WASHINGTON (TNND) — An outage at internet security and performance company Cloudflare had a disruptive domino effect worldwide on Tuesday in the latest demonstration of how reliant the internet is on just a handful of networks.
An outage at internet security and performance company Cloudflare had a disruptive domino effect worldwide Tuesday in the latest instance demonstrating how reliant the internet is on just a handful of networks. (TNND)
In a social media post, Cloudflare chief technology officer Dane Knecht said the outage was triggered by “a latent bug in a service underpinning our bot mitigation capability” that crashed after a “routine configuration.”
“That cascaded into a broad degradation to our network and other services. This was not an attack,” Knecht said.
Just last month, Amazon’s cloud computing arm AWS experienced a software issue, triggering an outage that impacted platforms and websites like Coinbase, Signal, Lyft and the Associated Press. One of the largest information technology outages occurred last year when a faulty CrowdStrike update caused Microsoft Windows systems to crash.
Taylar Rajic, an associate fellow at the Center for Strategic and International Studies’ Strategic Technologies Program, said these systems are simply overwhelmed and failing to keep up with the burst of demand in recent years.
“Most of the internet relies on a handful of these sorts of super-infrastructure companies and basically, they provide the basis and basic functioning of these sites. These outages just show how reliant most critical infrastructure is, and that is from daily commerce, daily internet usage, all the way up to critical infrastructure and national security,” Rajic said.
Though these outages were not the work of hackers, they do present opportunities for malicious actors.
“When these things happen, it definitely opens up the attack surface,” Rajic said.
Rajic, and some in Congress, argue that cybersecurity should be viewed as a form of infrastructure
“Regulation needs to make sure that it can keep up and make sure that these companies are complying with government regulation on these issues. We also need to make sure that we have a sufficient workforce that can keep up with this. Cybersecurity often lacks the workforce required to keep up with it, so focusing on training and maintaining a U.S. cyber workforce is really critical to this, as well,” Rajic said.
Sens. Mark Warner, D-Va., and Ron Wyden, D-Ore., have called on the Federal Communications Commission to maintain minimum security standards for America’s communications sector.
This week, the FCC is expected to instead vote to roll back Biden-era rules for network security that the Trump administration views as ineffective and an overreach of government.
The senators have also repeatedly sought from the Cybersecurity and Infrastructure Security Agency a 2022 report about vulnerabilities in U.S. telecommunications. They pointed to the Chinese state-sponsored Salt Typhoon hack to illustrate their urgency.
In a recent letter to Homeland Security Secretary Kristi Noem and Director of National Intelligence Tulsi Gabbard, Warner and Wyden said, “The Salt Typhoon compromise represents one of the most serious espionage campaigns against the communications of U.S. government leaders in history, and highlighted important gaps in our nation’s communications security — in some cases, with providers ignoring basic security precautions such as credential re-use across network appliances and failure to adopt multi-factor authentication for highly privileged network administrator accounts.”
