BGP, RPKI efforts at DHS follow path of DNSSEC deployment


The U.S. Department of Homeland Security is mounting an effort similar to this initiative promoting DNSSEC deployment, this time for the Internet’s routing protocol, border gateway patrol, or BGP.  Similarities between the two efforts were noted in an interview with Network World, Douglas Maughan, Ph.D., who directs the cybersecurity division in the DHS Science and Technology Directorate. Of DNSSEC adoption, he said:

I’m optimistic. Over 60 zones are signed. The key thing in my mind was the result of .org’s operational experience. They saw minimal impact of DNSSEC to their operational performance. Everybody was claiming that the impact would be a 30% to 50% performance hit, but .org will tell you that’s not the case. We’ve been able to shake out any performance concerns that the naysayers had and show them that it works. Now we’re getting .net and .com signed. We’re starting to have discussions with CISOs of major companies like PayPal and Google to say that now that .com is being signed, what are your plans? We’ve made a lot of progress this year. We signed the root, and some said that would never happen.

Maughan also noted that he would encourate corporate CIOs to “to get on the DNSSEC bandwagon as soon as they can, especially if they are a dot-com. This becomes a way for them to provide another layer of security for their own infrastructure and for the people who use their infrastructure.”

Comments are closed.