For 40 minutes yesterday, we were reminded of just how much power and control we have allowed to become concentrated in a handful of internet networking companies.
Large swathes of the internet – including half the world’s most used news media – were made inaccessible on Tuesday when a single network company that you’ve never heard of suffered a glitch.
That included the BBC, The New York Times, The Guardian, CNN and The Irish Times. It also included major online forums such as Reddit and Twitch, as well as giant ecommerce sites such as Amazon, PayPal and Shopify.
In all, 1.3m websites became inaccessible to the world’s internet users. Rumours immediately circulated of a cyber attack, but the truth was much more mundane: a garden-variety technical outage in Fastly, the ‘content delivery network’ (CDN) firm that so many websites use to speed up access for web visitors.
While there was relief that no foul play was involved, the relatively pedestrian cause reminds us of how vulnerable we are.
We’ve seen it before. Last year something very similar happened with Cloudflare, another network infrastructure firm that controls access to many big online services.
The year before that, it was Amazon Web Services.
While many of us think about big tech firms in terms of big brands like Google, Apple or Facebook, there are a few dozen companies that literally keep the internet going – companies such as Akamai, Fastly and Cloudflare – firms that the average punter would struggle to name.
These multi-billion-dollar outfits control vast areas of the internet’s plumbing. When one of them gets blocked up, as happened yesterday, we all immediately know about it.
Fastly’s official explanation was that it had suffered a disruption from a “service configuration” – classic tech jargon phraseology that avoids any specific description of what actually went wrong.
“Incidents like this underline the fragility of the internet and its dependence on a patchwork of fragmented technology,” said Ben Wood, chief analyst at CCS Insight. “Ironically, this also underlines its inherent strength and how quickly it can recover.”
‘CDNs’ like Fastly sit at the ‘edge’ of networks, making it more convenient for big websites with lots of content, as that data can be fetched by websites without having to travel as far between servers. This makes the content quicker to load – seen as a competitive advantage. Unfortunately, it also raises the stakes when something goes wrong.
In Ireland, this comes at a nervous time in our sense of online integrity and security.
We now know from HSE boss Paul Reid that it could be months and tens of millions of euro before the damage caused by a single ransomware attack is fully expunged. Even then, the larger toll of missed appointments and treatments may never be atoned for.
The question now is when we’ll see the networking infrastructure version of a fatberg – the coagulation of detritus that joins together to block off total or partial access to parts of the web.
In some respects, we’re already seeing versions of this happen. But it’s not technical – it’s regulatory and political.
Ireland’s Data Protection Commissioner is close to putting a stay on large flows of data between the EU and the US. Helen Dixon is preparing this after years of arguing between US and European politicians over what is allowed to be transferred over the internet. They still can’t agree on the basics, with the Americans holding that they’re allowed to check our emails and web browsing for security reasons and the EU saying this is a red line.
This, at least, is something that is discussed and parsed often in national and international media.
Unfortunately, neither the networking nor security integrity of Ireland’s national interests are of much interest to authorities.
Political (and popular) interest in resetting Ireland’s digital national security levels has all but evaporated, even as the HSE counts the grim cost.
Similarly, there will be little discussion on how the internet’s infrastructure is focused on so few funnels, meaning that Ireland’s information flow can be banjaxed in minutes.
It is little wonder that the Americans and the Chinese are so paranoid about controlling the internet — it is demonstrably full of exploitable holes.