Secure Protocols for the Routing Infrastructure (SPRI)

The National Strategy to Secure Cyberspace (NSSC) calls out the fact that there are problems with the existing Internet infrastructure. As a step toward fulfilling its responsibility for coordinating implementation of the NSSC with respect to the routing infrastructure, DHS has instituted the Secure Protocols for the Routing Infrastructure (SPRI) program within the S&T Directorate.

A Roadmap for Deployment

The commercial, private sector and the federal sector (both civilian and defense) have adopted the use of the Internet as a critical component of accomplishing their missions. The use of Internet technology has provided many benefits, but has also made the operation of those sectors vulnerable to accidents and to attacks that target the Internet infrastructure. The Internet routing infrastructure, in particular, has been identified as a critical infrastructure that is subject to serious vulnerabilities. The objective of the SPRI program is to ensure the security of the Internet routing infrastructure so that it is reliable in the event of accidents or deliberate malicious behavior.

Routing in the Internet is very complex task involving operations like physical address determination, selection of inter-network gateways, and forwarding messages to the correct destination. In order for these tasks to be accomplished, many infrastructure protocols such as RIP, OSPF, IS-IS, BGP have been developed and deployed. Securing these routing protocols for reliable, persistent communication has been widely acknowledged as an important problem, yet there is a lack of consensus and motivation to derive common and widely deployable standard techniques to mitigate these problems.

Through this roadmap, we aim to bring together the various facets of creating secure protocols for the routing infrastructure, namely,

  • Highlight important problems
  • Examine existing approaches to mitigate or work around these problems.
  • Facilitating development of approaches that address the larger problem of routing security.
  • Identify barriers to deployment.
  • Identify key players in each realm, Targeted Adopters and Early Adopters.
  • Develop robust transitioning mechanisms.
  • Identify useful metrics and measurements for validation.
  • Identify and create opportunities for education and awareness programs tailored for each problem.
  • Identify tools and resources for the operator, vendor and ISP community.
  • Develop a timeline to achieve these goals.

The roadmap document can be found here.