Sorry, you need to enable JavaScript to visit this website.
Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Breadcrumb

  1. Home

Routing Security: A Call to Action for Federal Agencies

November 13, 2024

By: Robert Cannon, Senior Telecommunications Policy Analyst

Securing our nation's cyber infrastructure is imperative. That is why all Department of Commerce networks have taken the first step to implement Internet routing security.

Routing security ensures that Internet traffic reaches its intended target. Misconfigurations or manipulations of routing information can lead to significant degradation and loss of service.

The United States Government is tackling concerns about routing security through a whole-of-government approach. The Department of Commerce is playing a leading role in these efforts:

  • The National Institute of Standards and Technology (NIST) works with stakeholders to research and develop routing security solutions, produce guidance, and operate testbeds.
  • The National Oceanic and Atmospheric Administration (NOAA), working with the White House’s Office of the National Cyber Director (ONCD), produced guidance for federal agencies on how to implement routing security via the Federal Public Key Infrastructure (RPKI) Playbook.
  • In May, the Department of Commerce held a Route Signing Day to mark a renewed effort to implement routing security across federal networks.
  • In September, NTIA’s Communications Supply Chain Risk Information Partnership (C-SCRIP) hosted an Internet routing security webinar for stakeholders.

Critically, ONCD and Commerce have worked with the American Registry for Internet Numbers (ARIN) to secure an extension of the lower legacy rate for routing security service for federal networks holding legacy address resources. This extension expires on December 31, 2024.

In December of 2023, ONCD (on behalf of civilian agencies), the Department of Defense, and the Department of Commerce filed tickets with ARIN stating an intent for agencies across the government to sign a Registration Services Agreement (RSA) for Internet routing security to lock in that lower legacy rate through 2024.

Since then, all Commerce networks have signed the ARIN RSA. The next step is to create Route Origin Authorizations (ROAs), cryptographic validations that a destination is properly found on a specific network. Here again, Commerce is making significant progress: 84% of Commerce routes are now signed with ROAs.

Federal agencies have until the end of December 2024 to sign the ARIN agreement and take advantage of the current fee structure, or they will face significantly increased fees. To ease the administrative burden on agencies, ONCD and Commerce negotiated a template ARIN RSA for use by any federal agency, and have been assisting in this process.

The National Cybersecurity Strategy and the subsequent Roadmap to Enhancing Internet Routing Security call on federal agencies to implement routing security. We are proud to have answered this call and are actively working to assist other federal agencies to ensure that they have a signed ARIN RSA covering their Internet addresses.

Program