Network routing security and the adoption of RPKI: Issues and challenges in France
In today's cyber security environment, network routing security is a fundamental pillar of IT infrastructure resilience. While data confidentiality and application security are often at the forefront of security strategies, protection against threats such as route hijacking and routing leaks remains just as essential to guarantee the continuity and reliability of university and scientific services. The first tests were carried out in Lyon at Lyonix (the future France-IX Lyon) in 2014.
Why is network routing security crucial?
Incidents relating to routing security, such as hijacking attacks or configuration errors, can lead to major service interruptions, the loss of crucial data and significant financial repercussions. In addition to the immediate consequences, such events can damage the reputation of institutions, undermining their attractiveness. Businesses and public services depend on reliable connectivity to access cloud resources and collaborate internationally.
The role of RPKI in protecting network routing
The Resource Public Key Infrastructure (RPKI) is a framework standardised since 2008 for authenticating routing information on the Internet. It is based on the creation of cryptographic certificates (Route Origin Authorizations - ROAs) that authenticate IP address holders and authorize Autonomous Systems (AS) to advertise routing prefixes. Like a passport and visa system, certificates act as digital passports validating identity, while ROAs act as visas authorising the legitimacy of IP advertisements. This infrastructure prevents route hijacking attempts and further secures the global digital ecosystem.
Going further, the widespread adoption of RPKI paves the way for the integration of new standards such as Autonomous System Provider Authorization (ASPA) and Border Gateway Protocol Security (BGPsec), which will strengthen overall network security.
Initiatives, adoption and challenges: where does the French Internet stand?
Network routing security issues concern the entire French economic fabric, particularly the private sector and companies of all sizes. Today, private companies must commit to structuring approaches based on the adoption of standards such as RPKI and the MANRS initiative, but on a scale and with profiles that are sometimes very different.
Initiatives and adoption in companies
Many French businesses, particularly SMEs, are increasingly exposed to digital risks and attacks targeting network routing, such as BGP hijackings or routing leaks. Awareness is growing: the majority of executives recognise that cybersecurity, and therefore secure routing, is a top priority to ensure business continuity and meet regulatory requirements, including the RGPD and the NIS 2 directive. Major companies, operators and digital service providers are now including secure routing in their invitations to tender and contracts with partners, giving preference to suppliers adhering to standards such as MANRS or offering a robust RPKI policy.
Companies - often less structured than public institutions - face a number of obstacles:
- A lack of resources or dedicated expertise, especially in SMEs.
- A sometimes inadequate understanding of the challenges of secure routing and its tangible benefits for business, reputation and regulatory compliance.
- A complex supply chain: many attacks exploit the weaknesses of subcontractors, making secure routing a collective challenge that goes beyond the company's borders.
- Technical and regulatory processes considered complex, particularly for the integration of solutions such as RPKI, which require coordination between internal players (IT, cybersecurity, management) and external players (suppliers, partners).
Towards widespread adoption of best practice
Under the impetus of professional organisations and sector authorities, companies are invited to :
- Integrate routing security (RPKI, MANRS) into their overall cyber security policy and purchasing practices.
- Train IT teams and make managers aware of the risks and existing solutions.
- Require their suppliers to comply with industry standards and give priority to automation (Cloud tools, IAM, network monitoring).
- Work collectively with partner and subcontractor networks to promote safety throughout the value chain.
Challenges shared by the public and private sectors
The convergence of routing security challenges between the academic and private sectors reflects a change in the French digital landscape: all players, whatever their size or business, are now concerned by the resilience, reliability and confidentiality of Internet exchanges. This need is growing in the face of increasing and more sophisticated attacks and growing regulatory pressure in France and Europe.
To sum up, network routing security, illustrated by the gradual adoption of RPKI and MANRS best practices, is now recognised as a cross-functional priority, from universities to businesses, for building a resilient and competitive French digital economy. A collective effort, combining awareness-raising, cooperation and setting international standards in motion, is essential to meet current and future challenges.
How can we speed up the adoption of RPKI in France?
The mass adoption of RPKI can only be achieved through a collective effort, involving all levels of governance and constant exchanges between stakeholders:
- Integrate routing security into the overall cyber security policy.
- Training and informing technical and management teams about the challenges and benefits of RPKI.
- Collaborate with national and European networks to benefit from support in implementing best practice.
- Use the tools and resources made available by RENATER, ARIN or MANRS.
Conclusion
Network routing security is a growing priority in cybersecurity strategy. Accelerating the adoption of RPKI is vital to prevent the risks of compromise, protect academic resources and encourage international collaboration in a secure and reliable environment. A collective effort, a willingness to share best practice and the mobilisation of strategic players will enable us to take a decisive step forward in France and beyond.
Sources and credits
This article is based on :
Office of the National Cyber Director, Roadmap to Enhancing Internet Routing Security, September 2024.
Campus Technology, “Internet2: Network Routing Security and RPKI Adoption in Research and Education,”4 November 2024.
Gblogs Cisco France, “LYONIX leads the way in securing the French Internet.” written by Jerome Durand
Additional references cited in LyonIX publications: RIPE NCC, LACNIC, IETF draft on BGP best practices, Stephane Bortzmeyer blog, ANSSI recommendations.
