Living on the Borderline: How BGP’s Blind Faith Puts Your Data at Risk
The internet is broken — at least when it comes to security.
One of the biggest culprits is Border Gateway Protocol (BGP) which determines how traffic moves across the internet.
The problem is that BGP doesn’t care about security. It doesn’t care about compliance. It doesn’t even care about national borders. It just wants to find the fastest way to get data from point A to point B.
That’s great for efficiency but a nightmare for security.
And if you think traditional compliance frameworks can fix it, think again. The digital world runs on algorithms and protocols, not laws and regulations.
BGP doesn’t recognize your legal jurisdiction. This can lead to major issues like violating the European Union’s General Data Protection Regulation (GDPR) without even knowing it.
The internet doesn’t respect borders
BGP was designed for connectivity, not security.
It makes real-time routing decisions based on peering agreements and network congestion. It doesn't care whether a country’s laws require certain data to stay within its borders.
Governments can legislate all they want. But they can’t stop BGP from sending sensitive data across international lines.
It gets worse. Because BGP is based on trust — blind trust — it’s incredibly easy to exploit.
BGP is a relic of a different time, a time when security wasn’t an afterthought but rather not a thought at all.
Ever heard of a BGP hijack? That’s when a malicious actor, or even a nation-state, manipulates BGP routes to redirect internet traffic through their own infrastructure.
One of the most infamous attacks was in 2010. China Telecom hijacked 15% of the world’s internet traffic for 18 minutes, rerouting data through Beijing.
They did it again in 2015 and 2016. And there have been increasing reports of Russia doing the same thing in recent years.
Why Zero Trust is the fix
The fundamental problem with BGP is that it assumes trust. As I’ve been saying for years, trust is a vulnerability. That’s why we need Zero Trust.
Zero Trust doesn’t care about the route a packet takes. It doesn’t care if your data gets hijacked or rerouted through a foreign adversary’s infrastructure.
Why? Because Zero Trust doesn’t rely on the network to provide security. Instead, it focuses on the protect surface — the critical data, assets, applications, and services (DAAS) that matter most to your organization.
Here’s how Zero Trust solves the BGP problem:
- Least-privilege access: Even if an attacker reroutes your data, Zero Trust policies prevent them from using stolen credentials or exploiting over-permissioned accounts to gain deeper access.
- Microsegmentation: If an attacker hijacks your traffic, it doesn’t matter if they can’t access anything valuable. Segmentation ensures that only explicitly authorized communications are allowed, limiting where an attacker can go in your network and reducing a breach’s impact.
- Verification at every step: In a Zero Trust architecture, every packet is inspected, authenticated, and verified before it’s allowed to interact with anything sensitive. If something looks suspicious, it’s blocked.
The internet wasn’t built to be secure, but Zero Trust ensures that security is always the priority.
BGP won’t change, but your security can
If you're still relying on traditional perimeter defenses and hoping compliance frameworks will save you, you're already exposed. The only real security comes from enforcing Zero Trust — stop trusting the network and start controlling it.
The internet isn’t secure, and it won’t be anytime soon. That’s why it’s on you to rethink your security strategy.