An Obscure Service Provider Briefly Broke The Internet Tuesday
An obscure service provider briefly broke the internet Tuesday
On Tuesday, a large portion of the internet briefly went down due to an outage at a company that the majority of people have probably never heard of.
Reddit, CNN, Target (TGT), Amazon (AMZN), and a UK government website were all taken offline following a technical issue at cloud service provider Fastly (FSLY).
While the outage was brief, it served as a stark reminder of the internet's inherent fragility. Additionally, at a time when concerns about cyber threats to critical physical US infrastructure are growing, the Fastly outage may raise concerns about cyber threats to our digital infrastructure as well.
Almost all websites rely on a service provider like Fastly to act as a layer between internet users and the servers that host their content. The issue is that there are only a few CDN operators. If one of them goes down — whether due to a benign software bug, as happened with Fastly, or a cyberattack, for example — vast swaths of the internet may go down with it.
"Absolutely the most centralized point on the internet is these CDNs," according to Nick Merrill, a research fellow at UC Berkeley's Center for Long-Term Cybersecurity.
Utility companies, social media platforms, news organizations, financial services, and government agencies all rely on CDNs such as Fastly to run their websites. Although Fastly was able to quickly restore service, one can imagine potentially problematic future scenarios if resolution is delayed.
"The issue with the internet is that it is always present until it is not," said David Vaskevitch, a former Microsoft CTO who now runs photo storage service Mylio. "It is not always reliable for a system with so many interconnected components. Any one of its frail components can bring it down."
Even prior to this week's outage, internet infrastructure experts have been warning about the dangers of concentration in the CDN space, where a small number of large providers could make for easy targets.
What is a Content Delivery Network (CDN)?
To load and run as quickly as we expect, websites must have computing power physically close — at least relatively — to the users.
That is why businesses such as Fastly exist. Fastly's "content delivery network" is essentially a collection of "cloud" servers located in various geographic locations that allow websites to store content close to their users. This enables apps and websites to load in a matter of seconds and enables high-quality streaming. Additionally, it conserves enormous amounts of energy.
CDNs play a critical security role by preventing what are known as "distributed denial-of-service" attacks, in which malicious actors flood a website with requests in an attempt to overwhelm its systems and shut it down.
"They're critical infrastructure," Merrill explained.
The caveat is that because so many websites — large and small — rely on CDNs as a layer between users and the servers that host their content, when a CDN goes down, a large portion of the internet may also go down. In Tuesday's incident, a software bug discovered during a routine update temporarily knocked out approximately 85 percent of Fastly's network, the company said.
And it is not limited to CDNs. Amazon Web Services, a cloud computing service that powers a large number of popular websites, has also experienced outages that result in the internet being down for extended periods of time.
The Risk
Any technology will experience occasional failures and outages.
"Because the internet is not error-free, success is measured by how quickly a large internet company like Fastly can recover from a rare outage like this," said Doug Madory, director of internet analysis at network analytics firm Kentik.
Rapidly identified Tuesday's issue "within one minute," and within less than an hour, 95 percent of its network was back online, senior vice president of engineering and infrastructure Nick Rockwell wrote in a blog post.
The more serious issue with the internet's massive reliance on a few CDNs is the possibility that they will become targets of an attack, Merrill explained. He also fears a potential government order dictating what such companies can and cannot support, effectively censoring the internet.
Fastly is one of the smaller players in the content delivery network (CDN) market. Cloudflare is the largest, supporting approximately 25 million internet properties, including county websites, national health ministries, and corporate behemoths like IBM and Shopify. Cloudflare briefly made headlines in 2019 after blocking support for 8Chan, making it difficult for the contentious online message board to remain online.
To be certain, CDNs employ backup mechanisms, and websites can contract with multiple CDN operators in the event of a failure. Typically, an outage will be similar to Tuesday's — a brief inconvenience. And websites that do not use a CDN can still be accessed online; they will simply load more slowly and are more vulnerable to cyberattacks.
However, experts warn that there is still a risk that a larger player such as Cloudflare will be targeted, or that multiple CDNs will be attacked simultaneously.
"In the worst-case scenario, there will be an attack on Cloudflare," Merrill said. "The Russian or Chinese governments are going to shut down Cloudflare, effectively shutting down the internet."
The solution, he suggested, could be antitrust regulation of the industry — similar to the regulatory pressures currently facing more consumer-facing technology companies — or encouraging the growth of more CDN alternatives.
"People are legitimately concerned about antitrust issues in the technology sector," Merrill explained. "I believe that CDNs are less visible to the public, but they are probably the most critical component of the privatized and centralized core internet infrastructure."
Courses and Certification
Web Design Course and Certificate
Web Hosting Course and Certificate
Web Services Course and Certificate
Internet of Things (IoT) Course and Certificate
Internet Technologies Course and Certificate
Internet/Cyber Security Course and Certificate
