Route Hijacking of Sensitive Network Traffic Highlights BGP Security Issues

Last month web traffic designated for some highly sensitive UK entities – including the nuclear weapons agency that provides and maintains warheads for the Royal Navy – was routed through Ukrainian and Russian telecoms before arriving at its original destination. This route hijacking was the result of a bad route announced by Ukraine’s Vega telecom. As Russell Brandom, describing the incident for The Verge, wrote: “It’s still likely that the redirection was simply an innocent error, but it underscores the insecure nature of the global routing system.”

I couldn’t agree more and is why I recently wrote an article for Network Computing describing the security vulnerabilities of BGP. In this piece, I outline the types of BGP incidents (including route hijacking), described several malicious ones perpetrated in recent years, and explained two efforts by the IETF over the years to fix BGP, with limited success. I also discussed how SDN and route analytics can help.

Check out the article and the thoughtful comments from readers as well. As I state at the end of the article, to stop BGP security incidents – both accidental and intentional – we need a permanent solution.

Here also are a few articles I’ve written about BGP security for this blog: