Cloudflare Hacks Self, Crashes Internet – Google, Amazon Web Services, Many Major Sites Briefly Offline

In America, our vital internet backbone infrastructure, despite its critical importance to national security and the public interest, is run by random people who made a private corporation.

Our system chose them to do this because they offered that service most cheaply, and then monopolized the market.

As it turns out, optimization and security are contrary objectives for any system. Optimization looks to minimize redundancy, while security looks to maximize it.

In other words, cheap stuff breaks.

Perhaps we should not have based our entire society on the principle of auctioning responsibility for critical tasks to whoever will do them for the least amount of money?

Bloomberg:

Cloudflare Inc. suffered an outage on Friday, disrupting some parts of the internet. The company said it identified the problem and fixed it.

Cloudflare provides important services for the internet to function, such as load balancing, security, domain registration and video streaming. When the company experiences technical snafus, that can reverberate across the web

“This afternoon we saw an outage across some parts of our network. It was not as a result of an attack,” the company said in a blog post. “This incident has been resolved.”

In other words, “Don’t worry guys, somebody else didn’t hack us – we hacked ourselves.”

Why would anyone admit that?

They could have just as easily said that they were still working to determine the cause of the failure, and waited a day until the story had already run in the press.

The problems affected 12 data centers in the U.S. and Europe, according to Cloudflare. Several online businesses, including digital storefront operator Shopify Inc., reported disruptions.

This all demonstrates how vulnerable these systems are. They fail spontaneously, without even being attacked.

It does make you wonder how well these systems would hold up in a cyber war.

The Rand Corporation, a major national security think tank, has been telling the government to “prepare for a cyber 9/11” since 2016, though they did not seem to have any concrete ideas on how to prepare for this.

Well, Rand – most obviously, the government should prepare for this by regularly testing these backbone services for vulnerabilities, and then telling them to fix them.

If a private company builds a bridge, the government has building codes and does code inspections, because if it collapses it is everyone’s problem.

They should to the same thing for internet backbone servers.

They should also do security monitoring of the administrators of these backbone servers themselves, so that they would know if someone tried to attack the internet by getting their passwords out of them directly.

Rand Corporation’s imagination of a “cyber 9/11,” compared with what would actually happen.

As I have written previously, there are some incentives for the government to let these systems fail or cause them to fail, so that they can offer solutions with less privacy and less dissent.