AMERICA’S MOST SECRETIVE UTILITY IS AMAZON WEB SERVICES
Amazon.com Inc.’s ubiquitous cloud-computing network, the spine for a lot of digital communications and transactions across the U.S., went dark for several hours last Tuesday.
Here are some things that might have freaked you out:
› You were at the airport and your Ring camera couldn’t show you who was at your front door.
› You were grocery shopping and couldn’t tell your smart fridge to scan its egg supply.
› You were in bed and Alexa couldn’t read headlines and weather to you.
Who cares? This isn’t really essential, right?
The cloud has provided bounteous advantages but also excess. Being locked out of your home because your Ring is haywire is more serious than not being able to film visitors on the stoop, of course. Seniors unable to turn on house lights at night or receive prescription drug deliveries because of cloud troubles is more problematic than being unable to stream “Free Guy.”
Even those comparisons don’t truly surface the most substantive threats to consider when digital meltdowns or significant hacks occur on vital private networks such as Amazon Web Services. AWS is the biggest cloud provider in the U.S., but outages happen with some regularity at other leading cloud services, too. Alphabet Inc.’s Google Cloud Platform has had its share of woes, as has Microsoft
Corp.’s Azure service.
These cloud networks not only power the consumer indulgences that people whine about when there’s an outage, they also fuel core government and corporate work such as national security and blockbuster financial transactions.
Based on the limited information Amazon disclosed on its “service health dashboard” about its Tuesday outage, hackers or a denial-of-service attack were not responsible. Amazon cited a “network device issue” and said the outage was largely confined to the East Coast. That’s about as much as we know because that’s all that Amazon decided to share. That lack of transparency and disclosure is a big problem, one that Amazon has shown little interest in resolving.
Amazon’s secrecy — and its unwillingness to provide greater insight into its operations — is emblematic of how much unnecessary autonomy it enjoys.
Amazon runs a sophisticated shop, and its cloud architecture sits atop an armada of separate servers with lots of redundancies, abilities to scale and clever ways of balancing vast loads of information so breakdowns can be avoided. But it’s not foolproof nor bulletproof. Nothing is.
Recent digging from Wired and the Center for Investigative Reporting examined how cavalier Amazon appears to be with the “vast empire of customer data” it manages on the retail side of its business. The reporting indicated that Amazon’s oversight “had become so sprawling, fragmented and promiscuously shared within the company that the security division couldn’t even map all of it, much less adequately defend its borders.” Amazon disputed that account.
Given that governments and corporations have outsourced so much of their network management, and given how the internet has become as essential as other necessities such as water and electricity, it would be useful to think of cloud services as a public utility of sorts — with all of the requisite disclosure and supervision that comes with that. After all, it’s hazardous out there. Microsoft said on Monday that a federal court gave it the go-ahead to seize 42 websites from Chinese hackers who had been on intelligence-gathering sprees targeting government agencies, think tanks, universities and human rights organizations. Last week, a rural electric utility in Colorado serving 34,000 customers disclosed that a recent hack of its network “led to 90% of internal controls and systems becoming corrupted, broken or disabled.” It also said that “a majority of historical data dating back more than 20 years was lost.”
Think about all of that the next time your Roomba doesn’t respond.