Amazon Web Services, America’s most secret utility
Amazon’s ubiquitous cloud-computing network, the spine for a lot of digital communications and transactions across the U.S., went dark for several hours on Tuesday.
Here are some things that might have freaked you out:
You were jogging and couldn’t order your Roomba to vacuum the third floor of your house.
You were at the airport and your Ring camera couldn’t show you who was at your front door.
You were grocery shopping and couldn’t tell your smart fridge to scan its egg supply.
You were in bed and Alexa couldn’t read headlines and weather to you.
You had trouble buying stuff at a theme park.
You couldn’t play “League of Legends.”
Who cares? This isn’t really essential, right?
The cloud has provided bounteous advantages but also excess — a cornucopia of nice-to-haves, much of it silly. Being locked out of your home because your Ring is haywire is more serious than not being able to film visitors on the stoop, of course. Seniors unable to turn on house lights at night or receive prescription drug deliveries because of cloud troubles is more problematic than being unable to stream “Free Guy.”
Even those comparisons don’t truly surface the most substantive threats to consider when digital meltdowns or significant hacks occur on vital private networks such as Amazon Web Services. AWS is the biggest cloud provider in the U.S., but outages happen with some regularity at other leading cloud services, too. Alphabet’s Google Cloud Platform has had its share of woes, as has Microsoft’s Azure service.
These cloud networks not only power the consumer indulgences that people whine about when there’s an outage, they also fuel core government and corporate work such as national security and blockbuster financial transactions. Alphabet, Amazon, Microsoft and Oracle Corp. are all jockeying to secure an important cloud contract with the Defense Department, for example.
Based on the limited information Amazon disclosed on its “service health dashboard” about its Tuesday outage, hackers or a denial-of-service attack were not responsible. Amazon cited a “network device issue” and said the outage was largely confined to the East Coast. That’s about as much as we know because that’s all that Amazon decided to share. That lack of transparency and disclosure is a big problem, one that Amazon has shown little interest in resolving.
Widespread use of cloud computing is here to stay, and its benefits far outweigh its disadvantages. But Amazon’s secrecy — and its unwillingness to provide greater insight into its operations — is emblematic of how much unnecessary autonomy it enjoys. Amazon doesn’t have to operate this way.
Consider Microsoft. It has been willing to share information publicly about intrusions or breakdowns so it can help form public-private alliances to insulate computer networks. Amazon, on the other hand, declined to testify at congressional hearings earlier this year about a large breach involving SolarWinds Corp., even though hackers used Amazon’s cloud servers to stage digital assaults.
Amazon runs a sophisticated shop, and its cloud architecture sits atop an armada of separate servers with lots of redundancies, abilities to scale and clever ways of balancing vast loads of information so breakdowns can be avoided.
But it’s not foolproof nor bulletproof. Nothing is. Given that governments and corporations have outsourced so much of their network management, and given how the internet has become as essential as other necessities such as water and electricity, it would be useful to think of cloud services as a public utility of sorts — with all of the requisite disclosure and supervision that comes with that.
After all, it’s hazardous out there. Microsoft said on Monday that a federal court gave it the go-ahead to seize 42 websites from Chinese hackers who had been on intelligence-gathering sprees targeting government agencies, think tanks, universities and human rights organizations. Last week, a rural electric utility in Colorado serving 34,000 customers disclosed that a recent hack of its network “led to 90% of internal controls and systems becoming corrupted, broken or disabled.” It also said that “a majority of historical data dating back more than 20 years was lost.”
Think about all of that the next time your Roomba doesn’t respond.