The internet runs on trust. Specifically, it runs on a protocol called the Border Gateway Protocol, designed in 1989 on the back of three napkins — literally — by two engineers at an IETF meeting. BGP is the system by which autonomous networks tell each other how to route traffic across the global internet. It has worked remarkably well for decades. It has also been exploited, misconfigured, and hijacked with alarming regularity, causing outages that have knocked entire countries offline and redirected sensitive traffic through hostile networks.
Now Switzerland wants to do something about it. Not with a patch. Not with an incremental improvement. With a wholesale replacement.
The Swiss government has begun deploying SCION — Scalability, Control, and Isolation On Next-Generation Networks — as a parallel internet architecture designed to eliminate the security vulnerabilities that have plagued BGP since its inception. As The Register reported, the Swiss Federal Office of Information Technology is actively running SCION infrastructure and has brought major Swiss financial institutions, the country’s national railway system, and several government agencies onto the network. This isn’t a research paper or a conference demo. It’s production traffic.
SCION was developed at ETH Zurich under the direction of Professor Adrian Perrig, a computer scientist who has spent over a decade building what he describes as a fundamentally more secure internet architecture. The protocol replaces BGP’s trust-based routing with cryptographic path verification, meaning that data packets carry proof of their authorized route rather than relying on networks to honestly announce their reachability. In BGP, any autonomous system can announce that it’s the best path to any destination, and the rest of the internet will generally believe it. SCION doesn’t allow that.
The implications are significant. BGP hijacking — where traffic is intentionally or accidentally rerouted through unauthorized networks — has been responsible for some of the internet’s most consequential security incidents. In 2018, traffic destined for Amazon’s Route 53 DNS service was rerouted through a small ISP in Ohio, enabling the theft of approximately $150,000 in cryptocurrency. In 2022, a BGP misconfiguration briefly routed traffic for major websites through Russian networks. These aren’t edge cases. They happen with disturbing frequency.
And the fixes have been slow.
RPKI — Resource Public Key Infrastructure — is the industry’s current best answer to BGP security. It allows network operators to cryptographically sign their route announcements, enabling other networks to validate that an announcement is legitimate. But adoption has been glacial. According to NIST’s RPKI Monitor, global RPKI adoption among autonomous systems hovers around 40-50%, and even where it’s deployed, many networks don’t enforce validation, meaning they still accept unsigned or invalid routes. The U.S. government issued a roadmap in late 2024 pushing federal agencies toward RPKI adoption, but compliance timelines stretch years into the future.
Switzerland’s approach with SCION sidesteps this entire problem by not trying to fix BGP at all. Instead, it builds a separate routing infrastructure with security baked into the protocol from the ground up. SCION divides the internet into what it calls “isolation domains” — trust regions that manage their own routing internally while using cryptographic mechanisms to verify paths between domains. A packet traversing the SCION network carries its complete path in its header, cryptographically authenticated at each hop. There is no way for an intermediate network to silently redirect traffic without detection.
The Swiss financial sector has been the earliest and most enthusiastic adopter. The Swiss National Bank, SIX Group (which operates Switzerland’s stock exchange infrastructure), and several major Swiss banks are running production traffic over SCION. For financial institutions, where microseconds of latency and absolute certainty of routing paths matter enormously, the appeal is obvious. A BGP hijack that reroutes financial transaction data through an unauthorized network isn’t just a security incident — it’s a potential regulatory catastrophe.
Swisscom and Sunrise, Switzerland’s two largest telecommunications providers, are both offering SCION connectivity as a commercial service, which means this isn’t purely a government project. It has private-sector infrastructure backing it. The Swiss Secure Finance Network, known as SSFN, provides dedicated SCION connectivity for financial institutions, and according to reporting from The Register, it’s been operational since 2023.
But here’s the uncomfortable question: can a protocol born in Zurich actually displace something as deeply embedded as BGP?
The honest answer is probably not — at least not globally, and certainly not soon. BGP is the plumbing of the internet. Every router at every major exchange point in the world speaks it. Replacing it would be like replacing the gauge of every railroad track on the planet simultaneously. SCION’s architects know this, which is why they’ve designed the protocol to work alongside BGP rather than requiring a forklift replacement. SCION traffic can be encapsulated and tunneled over existing IP infrastructure, meaning organizations can adopt it incrementally without waiting for every network between them to upgrade.
This coexistence model is what makes the Swiss deployment interesting rather than quixotic. SCION doesn’t need universal adoption to deliver value. If two banks in Zurich want guaranteed, cryptographically verified routing between their data centers, they can have it today, even if the rest of the internet continues running BGP. The security benefits accrue to participants immediately, not only when some critical mass of adoption is reached.
That said, SCION faces real challenges beyond mere inertia. The protocol requires a hierarchical trust structure — isolation domains are organized under what SCION calls “core” autonomous systems that anchor trust for their region. Critics have pointed out that this reintroduces centralization into a system that was designed to be decentralized, and that the governance of these trust anchors could become politically contentious. Who decides which entities serve as trust anchors for a given region? In Switzerland, where government, academia, and the financial sector are tightly aligned, this question has a relatively clean answer. In regions with adversarial geopolitics, it’s far messier.
There’s also the question of performance. SCION’s cryptographic path verification adds overhead to every packet. In testing, this overhead has been modest — typically a few percent of additional latency — but at internet scale, even small per-packet costs compound. Proponents argue that the performance penalty is negligible compared to the security gains, and that modern hardware handles the cryptographic operations efficiently. Skeptics note that BGP’s simplicity is part of what made it scale to billions of devices.
The broader context here matters. Governments around the world are increasingly anxious about internet routing security. The European Union’s NIS2 directive, which took effect in October 2024, imposes new cybersecurity requirements on critical infrastructure operators, including telecommunications providers. Secure routing is explicitly mentioned as a concern. In the United States, CISA has published guidance urging network operators to adopt RPKI and has flagged BGP vulnerabilities as a national security risk. China has invested heavily in its own internet infrastructure with routing security as a stated priority, though through very different mechanisms and with very different governance implications.
Against this backdrop, Switzerland’s SCION deployment serves as a proof of concept that a BGP alternative can work in production at national scale. It’s small — Switzerland has roughly 8.8 million people — but it’s real. And the financial sector use case gives it credibility that academic demonstrations never could.
Anapaya Systems, a spin-off from ETH Zurich, commercializes SCION technology and provides the software and hardware that makes deployment practical for enterprises and service providers. The company has been actively marketing SCION beyond Switzerland, with pilot deployments reportedly underway in South Korea, Singapore, and parts of the European Union. Whether these pilots convert to production deployments will be a key indicator of SCION’s viability outside its home market.
One thing is clear: the status quo is unsustainable. BGP was designed for a network of a few hundred cooperating academic and government institutions. It now underpins a global network of over 75,000 autonomous systems, many of which are actively hostile to each other. The protocol has no built-in authentication, no path verification, and no mechanism to prevent a single misconfigured router in a small ISP from causing a cascade of routing failures across continents. Every year, the list of major BGP incidents grows longer.
RPKI helps. But it’s a patch on a fundamentally insecure design, and its voluntary nature means adoption will remain incomplete for the foreseeable future.
Switzerland is betting that the better approach is to start fresh. Not everywhere. Not all at once. But in the places where routing security matters most — financial networks, government communications, critical infrastructure — SCION offers something BGP never can: mathematical certainty that traffic follows its intended path.
Whether the rest of the world follows Zurich’s lead depends on whether the pain of BGP’s failures eventually exceeds the cost of adopting something new. History suggests that internet infrastructure changes only under extreme duress. The transition from IPv4 to IPv6, proposed in 1998, remains incomplete nearly three decades later. But BGP’s vulnerabilities are becoming harder to ignore with each passing year, and Switzerland has now demonstrated that an alternative exists, works, and can be deployed without tearing up the existing internet.
The napkin protocol has had a remarkable run. Thirty-seven years is a long time for any technology to remain dominant. But the internet it was designed for no longer exists, and the threats it was never built to handle are now constant. Switzerland’s answer isn’t theoretical. It’s running. Right now. On production networks carrying real financial transactions and government communications.
The question isn’t whether BGP needs replacing. It’s whether anyone beyond Switzerland has the institutional will to actually do it.


WebProNews is an iEntry Publication