Nearly all websites rely on a service provider like Fastly or Akamai — which run what’s called a “content delivery network” or CDN (we’ll get into what that means later on) — as a layer between internet users and the servers where their content is hosted. The problem: There are only a small handful of CDN operators. If one of them goes down — whether because of a benign software bug, as in Fastly and Akamai’s case, or a cyberattack — huge swaths of the internet could go with it.
“Absolutely the biggest centralized point on the internet is these CDNs,” making them a potential target for cybercriminals or government actors, Nick Merrill, research fellow at UC Berkeley’s Center for Long-Term Cybersecurity, said following the Fastly outage.
Utilities, social media platforms, news organizations, financial services, government agencies and more rely on CDNs to operate their websites. Although Fastly was able to restore its service quickly, one can imagine problematic future scenarios if the resolution is slower.
“The problem with the internet is it’s always there until it isn’t,” former Microsoft Chief Technology Officer David Vaskevitch, who now runs photo storage service Mylio, told CNN Business earlier this month. “For a system with so many interconnected parts, it’s not always reliable. Any one fragile part can bring it down.”
Even before the recent outages, internet infrastructure experts have been ringing the alarm about concentration in the CDN space, where the small number of major providers could make for big targets for an attack.
What is a CDN?
For websites to load and run as quickly as we expect them to, they need to have computing power located physically close — at least relatively — to the people wanting to access them.
That’s why companies like Fastly and Akamai exist. Their “content delivery networks” are essentially a collection of “cloud” servers distributed across various geographic locations where websites can store content in close proximity to their users. This makes it possible for apps and websites to load within seconds and enables high quality streaming. It also saves huge amounts of energy.
“They’re indispensable infrastructure,” Merrill said.
The catch is that so many websites — big and small — use CDNs as a layer between users and the servers where their content lives that when a CDN goes down, much of the internet can go with it.
With any technology, occasional failures and outages are inevitable.
“There is no error-free internet, so the measure of success is how quickly a major internet firm like Fastly can recover from a rare outage like this,” said Doug Madory, director of internet analysis at network analytics firm Kentik.
Akamai is also among the larger CDN providers.
To be sure, CDNs have backup protections in place and websites can contract with more than one CDN operator in case of failures. Most of the time, an outage will be like Fastly’s — a temporary inconvenience. And websites could still appear online without a CDN, they’d just load slowly and be more at risk of cyberattacks.
But experts say there is still a risk that a bigger player like Cloudflare is targeted, or that multiple CDNs are hit at once.
“Worst case, it’s going to be an attack on Cloudflare,” Merrill said. “The Russian government or the Chinese government is going to take down Cloudflare and it’s going to break the internet.”
“People are really concerned rightly about antitrust issues in the tech space” Merrill said. “I don’t think that CDNs are as visible to people, but they’re probably the most important part of the core internet infrastructure that’s been privatized and centralized.”