Fastly’s Global Internet Meltdown Could Be a Sign of Things to Come

Two high-profile hacks that targeted organizations with access to thousands of other organizations have recently shown just how fragile centralized internet systems can be. The SolarWinds and Microsoft Exchange Server hacks, which took place in early 2020 and early 2021 respectively, breached tens of thousands of companies. Both have been attributed to state-backed hackers, rather than ransomware gangs.

But cybercriminals have deliberately targeted multiple service providers and critical supply chains too in order to upscale the impact, and therefore the potential payout, of their hacks. BlackbaudAccellion and other key online service providers have been victim to such attacks.

Centralization of the Internet
All these particularly disruptive hacks are partially the result of the drive towards centralization of online services, which may be efficient for businesses, but is counter to the founding principles of the internet.

The initial appeal of the internet was that it was a distributed network designed to resist attacks and censorship. When released for public use in the early 1990s, the internet became popular for commerce as well as being regarded as a beacon of free speech. But market logic, rather than free speech, has driven developments since the early days.

Today, cloud computing firms and multiple service providers manage large chunks of internet traffic, causing single points of failure where internet flows can be accidentally or deliberately disrupted. Even something as simple as a typo can cause significant disruption, as was the case in 2017 when several of Amazon’s servers – which power large swathes of the internet – went temporarily offline due to an inputting error.

We should take our hats off to Fastly for quickly rectifying the June 8 outage. But this case has revealed the dangers of consolidating key internet infrastructure, resulting in the emergence of costly single points of failure. It’s another stern wake-up call for law enforcement and the cybersecurity community, giving renewed emphasis to the mission of the US and European ransomware taskforces.

Avoiding Internet Meltdowns
But are taskforces enough to address this problem? What this event has really shown is how firms like Fastly are in effect privately-owned public spaces, which not only blur the lines between business and national infrastructure, but have, in effect, become “too big to fail”.

All this suggests that the solution to this dilemma must be found beyond multi-sector taskforces, requiring full-blown political debate over what we want the internet to look like in the latter three-quarters of the 21st century. If we fail to make that decision, then others will for us.

David S. Wall is Professor of Criminology, University of Leeds. This article is published courtesy of The Conversation.