Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Plot Massive Internet Router Security Upgrade

Posted by timothy on from the let's-like-totally-upgrade dept.

BobB-nw writes "The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications. DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.) Douglas Maughan, program manager for cybersecurity R&D in the DHS Science and Technology Directorate, says his department's spending on router security will rise from around $600,000 per year during the last three years to approximately $2.5 million per year starting in 2009."

4 of 101 comments (clear)

  1. Question for the experts by JoshuaZ · · Score: 3, Interesting

    For those of who aren't experts on this sort of thing, will this only increase security at things that are .gov? That's the impression I get but I don't know enough technically to be sure.

  2. Re:It's a plot! by spazdor · · Score: 3, Interesting

    I guess it depends on whether they're planning on submitting an RFC, or just creating a new Sekrit Routing Protocol that only Unca Sam's buddies will know how to implement.

    I dearly hope the DHS is at least smart enough to get this one right.

    --
    DRM: Terminator crops for your mind!
  3. Re:It's a plot! by ScrewMaster · · Score: 3, Interesting

    This plan to upgrade router security is a plot? Are there some nefarious evil masterminds behind it?

    Yeah, that sure put a negative spin on it, didn't it? Fact is, a good chunk of core Internet functionality continues to work only because nobody's yet made a concerted effort to break it on a significant scale. Eventually somebody will, either via a state-sponsored attack of some kind, or a tech-savvy terrorist outfit looking to make a name for itself (the two can't always be easily separated, when you get right down to it.) Either way, hardening this stuff is a good idea. Whether or not the Feds are doing to do it competently is another issue entirely.

    --
    The higher the technology, the sharper that two-edged sword.
  4. Re:It's a plot! by Stile+65 · · Score: 4, Interesting

    I think it's actually referring to S-BGP. I also thought it was just the MD5 signature option, but it's not.

    Then again, one of the comments in TFA is that it won't require any new software or hardware to be installed, so maybe it IS just the MD5 option. The features didn't sound like it; it sounded like they were establishing a whole PKI.

    --
    I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!