The Dutch government has announced that it will adopt the Resource Public Key Infrastructure (RPKI) standard for internet routing security by the end of 2024. RPKI uses digital certificates to secure the Border Gateway Protocol (BGP), which is used to exchange routing information.
It ensures that traffic passes through legitimate network operators that control the IP addresses on the destination path. The standard eliminates the risks of man-in-the-middle or data diversion and interception attacks by routing traffic only through authorized paths.
The Standardization Forum in the Netherlands, a research and advising organization that serves the public sector on the use of open standards, has recommended that all communication devices managed by the Dutch government must use the RPKI standard by 2024.
The government supported the recommendation, and it will apply to newly added ICT equipment as well as existing systems. RPKI certificates are stored centrally and kept public, enabling network providers from anywhere in the world to validate internet traffic routes.
RPKI adoption is already high in the Netherlands, with 77.9% of government websites and 75.1% of email domains supporting the standard. However, global adoption of RPKI has been slower than its developers and proponents hoped, with tier-two ISPs lagging behind.
According to data from the National Institute of Standards and Technology, only 41% of verifiable IPv4 prefix-origin pairs comply with RPKI, 58% are susceptible to routing incidents, and 1% have a mismatch in their route origin keys, rendering them invalid.
In conclusion, RPKI contributes to a safer and better internet, but its 41% adoption rate shows that there is still a long way to improving traffic security across the globe. Without RPKI, internet routing depends on the trust of network operators advertising the correct IP prefixes they manage.
However, this trust-based model opens the door to malicious BGP hijacking that allows traffic interception and monitoring, as well as spoofing legitimate IP addresses for spamming. The adoption of RPKI by the Dutch government is a positive step toward enhancing the security and reliability of the country’s internet infrastructure, and hopefully, it will inspire more organizations to follow suit.
