The internet’s core routing system, known as the Border Gateway Protocol (BGP), is facing scrutiny as experts warn that BGP hijacking prevention remains insufficient, leaving global data flows exposed to misdirection, espionage, and outages regardless of decades of patches layered onto an architecture never designed with security in mind.
The BGP security shows how data travels across the internet, connecting thousands of autonomous systems (ASes) operated by telecom providers, tech firms, and institutions.
Often compared to a postal service, BGP determines the mostSwit efficient route for data packets as they hop between networks worldwide. It’s the simplicity and the scalability that have made it essential but also dangerously trusting.
That trade-off has defined the internet for more than 40 years, and while BGP security enables seamless global communication, it still lacks a built-in mechanism to verify whether a network announcing a to do so.
The result of BGP hijacking prevention is a system where traffic can be silently rerouted, intercepted, or dropped sometimes accidentally, often maliciously.
Protocol Built on Trust and then Exploited
Real-world incidents highlight the risks in BGP alternatives. In 2008, an attempt by a Pakistani Internet service providers (ISP) to block YouTube domestically ended up redirecting global traffic, taking the platform offline worldwide.
More recent attacks have been more targeted and sophisticated due to insufficient BGP hijacking prevention.
In 2017, a Russian Autonomous System that had never been active before started announcing 80 prefixes for popular websites, such as Google, Apple, Facebook, and Microsoft, eventually redirecting the traffic through Russia.
A year later, attackers exploited BGP autonomous systems range to redirect traffic to a fake Amazon cloud endpoint, stealing cryptocurrency. Again, BGP hijacking prevention, nowhere to be found.
Yet, such BGP hijacks incidents are not rare.
According to industry data, thousands of BGP hijacks related disruptions occur annually; many unnoticed by end users. A European survey found that “44% of providers answering the survey said that the impact of BGP incidents is high, affecting large numbers of users and lasting for many hours.”
The structural issue of BGP is that it relies on implicit trust between networks. Meaning once incorrect routing information is introduced, whether by error or BGP hijacks, it can quickly propagate across the internet.
These external BGP events, known as route leaks or hijacks, can allow for an espionage, financial theft, or large-scale service disruption.
“What we have had over 40 years is a series of Band-Aids,” one cybersecurity academic observed.
The Internet’s Routing Foundation
Frustration with patchwork solutions has driven interest in BGP alternatives and their architectures, such as Scalability, Control, and Isolation On Next-Generation Networks (SCION)
Developed at ETH Zürich, SCION reimagines routing with security built into its core rather than added later.
Its approach differs fundamentally from the BGP path vector protocol. Instead of relying on a single path, SCION uses a multi path routing, which maintains multiple routes simultaneously so that traffic can switch in an instant if one fails. It also introduces isolation domains, limiting the spread of failures or attacks across regions, and enforces cryptographic validation at every step of a packet journey.
“You cannot bolt on security,” said SCION architect Adrian Perrig, adding, “you cannot get to a truly secure global network unless you actually change the design.” He likens current internet security to “a boat full of holes,” where constant patching fails to address deeper structural flaws.
In Switzerland’s financial sector, SCION powers network handling billions in daily transactions, with multiple failure times measured in milliseconds far faster than traditional systems that can take minutes to recover.
Fast adoption faces overwhelming barriers, while BGP autonomous system remains deeply embedded, standardized, and globally interoperable.
By contrast, newer internet architecture must overcome industry inertia, lack of standardization, and the reluctance to overhaul functioning infrastructure.
Fritz Steinmann, who spent 30 years as a network engineer in the Swiss financial sector, said, “We have gotten a bit numb… not really thrilled to see the advantages of a new foundation.”
For now, the internet continues to rely on a path vector routing protocol built for a more trusting time. Whether important improvements can keep pace with escalating threats or whether a fundamental redesign of BGP hijacking prevention becomes unavoidable and may depend on the scale of the next major failure.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Telecom sections to stay informed and up-to-date with our daily articles.