BGP Security Milestone: Most Major Internet Providers Now Signing Routes

Cloudflare's "Is BGP Safe Yet?" tracker reports a significant milestone in internet infrastructure security: the majority of major transit providers and ISPs are now implementing both Route Origin Validation (ROV) and RPKI-based filtering, dramatically reducing the risk of BGP hijacking attacks.

What Is BGP Hijacking?

BGP (Border Gateway Protocol) is the routing protocol that holds the internet together. It's also famously insecure — any network operator can announce routes for IP addresses they don't own, potentially redirecting massive amounts of traffic. BGP hijacking has been used for:

• Nation-state surveillance (e.g., China Telecom's 2016 hijack of Western traffic)
• Cryptocurrency theft (e.g., the 2018 MyEtherWallet DNS hijack)
• Data interception and man-in-the-middle attacks

The Current State

According to the tracker, major providers now marked as safe include:

What Changed?

The shift has been driven by several factors:

• Increased awareness following high-profile incidents
• Mandatory filtering requirements from some governments and regulators
• Resource Public Key Infrastructure (RPKI) maturing as a practical deployment option
• Peer pressure from major content providers like Cloudflare and Google

Remaining Gaps

While progress is encouraging, not all networks are protected. Some providers still lack full RPKI deployment, and the system relies on the weakest link — an unprotected network can still propagate hijacked routes to its peers.

Why This Matters

BGP security isn't just a technical issue — it's fundamental to internet trust. As more critical infrastructure moves online, the risks from BGP hijacking grow exponentially. This milestone represents years of coordinated effort by network operators, standards bodies, and security researchers.

Source: Cloudflare isbgpsafeyet.com