Border Gateway Protocol
The Internet is a network of networks. In order for your network to connect to the C-SCRIP website, it must exchange data with adjoining networks in order to determine the best route. The Border Gateway Protocol (BGP) is the way in which networks announce that they are a destination or that they are a route to a destination on the Internet. Neither the destination nor the route is authenticated. Both can be false, and a network sending traffic has no basis for knowing from BGP announcements if they are valid. False announcements (a.k.a. hijacks) can cause significant harms including loss of service and espionage.
The American Registry of Internet Numbers (ARIN) is a nonprofit, member-based organization that administers IP addresses and autonomous system numbers (ASNs) in support of the operation and growth of the Internet. ARIN offers a routing security service known as Resource Public Key Infrastructure: Route Origin Authorization (ROA) / Route Origin Validation (ROV) that validates an Internet destination. RPKI:ROA/ROV has two interdependent components. A ROA is a cryptographically verifiable statement that a network is authorized to originate a prefix (that a network is authorized to announce that those destinations can be found on that network). ROV is the method of validating BGP announcements against the ROA data (determining whether a BGP announcement is valid or invalid).
Implementing RPKI:ROA/ROV takes a short period of time to set up and helps protect against significant network disruption. The importance of addressing BGP vulnerabilities through solutions like RPKI:ROA/ROV has been recognized in the National Cybersecurity Strategy.