Andrei Robachevsky recently joined the Cybersecurity Readiness Podcast to discuss why routing security is a critical business and governance issue for organizations of all sizes. The conversation highlighted how internet routing failures can silently reroute traffic across the globe without triggering traditional enterprise security alerts.
The discussion emphasized that routing security is no longer just a technical networking concern. Instead, it is a broader supply chain and governance challenge that requires organizations to assess the security practices of their connectivity providers. Robachevsky pointed to initiatives like MANRS and the forthcoming MANRS+ framework as practical steps organizations can take to strengthen Internet resilience and reduce exposure to routing-related threats.
From the podcast’s synopsis:
“Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation delivers a clear and actionable message: routing security is not a network engineering problem — it is a supply chain governance problem. The tools already exist. RPKI exists. MANRS exists. MANRS+ is nearly here. The gap is entirely on the governance side, and it is closeable. The organizations that will not find themselves in the next routing incident are the ones that start with a map of their connectivity supply chain and a single question to every provider: Are you MANRS+ certified?”
Watch the whole episode here:
Facts Only
Andrei Robachevsky appeared on the Cybersecurity Readiness Podcast.
The discussion focused on routing security as a critical business and governance issue.
Internet routing failures can reroute traffic globally without triggering traditional security alerts.
Routing security is framed as a supply chain and governance challenge, not just a technical networking concern.
MANRS (Mutually Agreed Norms for Routing Security) and the forthcoming MANRS+ framework were highlighted as solutions.
The CPD (Commitment–Preparedness–Discipline) framework was used to analyze routing security.
RPKI (Resource Public Key Infrastructure) was mentioned as an existing tool for routing security.
The gap in addressing routing incidents is identified as governance, not technical tools.
Organizations are advised to map their connectivity supply chain.
A key question for providers is whether they are MANRS+ certified.
The podcast episode is available for viewing.
Executive Summary
Andrei Robachevsky recently discussed routing security as a critical business and governance issue on the Cybersecurity Readiness Podcast. The conversation highlighted how internet routing failures can silently reroute traffic globally without triggering traditional security alerts, emphasizing that routing security is no longer just a technical concern but a broader supply chain and governance challenge. Robachevsky pointed to initiatives like MANRS (Mutually Agreed Norms for Routing Security) and the forthcoming MANRS+ framework as practical steps to strengthen internet resilience and reduce exposure to routing-related threats. The discussion framed routing security through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, arguing that the gap in addressing routing incidents lies in governance rather than technical tools. Organizations are urged to map their connectivity supply chain and assess whether their providers are MANRS+ certified to mitigate risks.
The podcast underscored that while tools like RPKI (Resource Public Key Infrastructure) and MANRS already exist, the primary barrier is organizational governance. The strongest message was that routing security is a supply chain governance problem, not merely a network engineering issue. The call to action for organizations is to proactively engage with their providers on security practices, particularly MANRS+ certification, to avoid future routing incidents.
Full Take
The narrative presented here is a strong call to reframe routing security from a technical issue to a governance and supply chain challenge. The steelman version of this argument is compelling: routing incidents are a systemic risk that traditional security measures fail to detect, and existing tools like RPKI and MANRS are underutilized due to governance gaps. The emphasis on MANRS+ certification as a litmus test for provider security practices is a clear, actionable recommendation.
Pattern scan: The framing leans heavily on authority (expert endorsement of MANRS+) and a sense of urgency ("the gap is entirely on the governance side, and it is closeable"). However, it avoids emotional exploitation or distortion, focusing instead on structural solutions. The call to map supply chains and demand certification could be seen as a form of mission drift if MANRS+ becomes a de facto standard without broader industry consensus, but the argument itself is constructive.
Root cause: The paradigm here assumes that governance failures, not technical limitations, are the primary barrier to routing security. This echoes broader trends in cybersecurity where human and organizational factors outweigh technical ones. The unstated assumption is that providers will comply with MANRS+ if pressured by customers, which may not account for market incentives or resource constraints.
Implications: For human agency, this shifts responsibility from network engineers to organizational leaders and procurement teams. The cost of inaction is framed as exposure to routing incidents, while the benefit is resilience. Second-order consequences could include increased compliance burdens for smaller providers or a two-tiered internet where only MANRS+-certified networks are trusted.
Bridge questions: What evidence exists that MANRS+ certification actually reduces routing incidents in practice? How might smaller organizations with limited leverage over providers implement this framework? What alternative governance models could achieve similar outcomes without relying on certification?
Counterstrike scan: If this were part of a coordinated campaign, the playbook would involve elevating MANRS+ as the sole solution while downplaying alternative approaches or implementation challenges. The actual content does not match this pattern—it presents MANRS+ as one tool among others (e.g., RPKI) and acknowledges the governance gap as the core issue. No signs of manipulation detected.
Patterns detected: none
Sentinel — Human
This text functions as a high-quality summary of an expert discussion, effectively synthesizing complex concepts into an actionable governance framework.