The partners in Canada’s National Research and Education Network (NREN) are pleased to announce today that Mutually Agreed Norms for Routing Security, or MANRS, has been implemented on the majority of Canada’s research and education networks. Ninety-nine per cent of organizations connected to the NREN are now connected to a MANRS-compliant network.
An industry-led initiative championed by the Internet Society to support coordinated actions across multiple stakeholders, MANRS is designed to address issues of security and resilience in the global internet routing system. About 700 organizations worldwide are MANRS participants.
The global, trusted internet relies on traffic to be correctly routed. The routing system used to direct this traffic is based on common network operational practices in place today.
However, this system does not have sufficient security controls to prevent the injection of false routing information, including the impersonation of networks. This lack of controls can create a significant vulnerability in the entire system, resulting in thousands of incidents of misrouted traffic or denials of service each year.
MANRS addresses these problems, as well as ones related to coordination and collaboration between network operators, by providing actionable guidance on four key areas: Filtering, Anti-Spoofing, Coordination, and Global Validation.
A coordinated approach
The actions taken by Canada’s NREN support the key principles of the MANRS approach:
- recognition of the interdependent nature of the global routing system, and the NREN’s role in contributing to a secure and resilient internet;
- ongoing integration and evolution of networking best practices;
- a commitment to preventing, detecting, and mitigating routing incidents through collaboration and coordination with peers; and
- encouragement of connected organizations to adopt MANRS in their networks.
Canada’s NREN joins a number of global NREN partners, including Internet2 in the United States, GÉANT across Europe, AARNet in Australia, and SURFnet in the Netherlands, in implementing MANRS.
“The NREN partners have worked collaboratively to bolster the cybersecurity of this essential infrastructure, and our adoption of MANRS is part of the ongoing cybersecurity evolution of the NREN,” notes NREN Governance Committee Chair Bala Kathiresan.
“MANRS compliance builds on our efforts to date, including adopting tools like the Security Information and Event Management (SIEM) platform, and developing a team of NREN cybersecurity analysts who monitor the infrastructure, identify priority issues, and share best practices.”
Canada-wide
MANRS implementation has been completed by CANARIE and 11 NREN partner networks across the country. NREN-connected organizations wishing to learn more about implementing MANRS should contact their provincial or territorial partner in the NREN:
- Alberta – Cybera
- British Columbia – BCNET
- Manitoba – MRnet
- New Brunswick – ECN-NB
- Newfoundland – ACORN-NL
- Nova Scotia – ACORN-NS
- Ontario – ORION
- Prince Edward Island – ECN-PEI
- Quebec – RISQ
- Saskatchewan – SRNET
- Yukon – Yukon University
More information on MANRS may be found on the Internet Society’s site here.