RPKI in Dutch government routing by the end of 2024

Monday, May 8, 2023

By the end of 2024, all Dutch government ICT systems must use the RPKI standard to improve the government’s internet routing security. This also means that RPKI must not only be used for new purchases but should also be implemented in all existing government systems. The Government-wide Policy Consultation on Digital Government (OBDO) established this objective on March 30th as part of a target agreement.

Why use RPKI?

RPKI is a technique that aims to prevent route leaks and hijacks, which occur when internet traffic is redirected to unauthorized networks. These incidents can happen due to a simple mistake by a network administrator or a targeted attack to make websites inaccessible or steal data from internet users. For example, in 2014, a Bulgarian network administrator temporarily hijacked a set of IP addresses belonging to the Ministry of Foreign Affairs. In 2019, network traffic from KPN was redirected to China Telecom, among other cases.

How does RPKI work?

The RPKI open standard is used to better secure the routes that internet traffic travels through. Digital certificates are used for this, indicating to which network provider (‘origin’) the internet traffic for a specific IP address should be sent. These certificates are stored centrally, enabling network providers worldwide to validate internet traffic routes. With this, RPKI secures a fundamental part of the internet.

For the original publication, check the following link: https://forumstandaardisatie.nl/nieuws/beter-beveiligde-internetroutering-overheid-voor-eind-2024 (in Dutch).

The PQC Migration Handbook

Google to phase out the address bad padlock icon in Chrome