What’s happened?
Last Tuesday morning, for about an hour, some of the internet’s most visited websites were unavailable, including Amazon, Reddit, PayPal and Spotify. Also down were the BBC, The Guardian, the Financial Times, The New York Times and CNN. Perhaps most worrying, the UK government’s gov.uk domain was among those knocked out. The cause wasn’t any kind of malicious attack or conspiracy. Rather, it was the result of a single customer of Fastly – a San Francisco-based content-delivery network – updating their configuration settings, and unwittingly triggering a hitherto unknown bug in Fastly’s new software.
How could that take down Amazon?
Due to the way the internet has grown and changed as the amount of web data has ballooned. Specifically, it’s due to the rise of content-delivery networks (CDNs) – that is, cloud services that provide a worldwide fleet of servers to customers who cannot easily handle bandwidth spikes on their own. The purpose of CDNs (ironically enough) is to make the internet faster and more stable by letting users connect to servers physically close to them. Their main job is to provide “digital liquidity” – giving businesses greater geographical spread and proximity to customers, flexibly absorbing shocks and pooling the costs of maintaining spare capacity. Fastly is the fifth-largest provider globally. But there’s a paradox here.
What’s that?
The whole idea of the internet is built on decentralisation, and the resilience that comes from widely distributed risk. Yet the CDN model tends towards “market concentration because it depends on overwhelming bandwidth, economies of scale, expensive physical data centres and serious programming talent”, says Corinne Cath-Speth of the Oxford Internet Institute in The Daily Telegraph. The three biggest CDNs are Cloudflare, Amazon Web Services (AWS) and Akamai. Together they have around 89% of the market and all have suffered similar episodes since 2010. In this case, Fastly at least lived up to its name, getting 95% of the network back up and running as normal within the hour.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
How much financial damage did it do?
Estimates vary wildly from millions of pounds to many billions. ParcelHero, the e-commerce delivery company, estimated that retailers across the UK, Europe and US will have lost around £1bn because of the outage. Counterintuitively, Fastly itself was not among those to take a hit. Although its share price dropped 5% as news broke of the issue, the share price ended the day up 11%. Investors were either impressed by the swift resolution, or maybe those who hadn’t heard of the firm before liked what they saw. But either way, the whole episode has heightened worries about the inherent vulnerabilities of the internet.
Is this just a commercial issue?
No, it’s a security and geostrategic issue too. If the Fastly farce “makes the modern internet sound alarmingly like a house of cards built on shaky foundations, that’s because it is”, says James Ball on CapX. The services, like Fastly, that keep the network operating behind the scenes “have long chains of dependencies – one service might draw on code from another site, that in turn relies on open-source code libraries that may or may not have been kept updated for decades”. This architecture makes big firms vulnerable to internet breakdowns. But it also means that malign actors – state or otherwise – have no shortage of targets. “A country wanting to launch a military operation against a neighbour could, for example, launch massive cyberattacks to take out much of the internet... Others might take down the internet for fun, or for profit.”
How big a threat are such attacks?
Big and getting bigger. Ransomware attacks have surged by 60% over the past year, with recent high-profile targets including Ireland’s health service and Colonial Pipeline in the US, which exposed the risks to critical energy infrastructure in the world’s biggest economy. Moreover, the average ransom payment has roughly doubled over the past year, according to Coveware, a tracking firm. Here in the UK, the nation’s cyberdefence chief has warned that criminal hackers carrying out ransomware attacks now pose a bigger risk to UK national security than online espionage by hostile states. In a speech this week, Lindy Cameron – chief executive of the National Cyber Security Centre, a branch of GCHQ – discussed the very real threats to business and security from state actors including China, North Korea, Iran and Russia. But for most people and businesses – including suppliers of critical national infrastructure and government services – “the primary threat is not state actors but cybercriminals”, says Cameron.
What can be done?
Ransomware is obviously separate from the issue of structural vulnerabilities exposed by the Fastly affair, but both are about threats to internet infrastructure robustness. On the ransomware issue, says the ex-MI6 boss Alex Younger in the Financial Times, it’s clear that many of the key groups are based in Russia, and are tolerated as long as they don’t threaten Russian interests. Thus, part of the solution involves getting President Putin to own the problem, using the “full range of geopolitical carrots and sticks”. Second, governments should discourage the payment of ransoms, make it compulsory for such payments to be disclosed, and must upgrade their anti-money-laundering capabilities for the age of cryptocurrencies. On the wider infrastructure issue, says John Villasenor of the Brookings Institution, government should promote diversification in the number and types of firms providing infrastructure services. There’s been an intense government focus in recent years on visible parts of the internet ecosystem. Henceforth, policymakers must be equally focused on the bits of the internet we don’t normally see.
-
Saba Capital and Boaz Weinstein respond to investment trustsAs investment trust managers and industry experts accuse Saba of self-motivated opportunism, the hedge fund responds to specific "misleading claims" and sets out its stall
-
How to find top-quality companies with growing dividendsIan Mortimer, portfolio manager of Guinness Global Equity Income Fund, shares where he would put his money for sustainable and growing dividends
-
What investors can expect from stocks and the economy in 2025There are reasons for investors to be hopeful about 2025, with slowing interest rates and moderating oil prices. But trouble may be brewing in bond markets
-
MoneyWeek's five predictions for investors in 2025MoneyWeek's City columnist gazes into his crystal ball and sees five unexpected events in store for investors in 2025
-
Elon Musk to Taylor Swift - the four key figures who moved markets in 2024We look at the four most influential people in 2024 who moved markets – from Elon Musk reshaping US politics to Rachel Reeves struggling as Britain's chancellor
-
Will AI be the future of advertising?It remains to be seen, but the idea that AI providers can make money from advertising does not bode well
-
Why undersea cables are under threat – and how to protect themUndersea cables power the internet and are vital to modern economies. They are now vulnerable
-
Rouble hits two-year low against the dollar – what does it mean for Russia's economy?New US sanctions have plunged the rouble to its lowest level since 2022. Why are investors spooked and how will this affect Putin's economy?
-
Has Javier Milei succeeded in transforming Argentina's economy?Javier Milei won an election last year on an “anarcho-capitalist” platform, promising to take a chainsaw to the overbearing and bloated state. How’s it going?
-
Brazil booms – but why do investors remain wary?Brazil is booming, but you wouldn’t think so from looking at the stock market. What's behind the market paranoia?
