Fastly Inc.’s content delivery network failure in June knocked out some of the world’s most popular e-commerce and media websites. T-Mobile US Inc. and Amazon.com Inc.’s Twitch streaming service later suffered massive data breaches. Also, for about six hours, Facebook Inc.’s main social network, Instagram, and WhatsApp were unavailable. Then it happened again last Friday, albeit for a shorter period of time. There was a common corporate response to all of the incidents. It goes something like this: We apologize for the inconvenience; it was an unintentional configuration error; we’ll do better next time! Following Facebook’s outage, the engineering director of security software firm Cloudflare Inc. described it as a reminder of the internet’s fragile nature, in which millions of interconnected systems rely on one another to function.
What options do we have? First and foremost, we must hold businesses accountable when they fail to implement adequate safeguards and security policies. The sheer number of issues demonstrates that the industry as a whole does not take the issue seriously. Companies do not place a high priority on the issue or invest enough to address it. As a result, it’s critical to make negligence far more costly by increasing the size of financial penalties and the liability of management teams.
Increased government oversight is another possible solution. With Facebook and Fastly claiming that their outages were caused by simple employee errors, I dread the potential damage that a rogue employee or a state-sponsored actor could cause. A new group of regulators should be given authority to inspect key technology companies’ redundancy and security plans, similar to how the Federal Reserve’s bank examiners work on-site at financial institutions to prevent systemic risk. At the very least, we must do everything possible to reduce future human network configuration errors.
The Biden administration recognizes the national security and economic security implications of the country’s internet vulnerabilities. However, aside from developing voluntary standards, the White House has done little to regulate the private sector. Governments must be more assertive.