A total internet failure is the one thing that could stop any business in its tracks, yet few are preparing for this possibility, consultancy KPMG has warned.
Stephen Bonner, partner in information protection and business resilience at KPMG, said this could happen within the next five years as the number of internet nodes far exceeds original expectations.
“In that time frame, I predict we will see a major internet outage that could last two to three days,” he told Computer Weekly.
Bonner, who has worked at internet service providers and has “an idea of how it is all plugged together” and run, said he thought an outage will most likely be caused by human error of some kind.
“Although there are vulnerabilities in the internet that malicious actors could exploit to cause a total outage, nobody would benefit, therefore it is unlikely to be the result of a deliberate act,” he said.
Instead, he anticipates something like malware unintentionally disabling every router on the planet or “finger trouble” causing a cascading, self-propagating failure that corrupts every routing table or domain name server everywhere.
Few – if any – businesses are preparing for a total internet failure in their business continuity planning. Most business continuity plans ensure only that the business has more than one ISP and that there is more than one link to those ISPs.
Read more on business continuity
- Evaluate alternative work space for business continuity
- Integrate cybersecurity practices into business continuity
- IT business continuity plans help datacentres expect the unexpected
- Virtualising business continuity and disaster recovery activities
- Business continuity and disaster recovery policy statement templates
- #CIOChat: Discuss IT continuity of operations
“Because there has not been a significant failure of the internet to date, organisations never consider that as a possibility,” said Bonner.
Yet organisations have at least one backup electricity supply even though the energy industry is heavily regulated and well managed, and reliable power supplies are usually supported by a contract.
“But when it comes to the internet, which has no clear oversight or governance, organisations have no backup plan and nobody seems to be worrying about a major internet outage,” Bonner pointed out.
“And when you talk to the people tasked with solving business continuity problems, half their troubleshooting programme assumes they can use Google to search for workarounds or patches.”
They all assume that the internet will never fail.
“Maybe having a chaos of 45 groups that are responsible for bits of it and who all argue with each other is the right way to run a global critical infrastructure service; maybe it is not,” said Bonner.
But if the internet were to go down, those organisations that think ahead and download all the things that will be useful in recovering from that gigantic crash would be in a much better position than those that did not.
Compounding the problem, said Bonner, is the fact that many business models are so reliant on the internet that they cannot fall back on telephones, while a lot of the physical infrastructure that delivers things relies on web-based systems.
“Organisations need to take an afternoon for a brainstorming session on all the things they would need if the internet were to fail for any significant amount of time,” said Bonner.
“They then need to ensure that they have these things put aside somewhere safely so that they have everything they need to carry should an internet failure occur.”
Bonner also advises making offline images of key computer systems so they can be restored without relying on internet connectivity as well as assembling a collection of essential tools.
“This is not a case of the ‘sky is falling’ because there are things that can be done to prepare, but if an organisation has never thought about internet failure, they can be in real trouble,” he said.