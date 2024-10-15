The interconnectedness of the internet and cloud computing means that an outage or a software exploit for one company could snowball to other organizations. It’s what happened with a Cloudflare outage five years ago. When Cloudflare was impacted by a bad software deployment, its customers were also impacted by the problem, all because of the connected relationships through BGP.

ONCD, in collaboration with CISA, recommended actions designed to apply to all network types, meaning all network service providers and entities that operate enterprise networks or hold their own IP address resources. They are, briefly:

Risk-based planning

ROA publication

Contracting requirements

Monitoring

Understanding the basic problem of BGP

Let’s use an analogy, said Stuart Madnick, Professor of Information Technology at the MIT Sloan School of Management, in email commentary. Consider your car’s GPS. It indicates which roads are crowded (usually shown in red) and tries to route you around them.

But how does your GPS know which roads are crowded? It relies on information from various sources — what if these sources are lying?

“The internet operates the same way,” explained Madnick. “The internet uses various sources to route its traffic, including gateways. In simple terms, the gateways provide traffic information such as ‘the way to get to Boston is to take this road — I am the gateway.’”

It’s a problem in internet architecture because internet traffic could then be routed to places where it might be intercepted or modified. “This has actually happened a couple of times in the past, though it was claimed to be an accident,” said Madnick.