Why our rickety internet infrastructure needs an upgrade

The internet is an increasingly essential part of international infrastructure. Recent events have shown that it is also vulnerable to collapse.

Cybercrime cover illustration

What’s happened? 

Last Tuesday morning, for about an hour, some of the internet’s most visited websites were unavailable, including Amazon, Reddit, PayPal and Spotify. Also down were the BBC, The Guardian, the Financial Times, The New York Times and CNN. Perhaps most worrying, the UK government’s gov.uk domain was among those knocked out. The cause wasn’t any kind of malicious attack or conspiracy. Rather, it was the result of a single customer of Fastly – a San Francisco-based content-delivery network – updating their configuration settings, and unwittingly triggering a hitherto unknown bug in Fastly’s new software. 

How could that take down Amazon?

Due to the way the internet has grown and changed as the amount of web data has ballooned. Specifically, it’s due to the rise of content-delivery networks (CDNs) – that is, cloud services that provide a worldwide fleet of servers to customers who cannot easily handle bandwidth spikes on their own. The purpose of CDNs (ironically enough) is to make the internet faster and more stable by letting users connect to servers physically close to them. Their main job is to provide “digital liquidity” – giving businesses greater geographical spread and proximity to customers, flexibly absorbing shocks and pooling the costs of maintaining spare capacity. Fastly is the fifth-largest provider globally. But there’s a paradox here. 

What’s that?

The whole idea of the internet is built on decentralisation, and the resilience that comes from widely distributed risk. Yet the CDN model tends towards “market concentration because it depends on overwhelming bandwidth, economies of scale, expensive physical data centres and serious programming talent”, says Corinne Cath-Speth of the Oxford Internet Institute in The Daily Telegraph. The three biggest CDNs are Cloudflare, Amazon Web Services (AWS) and Akamai. Together they have around 89% of the market and all have suffered similar episodes since 2010. In this case, Fastly at least lived up to its name, getting 95% of the network back up and running as normal within the hour. 

How much financial damage did it do?

Estimates vary wildly from millions of pounds to many billions. ParcelHero, the e-commerce delivery company, estimated that retailers across the UK, Europe and US will have lost around £1bn because of the outage. Counterintuitively, Fastly itself was not among those to take a hit. Although its share price dropped 5% as news broke of the issue, the share price ended the day up 11%. Investors were either impressed by the swift resolution, or maybe those who hadn’t heard of the firm before liked what they saw. But either way, the whole episode has heightened worries about the inherent vulnerabilities of the internet.  

Is this just a commercial issue?

No, it’s a security and geostrategic issue too. If the Fastly farce “makes the modern internet sound alarmingly like a house of cards built on shaky foundations, that’s because it is”, says James Ball on CapX. The services, like Fastly, that keep the network operating behind the scenes “have long chains of dependencies – one service might draw on code from another site, that in turn relies on open-source code libraries that may or may not have been kept updated for decades”. This architecture makes big firms vulnerable to internet breakdowns. But it also means that malign actors – state or otherwise – have no shortage of targets. “A country wanting to launch a military operation against a neighbour could, for example, launch massive cyberattacks to take out much of the internet... Others might take down the internet for fun, or for profit.”

How big a threat are such attacks?

Big and getting bigger. Ransomware attacks have surged by 60% over the past year, with recent high-profile targets including Ireland’s health service and Colonial Pipeline in the US, which exposed the risks to critical energy infrastructure in the world’s biggest economy. Moreover, the average ransom payment has roughly doubled over the past year, according to Coveware, a tracking firm. Here in the UK, the nation’s cyberdefence chief has warned that criminal hackers carrying out ransomware attacks now pose a bigger risk to UK national security than online espionage by hostile states. In a speech this week, Lindy Cameron –  chief executive of the National Cyber Security Centre, a branch of GCHQ – discussed the very real threats to business and security from state actors including China, North Korea, Iran and Russia. But for most people and businesses – including suppliers of critical national infrastructure and government services – “the primary threat is not state actors but cybercriminals”, says Cameron. 

What can be done?

Ransomware is obviously separate from the issue of structural vulnerabilities exposed by the Fastly affair, but both are about threats to internet infrastructure robustness. On the ransomware issue, says the ex-MI6 boss Alex Younger in the Financial Times, it’s clear that many of the key groups are based in Russia, and are tolerated as long as they don’t threaten Russian interests. Thus, part of the solution involves getting President Putin to own the problem, using the “full range of geopolitical carrots and sticks”. Second, governments should discourage the payment of ransoms, make it compulsory for such payments to be disclosed, and must upgrade their anti-money-laundering capabilities for the age of cryptocurrencies. On the wider infrastructure issue, says John Villasenor of the Brookings Institution, government should promote diversification in the number and types of firms providing infrastructure services. There’s been an intense government focus in recent years on visible parts of the internet ecosystem. Henceforth, policymakers must be equally focused on the bits of the internet we don’t normally see. 

Recommended

Sterling crashes to its lowest since 1985 after mini-Budget
Currencies

Sterling crashes to its lowest since 1985 after mini-Budget

The pound has fallen hard and is heading towards parity with the US dollar. Saloni Sardana explains why, and what it means for the UK, for markets and…
23 Sep 2022
Earn 3.7% from the best savings accounts
Savings

Earn 3.7% from the best savings accounts

With inflation topping 10%, your savings won't keep pace with the rising cost of living. But you can at least slow the rate at which your money is los…
23 Sep 2022
Three top-notch Asian stocks to buy
Share tips

Three top-notch Asian stocks to buy

Professional investors Adrian Lim and Pruksa Iamthongthong, managers of the Asia Dragon Trust, pick three of their favourite Asian stocks to buy now.
23 Sep 2022
How to use Section 75 credit card protection for your purchases
Credit cards

How to use Section 75 credit card protection for your purchases

Your credit card can give you extra protection when the goods or services you purchase fall short of your expectations. Ruth Jackson-Kirby explains ho…
23 Sep 2022

Most Popular

Why we should abolish stamp duty – the worst tax in Britain
Tax

Why we should abolish stamp duty – the worst tax in Britain

Stamp duty is Britain’s most horrible tax. We should forget cutting it and abolish it altogether, says Merryn Somerset Webb.
22 Sep 2022
Mini-Budget: stamp duty and income tax cut as Kwarteng targets growth
Tax

Mini-Budget: stamp duty and income tax cut as Kwarteng targets growth

Chancellor Kwasi Kwarteng announced sweeping tax cuts in his mini-Budget statement. Here's what was said.
23 Sep 2022
Could gold be the basis for a new global currency?
Gold

Could gold be the basis for a new global currency?

Gold has always been the most reliable form of money. Now collaboration between China and Russia could lead to a new gold-backed means of exchange – g…
22 Sep 2022