Routing Security Survey Report: Findings Release I

Intro to the Survey— Demographics

Through the first half of 2021, the Global Cyber Alliance conducted a survey of network operators, seeking to understand the state of concern and preparedness for security issues in routing. In this post, and with posts over the coming weeks, we will share our compiled results and findings.

The first five posts will each go through one group of questions from the survey and share the results from the survey. In subsequent posts, we will consider compound questions and dig into the data a little more. Throughout this process, if you have specific questions the data analysis might answer, we will be happy to consider them for those future posts (please use our social media posts on LinkedIn and Twitter for that, under the #RoutingSecurity hashtag). Finally, the collection of posts will be collated, polished, and published as a complete and referenceable report from the survey project.

We are going to start by sharing the ‘demographic’ data from the survey in today’s post.

Before getting to that, it is worth understanding a bit about how we cleaned up the raw data. There were three versions of the survey— because a few logic errors and inconsistencies slipped into the first version, and we were several respondents in before becoming aware of the problems. Looking at the survey dumps, it is pretty clear that the logic errors were confusing people and causing them to abandon the survey altogether. Fortunately, several of the original respondents were willing to complete the survey once we had sorted the final version. Other would-be respondents spent so little time on the survey that it was clear they were just following curiosity, or bookmarked it for later. Removing those responses from the dataset left us with 51 ‘real’ responses out of the 137 entries in the dump from the survey tool.


Approximately 70 % of the 51 survey responses analyzed included enough address information to determine their region. Responses were mostly from Europe and North America, but there was representation from all regions.

Let’s go through the questions now:

Are you in an executive or technical position?

Answer options (non-exclusive) were:

  • Executive
  • Technical
  • Other (please specify)

Some respondents selected both ‘executive’ and ‘technical’; ‘other’ responses included:

  • Commercial and Product Management
  • Network Engineer Team Leader


What type of organization is it?

Answer options (only one answer permitted):

  • Backbone (transit) network
  • Home ISP
  • Enterprise customer ISP
  • IXP
  • Academic network
  • Government network
  • CDN
  • Cloud Provider
  • CERT organization
  • Network Equipment supplier
  • Other (please specify)

‘Other’ responses included:

  • Nonprofit organization
  • DNS
  • Software development
  • Provincial research and education network
  • ISP home [and] enterprise
  • Backbone (transit) network, home ISP, enterprise customer ISP, CDN, cloud provider

What is the size of your network?

Respondents selected the range in which the size of their company’s network fell from the following:

  • 0 – 10 nodes
  • 11 – 100 nodes
  • 101 – 1,000 nodes
  • 1,001 – 10,000 nodes
  • 10,001 – 100,000 nodes
  • Larger
  • N/A


Network interconnects are primarily for…

Respondents could choose one of the following as the primary purpose of network interconnects:

  • Providers
  • Customers
  • Other (please specify)

And the ‘other answers were:

  • We use network interconnects for both members, inter-site connections and from providers
  • Both

This concludes the introduction and review of the survey respondents’ demographic information. As we go through more components of the survey, consider whether it would be useful to drill down to compare and contrast the responses from different segments of our responses— by geographic region, role type, any of the other demographic information here. Let us know what you would like to see!

Next time… we will go through the questions and responses related to ‘Perceived threats and importance of security.’ See you in one week!


The author, Leslie Daigle, is the Chief Technical Officer and the Director of the Internet Integrity Program at the Global Cyber Alliance. You can follow her on Twitter or connect with her on LinkedIn.