arXiv: Understanding the Stealthy BGP Hijacking Risk in the ROV Era

A new research paper published on arXiv on June 22, 2026, titled "Understanding the Stealthy BGP Hijacking Risk in the ROV Era," highlights a critical vulnerability in internet routing security. The study demonstrates that even with Resource Public Key Infrastructure (RPKI) and Route Origin Validation (ROV) deployed—currently considered best practice—attackers can still perform stealthy Border Gateway Protocol (BGP) hijacks. These attacks bypass existing ROV protections by exploiting gaps in how route announcements are validated, allowing malicious actors to intercept or redirect internet traffic without detection.

This finding directly affects any organization that relies on BGP for internet connectivity, including cloud service providers, financial institutions, telecommunications companies, and critical infrastructure operators. Under the EU's NIS2 Directive and Digital Operational Resilience Act (DORA), these entities are required to ensure robust network security and incident response capabilities. The stealthy hijack risk means that current ROV-based defenses may not fully satisfy regulatory obligations to protect against routing threats, potentially exposing firms to data interception, service disruption, and compliance penalties.

Compliance teams should immediately assess whether their current BGP security posture relies solely on ROV and RPKI. They must update their risk assessments to include this new attack vector and consider implementing additional defenses such as BGPsec, path validation, and real-time anomaly detection. Teams should also review incident response plans to ensure they can detect and mitigate stealthy hijacks, and document these measures in their regulatory compliance reports to demonstrate proactive risk management under NIS2 and DORA.