May 20, 2026

Episode 105 -- The Invisible Layer: Governing Routing Security as a Supply Chain Risk

In Episode 105 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Andrei Robachevsky — Technical Director of the Internet Integrity Program at the Global Cyber Alliance, founding contributor to MANRS (Mutually Agreed Norms for Routing Security), former CTO of RIPE NCC, and former Senior Director of Technology Programs at the Internet Society — to examine a cybersecurity risk that almost no enterprise security team is governing: the internet routing layer.

Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation delivers a clear and actionable message: routing security is not a network engineering problem — it is a supply chain governance problem. The tools already exist. RPKI exists. MANRS exists. MANRS+ is nearly here. The gap is entirely on the governance side, and it is closeable. The organizations that will not find themselves in the next routing incident are the ones that start with a map of their connectivity supply chain and a single question to every provider: Are you MANRS+ certified?

To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-105-the-invisible-layer-governing-routing-security-as-a-supply-chain-risk/

Apple Podcasts podcast player iconSpotify podcast player iconRSS Feed podcast player iconAmazon Music podcast player iconAudible podcast player icon
Apple Podcasts podcast player iconSpotify podcast player iconRSS Feed podcast player iconAmazon Music podcast player iconAudible podcast player icon

In Episode 105 of the Cybersecurity Readiness Podcast Series, Dr. Dave Chatterjee is joined by Andrei Robachevsky — Technical Director of the Internet Integrity Program at the Global Cyber Alliance, founding contributor to MANRS (Mutually Agreed Norms for Routing Security), former CTO of RIPE NCC, and former Senior Director of Technology Programs at the Internet Society — to examine a cybersecurity risk that almost no enterprise security team is governing: the internet routing layer.

Opening with the June 2024 Cloudflare 1.1.1.1 BGP hijack incident — where two Brazilian network operators’ routing mistakes propagated to over 300 networks across 70 countries, silently rerouting traffic for several hours without triggering a single enterprise security alert — Dr. Chatterjee frames the episode’s central challenge: organizations with excellent perimeter controls, clean firewalls, and healthy identity systems can still have their user traffic redirected to unintended destinations by failures occurring on networks they have never heard of, in countries they have no operations in, governed by routing norms they have never been asked to consider.

Drawing on the February 2026 MANRS Report, Robachevsky explains that the Border Gateway Protocol (BGP) — the foundational routing system across nearly 80,000 autonomous networks — has no built-in authentication. Routing incidents occur 200 to 300 times per month, most of which are invisible to enterprise security teams, manifesting as unexplained outages or performance degradation rather than as identifiable threats. The implications range from SLA breaches and erosion of customer trust to man-in-the-middle exposure of silently rerouted traffic.

Analyzed through Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the conversation delivers a clear and actionable message: routing security is not a network engineering problem — it is a supply chain governance problem. The tools already exist. RPKI exists. MANRS exists. MANRS+ is nearly here. The gap is entirely on the governance side, and it is closeable. The organizations that will not find themselves in the next routing incident are the ones that start with a map of their connectivity supply chain and a single question to every provider: Are you MANRS+ certified?

To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-105-the-invisible-layer-governing-routing-security-as-a-supply-chain-risk/

Connect with Host Dr. Dave Chatterjee

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Books Published

The DeepFake Conspiracy

Cybersecurity Readiness: A Holistic and High-Performance Approach

Articles & Cases Published

Chatterjee, D. (2026). Root: Automating the Remediation Gap, Ivey Publishing, Jan 7, 2026.

Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.

Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.

Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024.

Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.

Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, Switzerland

Chatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022

Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020

Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.

Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.