Fastly disruption shows 'vulnerability' of service providers to cyber attacks, experts say

Content delivery fault unnerved markets, with some investors retreating to ‘safe haven’ assets

LONDON, ENGLAND - JUNE 08: In this Photo illustration, a screen displays a holding page of the Gov.UK Government website portal on June 08, 2021 in London, England. A wide range of major websites including eBay, Paypal, The Financial Times, Reddit, Twitch and The Guardian were taken offline due to what is believed to be an issue with the Fastly cloud hosting service. Some of the affected websites displayed the message "Error 503 Service Unavailable." (Photo by Leon Neal/Getty Images)

The Fastly internet disruption has exposed the vulnerability of online services relied upon by millions around the world, cyber security experts said.

The websites of the UK government, the White House and some of the world’s largest news organisations were offline for about an hour on Tuesday.

Fastly, a US-based company that runs a content delivery network underpinning many major websites, said internal issues were to blame for the problem.

However, Madeline Carr, professor of global politics and cyber security at University College London, said the disruption showed how reliant major websites are on a handful of overseas cloud-based providers.

While there is no current evidence to suggest the Fastly disruption was a cyber attack, Prof Carr said the "underlying infrastructure" of the internet was highly vulnerable to those seeking to cause harm.

"As we become increasingly reliant on digital platforms to run the economy, e-commerce systems, payment gateways, government services, all kinds of services, we are really becoming more vulnerable," she told The National. 

"It shows that the underlying infrastructure is increasingly facing these problems. That has the ripple effect where these other websites are coming down."

She said hackers are increasingly turning their sights to private internet companies as a means to cause havoc.

Asked how governments could prevent future disruption, she said it was a complicated question, but authorities should view the internet in the same way as other critical infrastructure, such as transport and electricity.

“We need to have a conversation about how robust these platforms are and what kind of processes and protections they have in place and whether there is anything that can be improved upon,” she said.

“This is something that should be taken up by the G7. This is a global problem and we need co-operation to fix it.”

Fastly's share price plunged 2 per cent in premarket trading after websites across the internet became temporarily unavailable when the content delivery network's services went down.

The company, which is listed on the New York Stock Exchange and pushes data quickly across the web, said its services were back on after an hour-long fault in its network caused the websites of the UK government and some of the largest news organisations in the world, including CNN, Bloomberg News and The New York Times, to go down.

Financial analysts said the disruption unnerved markets, with some investors retreating to assets viewed as safe havens, such as US Treasuries.

"There was a brief impact as markets worried about whether it was a deliberate attack and how far it would spread," Chris Beauchamp, chief market analyst at global online trader IG, told The National.

“We saw European markets drop back from the day’s highs and US futures take a tumble – a small one – too. The lack of any other news today probably amplified the reaction. As soon as Fastly put up its hand to say it was dealing with a problem, we saw indices recover as everyone breathed a sigh of relief.”

US Treasuries led global bonds higher after the disruption, which affected several global websites, spurred demand for haven assets.

Ten-year Treasury yields fell by as much as three basis points to 1.54 per cent, the lowest level in over a month, before paring the drop.

Other bond markets followed the move, with German and British bonds also rallying.

"Fastly's shares could be hurt a little as the outages may encourage some businesses to look elsewhere," Fawad Razaqzada, market analyst at Think Markets, told The National.

The fault illustrated the reliance that the most popular pages on the internet have on a handful of big technology companies to help them distribute content and host users.

Fastly’s technology is one of only a few that act as a high-level website and application hosting service that large enterprises use to serve content to millions of users simultaneously.

"Optimising the load time and protecting their websites from attacks are major issues for businesses that have online presence – that is, almost every business. Still, technical issues can happen and some businesses will forgive them, as long as it is just a one-off," said Mr Razaqzada.

Mr Beauchamp said Fastly’s share price will come under pressure after dropping 2 per cent in pre-market trading.

“But then it was up 7 per cent yesterday, so separating normal profit-taking from fears about more outages will be tough,” he said.

Mr Razaqzada expects the potential drop in Fastly’s shares to be limited to 1 or 2 per cent when markets open.

Down Detector, a website that tracks service disruptions across the internet, reported a sharp increase in user-reported issues with websites from Amazon and Spotify to Twitch, Shopify and Etsy on Tuesday.

Stuart Cole, chief macroeconomist at broker Equiti Capital, said because the fault was fixed an hour after the issue started, the economic fallout will not be "too large".

However, he said the episode highlights the problem of several clients using the same entity for their web services, leaving them more vulnerable to hackers.

"Companies such as Fastly are a cloud-based entity, sitting between clients such as Amazon and their users – the customers. They are designed to allow clients such as Amazon to provide a faster, more reliable service and to offer additional protection against hackers," Mr Cole told The National.

"If you were a hacker, you would try to bring down Fastly knowing it would cause issues for all the clients that use it. So, while they serve a role in improving security, they also add an extra layer of potential vulnerability.”