersecurity throughout the Department and completing a key priority from the National Cybersecurity Strategy.

Routing security – ensuring that Internet traffic reaches its intended target – has been a concern for more than 20 years. In 2003, the White House noted that Internet routing incidents created a great risk of Internet service disruption. In the years since, agencies including the National Institute of Standards and Technology (NIST), the Department of Homeland Security and the Federal Communications Commission have worked with stakeholders to develop solutions and promote routing security.

Still, in 2023, the Biden Harris Administration’s National Cybersecurity Strategy identified routing security is a “pervasive concern.” That is in part because, despite being a large holder of Internet address resources, the U.S. government has a low adoption level of routing security.

As a result, the National Cybersecurity Strategy called on federal agencies to implement routing security, and NTIA has helped develop a model contract for other federal agencies to use to adopt routing security.

“At the Department of Commerce, we are working hard to implement President Biden’s National Cybersecurity Strategy and make sure government websites are secure,” said U.S. Deputy Secretary of Commerce Don Graves. “This is the result of two decades worth of collaboration between the U.S. government and stakeholders in the Internet engineering community. We are realizing the benefits of the United States investment in routing security with the tremendous growth in adoption of security measures.”

“The National Cybersecurity Strategy called on the federal government to lead by example in implementing network routing security,” said Assistant Secretary of Commerce for Communications and Information and NTIA Administrator Alan Davidson. “Today, the Commerce Department is answering that call to embrace leading routing security tools. NTIA has worked hard with our partners at NOAA N-Wave, the Department of Commerce Office of the Chief Information Officer, NIST, the Office of the National Cyber Director, and the American Registry of Internet Numbers to reach this point.”

NTIA created Route Origin Authorizations (ROAs) that authenticate NTIA’s addresses as destinations found on the Department of Commerce’s network. The partnership with NTIA and NOAA N-Wave allows for all DOC bureau creation of ROAs, and federal wide guidance on routing security through an available "RPKI" playbook. ROAs protect against address hijacks – falsely announcing addresses as destinations on the wrong network. Address hijacks can result in loss of service or interception of data. 

The Border Gateway Protocol (BGP) is the protocol by which networks announce they are a destination or a route to a destination. But both announcements can be false. ROAs are cryptographically verifiable statements that validate BGP destination announcements.

NTIA has been working with stakeholders to advance federal routing security. NTIA worked with the American Registry for Internet Numbers (ARIN), the registry for Internet number resources for North America, which provides tools to protect against address hijacks.

NTIA also worked with Mutually Agreed Norms of Routing Security (MANRS), a project of the Internet Society, and the Global Cyber Alliance. MANRS advocates for greater routing security and provides guidance on how networks can implement routing security on their networks.