What if the internet went down?
How likely is it? What would happen? How vulnerable are we?
One of the fun things about writing a Substack called the Good Apocalypse Guide is having the excuse to think about all sorts of things that could go badly wrong, and with that in mind, I’ve been wondering what would happen if the internet crashed.
I don’t mean situations where a government deliberately decides to shut down its citizens’ access to the internet (something that happens quite a lot these days: Iran, Bangladesh, Kazakhstan, and Ethiopia have all done it in the last few years in response to civil unrest).
Instead I’m thinking of an unexpected crash, affecting the UK, resulting either from mishap or from deliberate disruption, that leads to our being unable to access the internet not just for a few minutes or hours, but for days or weeks.
Wondering how realistic such a scenario is? What might cause it, and what the impacts would be? Me too. Buckle up, people.
Lost in space
Now when I first started wondering about this, my mind naturally went to that superb scene in Gravity where a satellite gets destroyed, turns into a lethal cloud of debris orbiting the earth at 17,500mph, and initiates a chain reaction that then wipes out all the other satellites. Result: “half of North America just lost their Facebook,” as George Clooney puts it.
This scenario, it turns out, is not very likely. While a chain reaction like this could happen, only a tiny proportion of intercontinental internet traffic — like 1% — actually goes through satellites. 99% goes through submarine cables.
But don’t give up on space just yet. There’s still the possibility of a 21st century version of the 1859 ‘Carrington Event’, when a vast solar flare (a ‘coronal mass ejection’ or CME in the jargon) hit the Earth, carrying with it a massive electromagnetic pulse that caused telegraph lines and stations to catch fire while making the Northern Lights visible as far south as Cuba.
This could happen again today, and it’s getting likelier. The last few decades have been a period of unusually weak solar activity (which also means that today’s internet has never been stress tested against really drastic solar weather). But astrophysicists say we’re now going into a cycle of much greater intensity, putting the likelihood of a solar storm strong enough to cause catastrophic disruption at between 2-12% in the next decade.
Admittedly, we’d get a bit of advance warning: between 1 and 3 days. That would buy us some time to shut down power grids and data centres. But this would only provide partial protection, as ‘geomagnetically induced current’ can still flow through powered off cables. A really big CME would still cause havoc. (This report is great if you want to get into the nitty gritty.)
Down to earth
But it’s here on Earth that things get really interesting.
A key source of resilience for the internet is that it’s so distributed. There’s no central hub. No one owns it. Instead, it’s a ‘network of networks’ where lots of independent operators agree shared standards. So when disruptions occur, tech firms can usually reroute traffic.
It’s like with roads. A big accident can shut down a road and force everyone to follow a diversion that adds to their journey time. But shutting down the entire road network? Very much harder to do.
That’s the theory. In practice, though, it emerges that the internet is a lot more centralised than you might think, because of where traffic has to flow through choke points.
Ever been stuck for hours on a motorway on a holiday weekend because high winds have closed the Dartford Crossing, the Severn Bridge or the Forth Road Bridge, creating ripple effects on roads for miles around? Then you know exactly what I’m talking about.
(Actually, it turns out that the worst road pinch point in Britain is London’s North Circular at Chiswick roundabout. Any Londoners reading will already be nodding vigorously in assent. But we digress.)
The internet has a lot more of these choke points than you might think.
Some are physical — like those undersea cables that carry 99% of intercontinental traffic.
Here in the UK, 75% of transatlantic internet traffic goes through just two submarine cables, both of which land in the small town of Bude in Cornwall. (GCHQ has an enormous listening station right next door, completely coincidentally.)
Physical data centres are highly concentrated too. The US, for instance, is home to around half of the world’s data centres, with 14% of global capacity in Northern Virginia’s “Data Center Alley” alone.
And then there’s the fact that three tech companies basically run the internet. Amazon Web Services (AWS) and Azure, Microsoft’s cloud platform, each account for 30-40% of the cloud market in the UK and Europe, with Google not far behind.
There’s also a small number of companies that are essential to keeping the internet up and running, like Cloudflare or Crowdstrike, both of which provide critical cybersecurity software that billions of users rely on without realising it.
All this concentration creates vulnerability. Last month, over 2.5 billion internet users were hit by an global outage of Cloudflare, which took down services including Twitter, Spotify, ChatGPT, Uber, Ikea and, er, Grindr.
In October, AWS crashed due to a faulty software update that affected its gigantic US-East-1 datacentre in Northern Virginia. Down went Signal, Snapchat, Roblox, Duolingo, lots of banks, and everyone’s Ring doorbells.
And in September, huge disruption to the internet in the Middle East resulted after multiple undersea cable cuts in the Red Sea near the Saudi city of Jeddah, probably caused by a commercial ship’s anchor.
How bad could it get?
These are small impacts in the greater scheme of things. In all three cases, the result was inconvenience rather than catastrophe. And the AWS and Cloudflare outages were fixed within hours, albeit that repairing the Middle Eastern cable damage took weeks.
But these are also all just accidental mishaps (as far as we know). What if malicious actors deliberately targeted key choke points?
Because it’s already happening. China and Russia are both having a lovely time attacking other countries’ subsea cables — in the Baltic in Russia’s case and off Taiwan in China’s.
For now, these are just small probing attacks to test defences and demonstrate capacity. But it’s not hard to imagine things ramping up quickly in a big security crisis — if, say, confrontation between Europe and Russia over Ukraine intensified markedly, or if China invaded Taiwan.
And while it’s clear that choke points create vulnerability, no one really knows how much. A great report by the UK Parliament’s Joint Committee on the National Security Strategy found “general uncertainty about how much damage the system can sustain before data stops rerouting properly”.
Overall, the inquiry concluded that the UK has enough resilience that an “immediate wholesale disconnection” from the internet is “implausible”. But, it added, “a tipping point scenario does appear possible, where data rerouting stops working properly because the capacity of onward routes is too limited.”
Not a sudden crash, in other words, but a cascade of escalating failures and consequences-of-consequences that steadily builds up to a “catastrophic system failure”.
One example of what this could look like: data rerouting failures lead the international Domain Name System (DNS), which Cloudflare describes as the “phonebook of the internet”, to crash. (Back in 2021, Facebook and all of its subsidiaries went down because of a glitch affecting DNS access.)
International connections would be the most vulnerable, in this kind of scenario: so here in the UK, our access to .com or .eu domains would be the first to go.
But while locally stored data might hold up for a while, it wouldn’t take long for .uk domains to run into trouble too, not least because even when data is stored locally, it still relies on international security authentication protocols, plugins, payment systems and so on.
And that’s when the real world impacts would start to kick in.
Real world impacts
To start with, we’d see international mobile communications go offline. Domestic communications would probably be more resilient to start with, but in more severe scenarios we’d see widespread internet and mobile phone signal blackouts. (Landlines are more resilient — but do you have one? I don’t.)
Wondering what the effects of that would look like? Back in 2012, communities in the North West Highlands, Skye, and the Western Isles in Scotland found out after bungling thieves trying to steal copper from a subsea cable cut a fibre optic line instead. The result: no phones, no broadband, no cash machines — and no 999 calls.
Electricity supply would probably be OK. True, power supplies are vulnerable to a deliberate cyberattack; Russia successfully hacked into Ukraine’s power grid in 2015, resulting in power outages for hundreds of thousands of people. But if anything the risk is of power grid failures taking down the internet rather than vice versa.
(It probably helps that networks like electricity, or for that matter gas or water, have ‘system operators’ whose whole job is to worry about network resilience. Not so the internet!)
Supply chains, on the other hand, are way more vulnerable, especially where they rely on just-in-time logistics systems that run off the internet. Two examples: deliveries of food to supermarkets, and supplies of fuel to petrol stations.
Earlier this year, a cyberattack took down United Natural Foods, a key supermarket distributor which supplies a quarter of a million different products from over 10,000 suppliers to over 30,000 shops in the eastern United States. Result: ordering and deliveries crashed, leading to shortages and empty shelves.
Now if a targeted attack on a single supplier can do that, then imagine what a wider internet outage could do, especially if it lasted for a protracted period of time.
Then there are the risks to financial systems. We’ve already seen that cash machines rely on the internet. So do electronic payment systems in shops (ie debit and credit cards), payment authentication systems (like 2 factor authentication for online purchases) and international financial networks (like SWIFT or CHAPS).
Cheeringly, UK Finance (the umbrella body for financial institutions in the UK) told Parliament that it had no real idea of where key choke points affecting finance might be but confirmed that “the markets would come to a standstill” with implications for overall financial stability. So that’s great.
How about emergency services? Their internal comms systems would still work, apparently, as would NHS patient records and ambulance dispatch. Unfortunately, as we’ve seen, 999 calls might well not, given that they rely on normal phone systems.
On top of this, of course, there’s also the wider factor that if food, fuel, and financial systems start to go down, then emergency services would rapidly become overwhelmed.
At which point you’d want the army, right? Alas, I have bad news. It turns out, according to the Parliamentary inquiry, that we have a particular vulnerability around military communications: while the UK reportedly has secure cables for military and intelligence communications, these have substantially lower redundancy than commercial networks. Oh.
Some take aways
So here are my take-aways from this cheery foray into internet resilience.
The internet is more centralised than I thought thanks to key choke points — physical ones like cables or data centres, corporate ones like the three companies that run the show, or software ones like Cloudflare.
This increases vulnerability to catastrophic disruption — while we’re talking about low probability, high impact ‘tail risks’, the risks are real, and higher than I’d thought.
There’s less contingency planning in place than you’d hope. No single organisation is charged with managing network stability. And a key take away from the Parliamentary report I mentioned is that the government is a lot less worried than Parliament thinks it should be.
There are massive uncertainties in all this. Experts (both on tech, and on individual sectors like banking) have much less of a sense of where the key choke points are than you’d expect, or of exactly what would happen if they go down.
The real world impacts are potentially enormous, impacting phone and internet access, financial systems, food and fuel supply chains, and unexpected ‘consequences of consequences’ that no one has even thought of yet. The social impacts of an outage lasting more than a few days would be massive, especially if (as seems probable) emergency services quickly became overwhelmed.
What would resilience to this scenario look like? Inevitably, we tend to think about canned food, batteries, bunkers and so on. But as I wrote about in this post last year, in the real world, true resilience isn’t a household proposition: it’s a community proposition, as when we show up for each other in the ‘tend and befriend’ response that often emerges in the wake of disasters.
On which note, finally, I’m so curious about what a long lasting internet outage would mean for relationships. Suddenly losing our access to screens would be such a seismic shift in how society works. Think of how much time we’ve come to spend online over the last two decades, and how that’s affected the quality and type of our relationships. Now imagine someone suddenly clicking ‘Undo’ on that process.
All of a sudden, we’d have a lot more time. All our connections would go offline and become place based. And we’d have a whole load of extremely pressing needs. I don’t want to pretend it would be Utopian: I can imagine a lot of ugly stuff happening. But I can also imagine some pretty interesting mutual aid dynamics emerging very fast.
New podcast episode!
New on the Good Apocalypse Podcast: Caroline Lucas!
Following a decade as the UK’s only Green MP, Caroline’s now forging a new path outside of parliament. She chatted to my Larger Us colleague Claire and me about adjusting to life after Westminster, what we mean when we talk about ‘Englishness’, and how our history can help us understand the fractious moment we’re living in, as well as everything from adapting to climate impacts to Zack Polanski. Perfect company while you chop and peel the festive veg!
Links I liked
We published Larger Us’s list of books of the year for the fifth year running! Find it here.
Brian Stout has a great new piece exploring the emotions that drive fascism, zeroing in especially on loss, shame, humiliation and ‘compounded grief’.
Liz Bucar has a really good piece on spiritual guru Deepak Chopra’s friendship with Jeffrey Epstein, asking what his huge success reveals about contemporary spiritual culture.
I’m not even going to try to summarise Adam Mastroianni’s latest blog post. Let’s just say that he opens it wondering how the world’s three biggest religions got there, observing that:
None of them are very sexy or fun, they come with all kinds of rules, and if they promise you any happiness at all, it’s either after you’re dead, or it’s the lamest kind of happiness possible, the kind where you don’t get anything you want but you supposedly feel fine about it. If you were trying to design a successful religion from scratch, I don’t think any of these would have made it out of focus groups.
thanks Alex. loved your new episode with Caroline, and this line: "we need to find the courage and the language to start talking about meaning and belonging."
A solar storm is the source of the apocalypse in David Williams' thoughtful novel: "When the English Fall" which pitches an Amish community into multiple dilemmas when a storm takes out the world's electricity system - a probing examination of our resilience (or lack thereof) and its roots. "The English" is how Amish communities refer to people who are not them! https://ncolloff.blogspot.com/2017/09/when-english-fall.html