[ozr]

Yes. Whether or not a particular standard has been implemented is not interesting. What matters is the result.

Is BGP an attack vector that matters for the vast majority of threat models right now? I would say no. Given that: there is no need for (inevitably) poor regulation.

[viraptor]

If your operation includes communication over internet, bgp hijack is in your threat model (or your threat model is incomplete). I don't understand how "endpoints we care about may become unreachable" is not a big point for everyone. (Unless your business is extremely async and a day of delays is insignificant)

[ozr]

By this logic, I should be concerned about defending against raccoon attacks since they are endemic to my area and I often go outside.

The point is that, in practice, the attacks are so uncommon and mitigated by so many other factors that the cost involved of further mitigation it isn't worth it.

You develop a threat model to specifically get rid of concerns like this; not to list every possible attack vector imaginable.