MPs question why key parts of IT infrastructure is hosted abroad after AWS outage
Following widespread outage to Amazon Web Services (AWS), MPs have raised concerns about the dependence of critical IT infrastructure in the UK on overseas hosting services.
The outage caused significant outages across multiple online platforms, including HMRC, Halifax and Lloyds.
Tracking site Downdetector noted an increase in its reports on Monday; This showed thousands of users experiencing service outages across AWS itself, HM Revenue & Customs, Snapchat, Starbucks, Slack and Ring.
Customers also reported an increase in reports of outages at UK banks including Lloyds, Halifax and Bank of Scotland; There were 6,925 Downdetector outage reports at Lloyds at 9.31am.
An error message posted on Halifax’s website read: “Sorry, we are unable to process your request at this time. We are currently experiencing some technical difficulties.”
Gaming platforms Roblox and Fortnite were also affected.
A spokesperson for VodafoneThree said the outages had affected some of its apps and websites, although their network was “operating normally”.
AWS is the world’s largest cloud computing provider and offers a wide range of services including storage, databases, machine learning and security tools.
The Treasury Committee has now questioned why Amazon was not designated as a critical third party (CTP).
New rules came into force at the beginning of the year allowing regulators to intervene to improve the resilience of CTPs, which are key service providers to the financial sector.
The committee of MPs set out a series of questions linked to the cuts in a letter to the Treasury’s economic secretary, Lucy Rigby MP.
They asked why the Treasury had not appointed Amazon Web Services or any other major technology firm as CTP.
Committee chair Meg Hillier also addressed speculation that the AWS outage was related to U.S. operations and asked whether Treasury was concerned that “significant portions of our IT infrastructure are hosted overseas.”
The committee also asked what work the Treasury was doing with HMRC, which it said may have been affected by the cuts, to look at what went wrong and how such incidents could be prevented in the future.
Outages reported on Downdetector appeared to rise for most services from 9 a.m. to 10 a.m. and then decline through Monday. AWS said at 10.27am it was seeing “significant signs of improvement”.
AWS added at 11:35 a.m. that the “underlying DNS (domain name system) issue has been fully resolved,” although the issues were still at their peak in the U.S. Monday evening, according to the Downdetector site.
Professor Oli Buckley, a cybersecurity expert at Loughborough University, said DNS acts like a “phone book for the internet”, telling devices where to go to find a particular service.
He said a DNS error could cause thousands of systems trying to find the service to slow down until they “eventually stop trying.”
Professor Alan Woodward, from the University of Surrey, said: “When these bugs spread across the internet, it takes a while for the update to reach the far corners of the internet, so outage for such minor bugs can last longer than you expect.
“What this episode highlights is how interdependent our infrastructure is.
“Many online services rely on third parties for their physical infrastructure, meaning problems can arise even with the largest of these third-party providers.
“Small errors, often man-made, can have widespread and significant impacts.”
Marijus Briedis, NordVPN’s chief technology officer, said the outages “reveal a serious problem with some of the world’s largest companies often relying on the same digital infrastructure, so when one domino falls, they all fall.”
Mr Briedis added that the technical glitch could create opportunities for hackers and warned of a possible increase in phishing and malware attacks.
An HM Treasury spokesman said: “We are aware of the situation affecting Amazon Web Services.
“We and the Bank of England are monitoring the situation and are in close contact with firms.”
