I happen to have published research in this area[0]. There are two systems being developed to secure BGP.
The first is the RPKI which aims to provide a Public Key Infrastructure to attest to the origination of IP addresses. To grossly oversimplify it: everyone would get a certificate that says "AS X is allowed to originate IP prefix Y". Many routers already support the RPKI[1] and the RPKI is currently undergoing deployment[2], but it should take some time before operators begin using it to make routing decisions. Once used the RPKI offers substantial security benefits[3].
The second protocol is BGPSEC which is designed secure routing paths. It will use the RPKI as its foundation.
[0]: https://www.cs.bu.edu/~goldbe/papers/sigRPKI.pdf
[1]: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp...
Legacy.
BGP is a policy mechanism and sometimes the policies are either misconfigured or we can't trust hostile actors with access to wide open Internet (e.g. backwards countries null routing all of YouTube because censorship and it propagates outwards instead of inwards).
In most cases, if you are talking BGP to your ISP, your ISP filters your BGP traffic to only allow specific routes you can claim ownership of to be updated. Normally, non-infrastructure-level villains can't do bad BGP things if they have responsible upstream ISPs doing filtering correctly (kill you on flapping, kill routes you shouldn't be originating, etc). But, as we've seen with ISPs not even verifying UDP source address spoofing that allows you to generate multi-hundred-gigabit DDoS attacks, many ISPs are still run by morons.
BGP is also the magic behind anycast since you can intentionally duplicate any routes with no oversight (besides any upstream filtering in place).
what improvements are in the works
Good luck upgrading every embedded peering router in the world?
Is there a project like that for BGP?
The problem is how do you know which routes you should trust. Most ISPs should have a reasonable idea of what netblocks most of their customers should be advertising and should be filtering there; but between large ISPs, I don't think there's a reasonable way to determine if you should trust a given advertisement for a small block. The owner could have gotten alternate transit, or sold the block, or many other things.
BGP itself, is a path vector protocol (came from standard and vetted Graph Theory algorithms) and therefore for the scalability of the Internet Prefixes - works perfectly with many network devices talking the standard protocol.
Work has always been done within the IETF wg on BGP attributes that the protocol carries for many use-cases and so far BGP has been the preferable choice for many networks, both within an AS and outside an AS(Autonomous System).
You wouldn't want the Internet be controlled by a central authority, that is an absolute NO - at the same time - you have to work together to make sure the "global routing table" or the "default free zone" is not polluted with unnecessary updates and churn and overseeing misbehavior from other ASes.
I believe with so many disparate organizations and networks around the world - we could not have built a common talking "language"/"protocol" without having accountability into it and constantly monitoring it.
"You remember the RAT we sold you? Yea... That's broken because ... Help us or people might notice." If that's it.. Wow. This whole story gets more fishy by the minute.
The only one thing I trust here is the independence of the Italian prosecution system.
One similar technique was we basically created our own fake ISPs, disguised as rural wireless Internet providers. Paid yearly ARIN fees, had or own /20 blocks of IP space allocated, etc. We specifically requested ip filtering completely removed from our peering connection with major upstream/backbone ISPs. They did so without question. This allowed us to source route any IP out to the Internet. Then, we would purchase large blocks of IPs (a couple of /20s a month) from Romania and Argentina. We would create GRE tunnels over to RO and route them back to the US. It's been years since I was involved so my memory of the technical details is hazy now...
Internet was built on the premise that you can trust other organisations such as good willed universites, it was not built for a landscape of internet crime and state sponsored hackers.
BGP and central certificate authorities is flawed in princicple and this sense. Its very easy to create fake certificates for big organisations if you have the power of a state.
Diginotar is such an Epic fail of CA which shows exactly why you cannot trust central trust when there is state hackers at work.
So you either hijack BGP, DNS or Central certificate authority then you steal peoples cookies. Since most does not use two factor authentication that is enough to take ownership of their email accounts. Once the email accounts is compromised all other accounts can be compromised through password resets.
