Title: Internet Resilience in a Time of Crisis
Host: Fabián E. Bustamante (Northwestern University)
Panelists: Amreesh Phokeer (ISOC), Johanna Ullrich (SBA Research), and Adrian Perrig (ETH Zurich)
Scribe: Mengrui Zhang (Xiamen University)
Introduction
This non-paper session focused on the urgent and complex topic of Internet resilience. As the moderator, Fabián Bustamante emphasized that resilience, much like security, is a cross-cutting challenge that extends beyond protocols to infrastructure and governance. Despite the Internet’s role as the backbone of society, the community has paid surprisingly little attention to this issue. Recent incidents, such as subsea cable cuts in the Red Sea and a global outage linked to server consolidation, highlight that threats are no longer limited to first-order failures like physical disruptions but extend to second-order risks such as structural consolidation and jurisdictional dependencies, and even third-order threats such as opaque routing or hidden leasing agreements that obscure vulnerabilities. The session set out to explore what we currently know about Internet risks and dependencies, how these can be addressed through technology, operations, and governance, and what demands are emerging from both research and practice to strengthen resilience.
Questions and opinions:
Key Questions:
- What do we know about Internet’s risks & dependencies?
- What can we influence through tech, ops, or governance?
- What does resilience demand from research and practice?
Adrian Perrig argued that much of the fragility comes from the original design of Internet protocols, which were never intended for adversarial environments. He pointed to his group’s work, including the recent BGP Vortex attack, as evidence that vulnerabilities in convergence-based systems can be devastating. Perrig advocated for clean-slate designs, such as SCION, which integrate security and formal verification from the outset and avoid reliance on convergence, enabling provable stability and resilience.
Johanna Ullrich stressed the critical importance of interdependencies between infrastructures, particularly the Internet and the power grid. She explained that while the Internet obviously relies on electricity, the digitalization of the power grid has made it equally reliant on the Internet, creating bidirectional vulnerabilities that adversaries could exploit, for example through IoT-based load manipulation. Audience members added that opaque business agreements and a lack of transparency often prevent researchers and policymakers from even identifying the scale of these dependencies.
Amreesh Phokeer brought attention to the systemic risks posed by consolidation. Drawing on ISOC’s monitoring efforts, he showed how localized failures can cascade globally when dependencies are hidden or poorly distributed, citing the example of banking outages in South Africa caused by cable cuts in Ivory Coast.
Disscussion
Q1: Economics of resilience – who pays?
A1: On the question of economics, Adrian Perrig noted that much redundancy already exists in today’s networks but remains unused, with failover mechanisms sitting idle and BGP reacting far too slowly. He argued for active-active multipath routing and pointed to SCION as an example where this approach yields large gains in resilience. Johanna Ullrich compared resilience to insurance, something undervalued until disaster strikes, and stressed that it also depends on recognizing the importance of maintenance and engineering expertise, which are often overshadowed by the pursuit of novelty. Amreesh Phokeer added that the cost of insecurity and outages often far exceeds the expense of building redundancy in advance, yet funding trends, such as the heavy focus on AI, risk diverting investment away from resilience.
Q2: Emergent technologies (AI, optical, satellite) for resilience?
A2: When asked about emergent technologies, Perrig observed that AI can be both a blessing and a curse: it could help by enabling faster responses and supporting verification proofs, but it could also open the door to new vulnerabilities. Ullrich warned that automation can reduce human capacity to respond in emergencies, drawing an analogy to pilots whose skills are diminished in highly automated cockpits; the trade-off between convenience and crisis management needs careful consideration. Phokeer argued that the resilience of AI systems themselves should be part of the conversation, as bias, unpredictability, and energy demands introduce their own risks. Perrig added that despite these challenges, AI may prove valuable in assisting with formal verification, creating a promising synergy.
Q3: Co-design of power grid + internet (both decentralizing)?
A3: On the issue of co-design between the Internet and the power grid, Ullrich pointed out that both infrastructures have been moving from centralized to decentralized architectures. While she cautioned that direct co-design is not simple, she saw opportunities for cross-pollination between the two sectors. The energy sector has traditionally excelled at careful pre-release planning, while the Internet has developed a culture of rapid reaction and adaptation, and each could benefit from adopting some of the other’s strengths. However, she noted that so far there has been little overlap or exchange of strategies between the two communities.
Personal thoughts
This session highlighted the complexity of Internet resilience as a multidimensional challenge that cannot be solved solely through technical innovation. I found Perrig’s argument about security and verification being integrated from the beginning especially compelling, as it suggests a path to eliminating entire categories of vulnerabilities rather than continuously patching them after deployment. At the same time, Ullrich’s perspective on interdependencies between infrastructures made me realize that resilience must be understood as a system-of-systems issue, where failures propagate across domains in unexpected ways. I was also struck by Phokeer’s insistence that resilience is not just about technical robustness but also about affordability and inclusiveness, reminding us that the social and economic dimensions are inseparable from the technical ones. Overall, the session left me convinced that resilience deserves much greater attention in both research and practice, and that interdisciplinary approaches, combined with a shift in incentives, are essential to addressing this urgent challenge.