What’s happened?
Last Tuesday morning, for about an hour, some of the internet’s most visited websites were unavailable, including Amazon, Reddit, PayPal and Spotify. Also down were the BBC, The Guardian, the Financial Times, The New York Times and CNN. Perhaps most worrying, the UK government’s gov.uk domain was among those knocked out. The cause wasn’t any kind of malicious attack or conspiracy. Rather, it was the result of a single customer of Fastly – a San Francisco-based content-delivery network – updating their configuration settings, and unwittingly triggering a hitherto unknown bug in Fastly’s new software.
How could that take down Amazon?
Due to the way the internet has grown and changed as the amount of web data has ballooned. Specifically, it’s due to the rise of content-delivery networks (CDNs) – that is, cloud services that provide a worldwide fleet of servers to customers who cannot easily handle bandwidth spikes on their own. The purpose of CDNs (ironically enough) is to make the internet faster and more stable by letting users connect to servers physically close to them. Their main job is to provide “digital liquidity” – giving businesses greater geographical spread and proximity to customers, flexibly absorbing shocks and pooling the costs of maintaining spare capacity. Fastly is the fifth-largest provider globally. But there’s a paradox here.
What’s that?
The whole idea of the internet is built on decentralisation, and the resilience that comes from widely distributed risk. Yet the CDN model tends towards “market concentration because it depends on overwhelming bandwidth, economies of scale, expensive physical data centres and serious programming talent”, says Corinne Cath-Speth of the Oxford Internet Institute in The Daily Telegraph. The three biggest CDNs are Cloudflare, Amazon Web Services (AWS) and Akamai. Together they have around 89% of the market and all have suffered similar episodes since 2010. In this case, Fastly at least lived up to its name, getting 95% of the network back up and running as normal within the hour.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
How much financial damage did it do?
Estimates vary wildly from millions of pounds to many billions. ParcelHero, the e-commerce delivery company, estimated that retailers across the UK, Europe and US will have lost around £1bn because of the outage. Counterintuitively, Fastly itself was not among those to take a hit. Although its share price dropped 5% as news broke of the issue, the share price ended the day up 11%. Investors were either impressed by the swift resolution, or maybe those who hadn’t heard of the firm before liked what they saw. But either way, the whole episode has heightened worries about the inherent vulnerabilities of the internet.
Is this just a commercial issue?
No, it’s a security and geostrategic issue too. If the Fastly farce “makes the modern internet sound alarmingly like a house of cards built on shaky foundations, that’s because it is”, says James Ball on CapX. The services, like Fastly, that keep the network operating behind the scenes “have long chains of dependencies – one service might draw on code from another site, that in turn relies on open-source code libraries that may or may not have been kept updated for decades”. This architecture makes big firms vulnerable to internet breakdowns. But it also means that malign actors – state or otherwise – have no shortage of targets. “A country wanting to launch a military operation against a neighbour could, for example, launch massive cyberattacks to take out much of the internet... Others might take down the internet for fun, or for profit.”
How big a threat are such attacks?
Big and getting bigger. Ransomware attacks have surged by 60% over the past year, with recent high-profile targets including Ireland’s health service and Colonial Pipeline in the US, which exposed the risks to critical energy infrastructure in the world’s biggest economy. Moreover, the average ransom payment has roughly doubled over the past year, according to Coveware, a tracking firm. Here in the UK, the nation’s cyberdefence chief has warned that criminal hackers carrying out ransomware attacks now pose a bigger risk to UK national security than online espionage by hostile states. In a speech this week, Lindy Cameron – chief executive of the National Cyber Security Centre, a branch of GCHQ – discussed the very real threats to business and security from state actors including China, North Korea, Iran and Russia. But for most people and businesses – including suppliers of critical national infrastructure and government services – “the primary threat is not state actors but cybercriminals”, says Cameron.
What can be done?
Ransomware is obviously separate from the issue of structural vulnerabilities exposed by the Fastly affair, but both are about threats to internet infrastructure robustness. On the ransomware issue, says the ex-MI6 boss Alex Younger in the Financial Times, it’s clear that many of the key groups are based in Russia, and are tolerated as long as they don’t threaten Russian interests. Thus, part of the solution involves getting President Putin to own the problem, using the “full range of geopolitical carrots and sticks”. Second, governments should discourage the payment of ransoms, make it compulsory for such payments to be disclosed, and must upgrade their anti-money-laundering capabilities for the age of cryptocurrencies. On the wider infrastructure issue, says John Villasenor of the Brookings Institution, government should promote diversification in the number and types of firms providing infrastructure services. There’s been an intense government focus in recent years on visible parts of the internet ecosystem. Henceforth, policymakers must be equally focused on the bits of the internet we don’t normally see.
-
Shein’s London IPO could go ahead, despite forced labour concernsThe chief executive of the Financial Conduct Authority suggests that alleged human rights breaches aren’t a reason to block Shein’s proposed London IPO
-
Elon Musk's $56bn Tesla pay deal rebuffed again by US judgeIt is the second time Musk's pay deal has been rejected, with judge Kathaleen McCormick upholding her previous January decision
-
Rouble hits two-year low against the dollar – what does it mean for Russia's economy?New US sanctions have plunged the rouble to its lowest level since 2022. Why are investors spooked and how will this affect Putin's economy?
-
Has Javier Milei succeeded in transforming Argentina's economy?Javier Milei won an election last year on an “anarcho-capitalist” platform, promising to take a chainsaw to the overbearing and bloated state. How’s it going?
-
Brazil booms – but why do investors remain wary?Brazil is booming, but you wouldn’t think so from looking at the stock market. What's behind the market paranoia?
-
German chancellor Olaf Scholz's coalition collapses – what went wrong?EU Economy After Olaf Scholz fired a key minister, Germany's coalition has collapsed. But political turmoil in the country couldn’t have come at a worse time
-
Are Chinese consumer brands challenging global chains?A new wave of Chinese consumer brands is starting to push out into global markets. Complacent Western giants are not nearly ready for the threat that they pose
-
Do we need central banks, or is it time to privatise money?Analysis Free banking is one alternative to central banks, but would switching to a radical new system be worth the risk?
-
Will turmoil in the Middle East trigger inflation?The risk of an escalating Middle East crisis continues to rise. Markets appear to be dismissing the prospect. Here's how investors can protect themselves.
-
The Gulf states: a new competitor for the City's financial crown?Bahrain and other Gulf states could eventually threaten London's financial dominance.
