RIPE 73 Academic & NREN Meeting Minutes
Monday 24 October 2016, 18:30 -19:30, Madrid, Spain
Host: Maria Häll, Executive Board Member, RIPE NCC
Attendees: 40 academics and NREN representatives
Minutes: Gergana Petrova
Introduction
Maria welcomed all participants to the meeting and spoke of the importance of convening together as well as giving her, as a member of RIPE NCC's Executive Board, feedback on issues where RIPE NCC can get involved and help the research community.
Next, all attendees took turns to introduce themselves to the room.
Cybersecurity Due Diligence
Joanna Kulesza, University of Lodz, Poland, spoke about her research on cyber security. Whether and when a cyber attack is an act of war is a difficult question to answer. The EU has been regulating critical infrastructure for some time now. More recently, the EU agreed on a NIS directive that will come into force in the next few years. In it ISPs, IXPs and TLDs are declared critical infrastructure, similar to water supply, for example. Joanna's research focuses more specifically on ISP due diligence, with the goal to set up a due diligence cyber security standard. Standards rely heavily on expertise and best practices from the technical community. It would be down to them to identify and define this technical standard. A sign of the increased search for accountability is the increase in insurance take up for ISPs. Liability insurance is becoming more and more popular, and in some countries, for example France, it is now obligatory for ISPs.
A question was raised of the best way to find the responsible party or the attackers in a given incident, for example the DDoS attack on Dyn servers on 21 October 2016. One direction would be to search for the host or server where the malware originated. The hosts must have not been diligent enough to verify and make sure their servers are error or malware free. Therefore, a fridge manufacturer might not necessarily be the one accountable, rather the server from where the malware originally spread. Technical experts should be responsible for tracking down the vulnerable server. And then, by extension, accountability could be sought further down the chain. If good business practice means not accepting traffic from a certain server known for vulnerabilities or spreading malware, then a good business shouldn't. If enough people do this, operators of that server have the choice to clean up their act, or get out of business.
Existing standards (ISO, etc.) are a part of good business practice, but more can be done.
Setting up an IXP
Dusan Vuckovic, University of Nis, Serbia, spoke about his experience with establishing an IXP in Nis, Serbia's third largest city. It all started from a disconnect between businesses and technical people. Soon after a talk with a local ISP, Dusan and a group of like-minded people realised that the city can benefit from interconnecting the local ISPs and keep the local traffic local. Since universities are seen as a neutral platform, open for suggestions, local providers immediately flocked to them. In addition, universities can count on vendors for the equipment, as happened in this case, when it took a quick 10-minute call for vendors to see the benefit of the project and agree to provide the equipment.
Dusan and the group copied the RIPE policy and made the new IXP open for everyone. When an ISP becomes a member they get a vote. Soon several local providers joined. It is important to mention that everyone involved in setting up this IXP were not experts and they were learning on the go. In retrospect, they would have been easy targets for an attack (which thankfully didn't happen).
At this point, the University of Nis students are one of the the biggest beneficiaries of the project, since they now have a great link that they would otherwise not have available, as well as access to a lot of data.
To the latter point, the room discussed that some IXPs have a policy to not look into traffic. They decide not to collect data, statistics and traffic streams, but only explore the routing layer information. It is difficult to draw the boundary around the amount of traffic snooping. Before you realise, a snooping IXP might become interesting for a number of entities – government, businesses.
Dusan shared that since the government was not very interested in their part of the country, they didn't get involved in the project. Dusan's team still needed to set up an affordable link with Belgrade, the capital.
RIPE NCC Initiatives for R&E
Emile Aben, Romeo Zwart and Gergana Petrova gave an overview of the RIPE NCC initiatives for the Research and Education community. If you have interest or ideas, or your own data, then please discuss with us (emails are hyperlinked above).
- External research collaborations. The R&D team at the RIPE NCC encourages useful collaboration with researchers. Some researchers in the room had already completed collaborations with the RIPE NCC, for example for the IXP Country Jedi
The RIPE NCC tries to help close the circle of value between researchers and operators. Researchers would like to investigate issues of interest and operators have problems researchers can help with. NRENs can be of great use by providing validation data. Depending on the project, the RIPE NCC can evaluate what help they can offer. This can be development, infrastructure, etc. If you have ideas, then contact the RIPE NCC. - The RIPE NCC is going to recruit interns to work on interesting projects for a medium term of three-to-six months. Those interested can either bring their own topic or the RIPE NCC can suggest one based on the open projects at that moment. The aim is to build useful tools for the operators or for the good of the Internet.
- RIPE Atlas. The RIPE NCC has a large amount of data. One way of collecting this data is through RIPE Atlas, which has distributed probes around the world to measure Internet connectivity and reachability. The probes provide a picture of the state of the Internet in real time.
- The RIPE Academic Cooperation Initiative (RACI) provides complimentary tickets, travel and accommodation for talented researchers to come and present their research at RIPE Meetings as well as ENOG, MENOG and SEE meetings.
The Future of the Academic/NREN Meetings at the RIPE Meeting
These meetings are useful for us to see each other, but at the moment we do not come out with any concrete action points. Are academics and NRENs looking for something particular out of the RIPE community or the RIPE NCC? If so, then we can use this group to amplify this voice, the way we did when RACI was born. What is the next RACI?
Some general suggestions:
- A competition between students on a large amount of data collected by the RIPE NCC.
- Are we introducing more problems by introducing technologies like SDN?
- A group in Norway implemented a full IPv6 network, but never had the time and platform to present their work in detail. This detail is needed for people to follow suit.
Some suggestion for the meeting:
- Decide whether to have a technical programme or whether to focus on getting to know one another.
- Discuss whether NRENs should act like other ISPs serving a large amount of people as cheap as possible or should they have a particular set of minimum requirements.
- Involve actors who do not belong in the technical community but who are seeking collaboration with it (for example Joanna, who is a lawyer, who needs input from the technical community on a due diligence standard).
- There needs to be a mix between technical and non-technical people. We need a bridge with the outside world.
- With time, this meeting could grow into a platform for connecting operators to academics.