The internet runs on a 40-year-old routing protocol that cannot verify where your data actually goes. Switzerland decided to replace it.

BGP — the Border Gateway Protocol — is the system that tells packets how to travel between networks. It has no built-in authentication. Any network operator can announce fake routes, redirecting traffic through hostile infrastructure. When something breaks, failover takes minutes. In July 2025, a BGP incident knocked Cloudflare’s 1.1.1.1 DNS resolver offline for over an hour. A month earlier, a single malformed BGP message caused major routers worldwide to automatically shut down their sessions.

Everyone knows BGP is broken. Almost nobody has tried to replace it.

ETH Zürich did. SCION — Scalability, Control, and Isolation On Next-Generation Networks — started as a research project in 2009 under computer science professor Adrian Perrig. It is not a patch on BGP. It is a different foundation.

Three mechanisms matter. First, multi-path routing: SCION establishes hundreds of parallel paths simultaneously, with failover measured in sub-millisecond intervals rather than minutes. Second, cryptographic path validation: every router signs packets, making silent route alteration impossible. Third, isolation domains let countries define their own trust roots instead of depending on global authorities.

This is not theoretical. Since 2021, Switzerland’s Secure Swiss Finance Network has run on SCION, handling roughly 220 billion Swiss francs in daily interbank settlement across approximately 120 financial institutions. “We didn’t notice a thing,” said Fritz Steinmann, a veteran network engineer in Swiss finance, describing a carrier shutdown test. “Failover had been below one millisecond.”

The catch: almost no one else uses it. Anapaya, an ETH Zürich spin-off, remains the sole commercial vendor. SCION lacks IETF standardization. Cisco won’t build support without a $20 billion addressable market. The chicken-and-egg problem persists.

“You cannot bolt on security,” Perrig told The Register. “You have to design differently.”

He is right. The question is whether the internet waits for another catastrophic BGP failure before it agrees with him.

Sources