By Patricia Lustig and Gill Ringland
The world is becoming increasingly dependent on digital services. In this connected world, are these services fit for purpose? We share evidence that they’re not; and that they are becoming increasingly less resilient as we become more dependent upon them.
This is a threat to everyone in today’s connected world. We use a metaphor – Fractured Backbones – to aid understanding of the underlying causes of this loss of resilience. Using the metaphor can help people to better anticipate the characteristics of this threat and develop ways to mitigate this lack of resilience.
EVIDENCE
Between April and July 2023, all three major cloud providers suffered regional outages. The largest AWS region (us-east-1) degraded severely for 3 hours, impacting 104 services: Fortnite matchmaking, McDonald’s and Burger King food orders stopped working. A Google Cloud region (europe-west-9) went offline for about a day. Azure’s West Europe region partially went down for about 8 hours due to a major storm in the Netherlands.
Blackbaud specialises in financial, fundraising and admin software for educational institutions and non-profits. In 2020 the data of more than 20 UK universities and non-profits including the National Trust were hacked. Data on Labour Party donors also was taken. The company in 2023 reached an agreement to pay $49.5m to resolve claims that it violated state and federal laws. The Information Commissioner’s Office in the UK also reprimanded it.
Meta’s Facebook and Instagram services were down on March 5, 2024. A more than two-hour outage impacted hundreds of thousands of users globally. The outage was probably caused by an issue with a backend service such as authentication. At the time, it was suggested that there had been corruption of the backup data that made it essential to close the platform completely to restart.
The British Library’s 31st October 2023 cyber-attack led to a leak of employee data and resulted in the library's website being down until January 2024, making it impossible for library readers globally to locate or order materials. The Rhysida ransomware group claim to be behind the attack shared an image on the web showing documents which appear to be HMRC employment contracts and passports.
On March 30, 2024, AT&T published information on a data breach: a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders. This means that all 73 million users have had their passwords reset.
Something is clearly broken – after this level of disruption in physical services, accident reports are published and follow up actions are often introduced to avoid repeat occurrences. Why does this not happen for digital services? What can organisations do to protect their business and their customers?
FRACTURED BACKBONES
We (the authors) suggest that the concept of Fractured Backbones could be useful in exploring how to improve the resilience of digital services, and provide thoughts on what organisations can do in the meantime.
What are Backbones? Backbones are a set of rules that support the way things work. Societies design these rules to help people get things done. Backbones can be explicit – as in being based upon the rule of law – or implicit, being based upon assumptions about “the way we do things around here.” Backbones cover many aspects of life such as financial services, governance, and international (technical and professional) standards and regulations.
For societies to work well – to be effective – these rules need to be shared and accepted. Then, Backbones will enable people to work, communicate and solve problems together successfully. When Backbones work well, they provide the resilience needed to adapt to disruptions and threats. A Backbone will have been designed for a set of circumstances. But it needs monitoring and maintaining; as society changes, it may no longer be fit for purpose. Backbones may decay or become irrelevant, and it is worth noting that not all Backbones are ‘good’ (or good for everyone).
Backbones may also be challenged by people who have different assumptions and therefore different sets of rules and processes. For example, different countries may have different solutions to a backbone and if they want to work together, this will need addressing for a joint backbone. When a Backbone fractures, rather than evolving to fit the needs of the society, it becomes a disruption.
Backbones also depend on regulations and agreements such as currency exchange platforms, ISO standards for technology e.g. engineering components, telecommunications systems, manufactured components, internet protocols.
The Backbones underpinning service delivery seem to be fractured and are no longer fit for purpose. How could they be restored? How can organisations adapt to living with Fractured Backbones which are affecting their ability to deliver services to their customers?
MITIGATION
Awareness of the problem to be solved is the first step in mitigating – restoring – Fractured Backbones. As Einstein said, “If I had an hour to solve a problem and my life depended on the solution, I would spend the first 55 minutes determining the proper question to ask, for once I know the proper question, I could solve the problem in less than five minutes”(1).
(1) Quote by Albert Einstein: “If I had an hour to solve a problem and my life...” (goodreads.com)
The resilience of digital Backbones has been the subject of concern recently, with the UK’s National Preparedness Commission’s report highlighting the growing importance of software in the economy and society. Further, the lack of awareness of its fragility and the impact of loss of service to the economy, society and people is not yet on the wider agenda. Increasing this awareness is a step towards restoring Fractured Backbones.
Wider awareness could lead to measuring the impact and establishing the case for investment. A BCS and BCI RoundTable suggested that governments could take a lead by sharing data on the impact of service outages and data breaches in public sector services. The US Underwriters Lab supports the AI Incident Database – a non-profit organisation and website tracking all the different ways the technology goes wrong. The website has catalogued over 600 unique automation and AI-related incidents so far.
Publicity about the impact of service outages could alert politicians and economists to the severity of the problem of service resilience and its effect on productivity.
What could governments and organisations do to restore the Fractured Backbones underpinning the delivery of digital services?
The BCS and BCI RoundTable examined this question and suggested that an approach initially defined for financial services provided a roadmap to improve resilience across any sector. This suggests that organisations – public or private sector – should define their most important service in terms of financial impact, reputational impact and cost to users in case of outage; to test this service under a wide range of potential failure conditions; and to resolve all potential sources of outages. This approach builds consensus and shared accountability across the organisation.
In the meantime, governments and organisations can adapt to the knowledge that digital services are subject to failure by planning for manual backup services that can cope with minimal disruption to the customer. The connected world includes people – their role in resilience is easy to underestimate.
A version of this article was first published in the Long Finance Pamphleteers blog on 29th of April 2024. The authors upcoming book (working title: The Possibility Wheel: Making Better Choices in a Fractured World) will be published by Triarchy Press later in 2024.
Gill Ringland is an Emeritus Fellow of SAMI Consulting. She is a Life Fellow of the BCS, an ICL Fellow Emeritus and a Fellow of the World Academy of Art & Science.
She wrote Scenario Planning while responsible for strategy at ICL. She has more than 150 publications and her books are used at Business Schools including Harvard. Her next book, the 12th, is with Patricia Lustig, and is on Resilient Choices. She publishes thought pieces and blogs through the BCS, Long Finance and Radix, often with Patricia Lustig.
She can be contacted via gill.ringland@samiconsulting.co.uk.
Patricia Lustig is a foresight, strategy and change consultant, and author. She is an internationally recognised practitioner in foresight and strategy development, future thinking, scenario planning and innovation. Patricia is a keynote speaker on futures thinking and strategic foresight. She has worked in Europe, EMEA, Asia and the USA. She is multilingual.
She is a board member of the Association of Professional Futurists (APF) and Director of its flagship Emerging Fellows programme. Her seventh book, written with Gill Ringland, will be published later this year.
She can be contacted via patricia@lasa-insight.com
Comments