For four decades, the Border Gateway Protocol has been the internet's invisible backbone, routing data between thousands of independent networks with remarkable efficiency. It was designed to work, not to be secure. That fundamental choice has proven consequential.
SCION, which stands for Scalability, Control, and Isolation On Next-Generation Networks, is an internet routing architecture developed at ETH Zürich that does not attempt to retrofit security onto a 40-year-old foundation. It replaces the foundation entirely. Despite two decades of development and proven deployments in critical infrastructure, adoption beyond Switzerland remains minimal.
It is trivial and quite common for networks to announce incorrect information, whether accidentally or maliciously, and allow packets to be sent with forged IP addresses. This can lead to service disruption, traffic interception, redirection or modification, and large-scale distributed denial-of-service attacks, all of which pose significant security risks to enterprises and governments. Activists, criminals, and state-level actors have increasingly targeted the routing system to steal data, cause disruption, impose censorship, undertake espionage, and conduct cyberwarfare.
A boat full of holes
According to The Register, patches and extensions like Resource Public Key Infrastructure (RPKI) and BGPsec have been layered over BGP in an attempt to address its worst vulnerabilities. However, they help only at the margins without solving the underlying problem.
Kevin Curran, a cybersecurity professor at Ulster University, independently validates SCION's technical claims, saying that isolation domains and cryptographic signing are the core of what makes the protocol meaningful: "A genuine attempt to give senders and receivers control over the path their data takes, rather than leaving it to intermediate routers whose behaviour cannot be verified."
SCION operates through three interlocking mechanisms. First, it establishes tens or even hundreds of parallel paths between two points, allowing millisecond rerouting if one fails. Second, it replaces global trust anchors with isolation domains where countries or regions define their own trust roots, containing failures locally rather than propagating them globally. Third, every router along a path provides a cryptographic signature, preventing packets from being silently rerouted.
The practical implications are significant. Fritz Steinmann, a network engineer at SIX Group, noted that the old Finance IPNet required three to four minutes to detect carrier failure, perform failover, and re-establish connections. During SSFN testing, the new SCION-based network completed the same process in milliseconds.
Proven in practice, stalled in principle
SCION is utilised for the Secure Swiss Finance Network, the SCION Education, Research and Academic Network, and is being deployed on the Swiss Health Info Net. These deployments represent mission-critical infrastructure. Swiss interbank clearing alone handles around 220 billion Swiss francs daily, making failure unacceptable.
Despite these operational successes, SCION faces multiple barriers to wider adoption. The most immediate is vendor concentration. As The Register reported, Anapaya, a spin-off from ETH Zurich, currently provides the only commercial implementation. Cisco has told operators directly that they are not interested unless SCION becomes a $20 billion business, creating a catch-22: the protocol cannot reach that scale without companies like Cisco, yet those companies see insufficient current demand.
The deeper barrier is psychological. Infrastructure that functions—even imperfectly—is difficult to replace. Nobody notices when routing works. Everyone notices when it fails. Justifying the expense and operational risk of overhauling infrastructure to prevent future vulnerabilities, rather than addressing present problems, is a hard sell to boards of directors.
What would drive change
According to cybersecurity researcher Kevin Curran, nation-state attacks that reroute traffic and take down national infrastructure—acts of war at the network level—would be the prime mover for SCION adoption. "We have to see how state-sponsored attacks work in the next year or so. That would be the prime mover," he says.
SCION is increasingly discussed in the context of European digital sovereignty. Its architecture has obvious relevance to that project, as isolation domains allow countries or regions to define their own trust roots, independent of US-based certificate authorities. The theoretical kill switch that a hostile state actor might pull on conventional internet routing does not exist in a well-designed SCION deployment.
In the meantime, SCION deployment will likely continue to creep forward in high-consequence sectors where the security and availability case is overwhelming. Banking, healthcare, and critical infrastructure operators have little patience for the vulnerabilities that plague the broader internet. The question is whether the rest of the world will wait for catastrophic failure before taking seriously an alternative that Switzerland has already built.