Dr. Renzo Pfister is a composite character, a routing-protocol Frankenstein stitched together from the documented careers of researchers who've spent decades trying to fix the internet's most fragile layer. Any resemblance to real professors at Swiss technical universities who founded spinoff companies and received prestigious security awards is, let's say, structurally inevitable.

The internet's routing system runs on a protocol designed in 1989, when the network was small enough that everyone operating it more or less knew each other. The Border Gateway Protocol tells traffic where to go by trusting that the directions it receives are honest. It has no mechanism to verify them.

This has been a known critical vulnerability for over two decades. More than fifty standard-track RFCs, multiple peer-reviewed surveys, at least one memorable Black Hat presentation.¹ The solutions proposed have been met with what one Georgia Tech study diplomatically called "a remarkable lack of consensus on what needs to be secured or validated."²

Meanwhile, in Switzerland, a handful of banks have been running production traffic on an architectural replacement for over three years. The protocol carries data along paths chosen by the sender, not by a chain of trusting routers. It works. Almost nobody outside Switzerland has noticed.

I met Dr. Renzo Pfister at a café near Zurich's Hauptbahnhof, where the trains run with a punctuality that feels like a rebuke to everything he studies. He ordered an espresso, checked his phone ("just making sure the internet is still held together with tape"), and settled in.

You spent the first half of your career writing papers about what's wrong with BGP. Thousands of citations accumulated. What did all that documentation accomplish?

Renzo: Very nice citation counts. I know researchers in this space with nearly eighty thousand citations.³ That's a real number. People read the work. They cited it in their own papers. And then everyone went back to operating the same broken infrastructure.

The academic literature on BGP vulnerabilities is thorough. Butler's 2010 survey in the Proceedings of the IEEE laid it out beautifully: the design of BGP and the ubiquity of its deployment have frustrated every attempt at securing it.⁴ That was sixteen years ago. The ScienceDirect survey in 2018 said the same thing with updated examples.⁵ We are not suffering from a knowledge deficit. We are suffering from the knowledge being completely irrelevant to the actual decision-making process.

Irrelevant how?

Renzo: Because the decision to keep using BGP isn't made by anyone. That's what people outside networking don't understand. There is no meeting where someone reviews the vulnerability literature and says, "Yes, but we'll accept the risk." There is no someone.

So you stopped writing papers about what's broken and started building a replacement.

Renzo: [laughs] "Pivoted" would make it sound strategic. My colleagues had a different word for it. Several words, actually, but "career suicide" was the polite version.

They weren't wrong! If you're an academic, the incentive structure rewards you for identifying problems, not for spending fifteen years building something that requires the entire world to coordinate in order to adopt. The smart career move is to publish another paper about BGP vulnerabilities, collect your citations, and let someone else worry about deployment. I was not smart in that particular way.

What made you think replacement was even possible?

Renzo: Frustration. Pure frustration. There's a moment, and I think anyone who's worked in this space long enough hits it, where you realize the patch approach is self-similar. RPKI, the current best hope for securing BGP, reproduces exactly the same coordination problem as BGP itself. It only works if enough networks implement it. As of now, something like six and a half percent of internet users are fully protected by Route Origin Validation.⁶

Six and a half percent. After years of deployment effort.

And RPKI only handles accidental misconfigurations. A determined adversary can still forge a path that validates cleanly. So you're patching a coordination failure with a solution that requires... coordination. It's patches all the way down. At some point you either make peace with that, or you try something structurally different.

The structurally different thing works. In Switzerland.

Renzo: It works in Switzerland. Yes. Several banks, production traffic, more than three years now. Native connectivity across a hundred data centres in over ten countries.⁷ The Swiss National Bank published a working paper examining it for cross-border payments.⁸ This is not a research prototype. This is infrastructure.

Why Switzerland?

Renzo: [pauses, stirs espresso] Because Switzerland is small. I don't mean that dismissively. I'm Swiss, I'm allowed to say it. The actors knew each other. The banks had shared incentives: same regulatory environment, same threat models. The government was interested. The coordination surface was manageable. You could fit the relevant decision-makers in a room. Several rooms, over several years, but rooms.

The global internet does not fit in a room.

A cybersecurity professor, Kevin Curran, said SCION-type architectures will only get adopted globally after a nation-state attack that reroutes traffic and takes down national infrastructure. An act of war at the network layer.⁹

Renzo: [long pause]

I know that quote. And I hate it because it's probably right.

The pattern with infrastructure is always the same. The cost of the vulnerability is diffuse and ongoing, but the cost of replacement is concentrated and immediate. Nobody budgets for "the thing that hasn't catastrophically failed yet." So you wait. And while you wait, you add another patch, and that patch creates its own dependencies, its own vendor relationships, its own organizational investments. Each patch closes the window for replacement a little further. Not because the replacement is worse, but because the workaround has a constituency now.

So the window is closing.

Renzo: It's been closing since 1994. Every RFC that extends BGP is a successful coordination event within the existing standard. There are over fifty of them.² Each one makes the next patch easier and the replacement harder. That's not a conspiracy. It's just how infrastructure works.

Does that make you pessimistic?

Renzo: It makes me Swiss. We're comfortable with long timelines.

What would it take, short of catastrophe?

Renzo: IETF standardization would help enormously. Right now, the architecture only has an Independent Stream RFC in progress. Large organizations won't deploy non-standardized protocols; the risk of diverging implementations and costly future changes is too high. And there's a catch-22: you can't get vendor competition without wider deployment, and you can't get wider deployment without vendor competition.⁷

But the real answer is: more Switzerlands. More places where the coordination surface is small enough and the incentives are aligned enough to actually deploy. You don't replace the global internet all at once. You build islands of better infrastructure and let them grow.

And if they don't?

Renzo: Then we'll have very well-cited papers explaining exactly why.

He finishes his espresso. Outside, a train departs on time.

Footnotes

1. Dark Reading, "BGP Software Vulnerabilities Overlooked in Networking Infrastructure," 2023. https://www.darkreading.com/vulnerabilities-threats/bgp-software-vulnerabilities-overlooked-in-networking-infrastructure ↩

2. Testart, C., "Reviewing a Historical Internet Vulnerability: Why Isn't BGP More Secure and What Can We Do About It?" Georgia Tech/MIT, TPRC 2018. https://faculty.cc.gatech.edu/~ctestart8/publications/BGPhist.pdf ↩ ↩²

3. Adrian Perrig, Google Scholar profile. https://scholar.google.com/citations?user=n-Oret4AAAAJ&hl=en ↩

4. Butler et al., "A Survey of BGP Security Issues and Solutions," Proceedings of the IEEE, Vol. 98, No. 1, January 2010. https://www.cise.ufl.edu/~butler/pubs/bgpsurvey.pdf ↩

5. "The state of affairs in BGP security: A survey of attacks and defenses," ScienceDirect, 2018. https://www.sciencedirect.com/science/article/abs/pii/S014036641731068X ↩

6. Cloudflare ROV measurement data, as reported by The Register, March 2026. https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/ ↩

7. The Register, "Switzerland built an alternative to BGP. Nobody noticed," March 17, 2026. https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/ ↩ ↩²

8. Swiss National Bank Working Papers / ETH Zurich Network Security Group, 2025. https://netsec.ethz.ch/people/aperrig/ ↩

9. Kevin Curran, quoted in The Register, March 17, 2026. ↩