WS #139 Internet Resilience Securing a Stronger Supply Chain

Summary

This workshop focused on Internet resilience and securing a stronger supply chain, hosted by the Marconi Society’s Internet Resilience Institute at the Internet Governance Forum. Vint Cerf opened the discussion by emphasizing how society’s increasing dependence on the Internet, particularly with AI applications, makes resilience critical, highlighting the importance of supply chain provenance and the integrity of open source software components. Ram Mohan outlined four key challenges to Internet resilience: increasing system complexity with hidden interdependencies, intensifying regulatory pressures creating friction between technical operators and governments, insufficient funding for preventive measures, and supply chain vulnerabilities in software.

Olaf Kolkman illustrated these vulnerabilities through practical examples, showing how complex systems like food delivery depend on Internet connectivity and how backup systems like diesel generators can fail due to overlooked details like fuel management. Anriette Esterhuysen provided a Global South perspective, describing how Internet resilience creates a two-tier system where wealthy individuals and institutions can invest in backup solutions while ordinary users must manage disruptions themselves with multiple SIM cards and batteries. The panel discussed ongoing mapping efforts led by Fiona Alexander to trace Internet packet paths and identify all actors and dependencies in the supply chain ecosystem.

John Crain from ICANN explained how the domain name system has evolved from 13 root servers to 2,000 locations globally through strategic investment in resilience infrastructure. Manal Ismail emphasized the vital role of governments in promoting resilient networks while embracing multi-stakeholder approaches for effective Internet governance. Mark Nottingham shared real-world experiences from Cloudflare, demonstrating how even well-engineered systems with redundancies can fail catastrophically, requiring continuous improvement and transparency about failures. The discussion concluded with recognition that Internet resilience requires cross-sector collaboration, proactive investment, and systemic thinking rather than reactive problem-solving.

Keypoints

## Major Discussion Points:

– **Internet Infrastructure Dependencies and Vulnerabilities**: The discussion emphasized how the internet has become critical infrastructure that society depends on, yet it relies on complex interdependencies (power, water, physical infrastructure) that create single points of failure and cascading risks when disrupted.

– **Supply Chain Security and Provenance**: Speakers highlighted the importance of understanding where internet components come from, particularly open source software libraries, and ensuring their integrity through proper documentation, digital signatures, and tracking of the “bill of materials” used in internet services.

– **Global Inequality in Internet Resilience**: The conversation addressed how internet resilience is unevenly distributed globally, with developed regions having better backup systems and recovery capabilities, while users in the Global South often must create their own workarounds (multiple SIM cards, batteries, etc.) with little communication about outages.

– **Cross-Sector Collaboration Challenges**: Panelists discussed the need for enhanced collaboration between different sectors (internet providers, power companies, governments, etc.) that currently operate in silos, each assuming other critical infrastructure will remain available during their own backup planning.

– **Mapping and Understanding Internet Ecosystem**: The discussion covered ongoing efforts to create comprehensive maps of internet infrastructure dependencies, following the path of IP packets to identify all the actors, institutions, and systems involved in internet connectivity.

## Overall Purpose:

The workshop aimed to raise awareness about internet resilience as a critical global challenge and to foster collaboration across sectors, disciplines, and geographies. The Marconi Society’s Internet Resilience Institute convened experts to discuss current vulnerabilities, develop solutions for supply chain security, and create actionable frameworks for improving internet stability and reliability.

## Overall Tone:

The discussion maintained a serious, urgent tone throughout, with speakers emphasizing that internet resilience is not just a technical issue but a societal and economic imperative. The tone was collaborative and solution-oriented, with experts sharing practical experiences and failures alongside theoretical frameworks. While there were moments of levity (jokes about construction noise, coffee needs for early morning participants), the underlying message remained consistently grave about the potential consequences of internet infrastructure failures. The conversation became more concrete and practical as it progressed from theoretical frameworks to real-world examples and mapping exercises.

Speakers

**Speakers from the provided list:**

– **Moderator (Pablo)** – Supporting the Marconi Society’s Internet Resilience Institute, session moderator

– **Vinton Cerf (Vint)** – Internet pioneer, helping to set the scene for the workshop

– **Ram Mohan** – Digital identity expert, discussing current state of internet resilience

– **Olaf Kolkman** – Internet Society, presenting on system complexity and resilience challenges

– **Anriette Esterhuysen** – Former MAG Chair and APC, discussing Global South perspective on internet resilience

– **Fiona Alexander** – American University, leading internet resiliency mapping exercise and supply chain analysis

– **John Crain** – CTO of ICANN, participating remotely, discussing unique identifiers and DNS resilience

– **Manal Ismail** – From Egypt regulator, former Chair of the Governmental Advisory Committee of ICANN, discussing governmental role in internet resilience

– **Mark Nottingham** – Cloudflare and IETF, sharing real-world experience with internet infrastructure resilience

– **John Janowiak** – President and CEO of the Marconi Society, providing closing remarks

– **Paticipant** – Multiple audience members asking questions (appears to be a generic label for various participants)

**Additional speakers:**

– **Qusayr Shati** – From Kuwait, asking questions about safety and security of internet infrastructure

– **Mallory** – Audience member asking questions about political economy and capitalism’s role in internet resilience

– **Juan** – Audience member asking about economics and revenue flow in internet infrastructure (referenced by Fiona but not explicitly identified in transcript)

# Internet Resilience and Supply Chain Security: Workshop Report

## Executive Summary

The Marconi Society’s Internet Resilience Institute convened a workshop at the Internet Governance Forum focused on internet infrastructure resilience and supply chain security. The session brought together experts from across the internet ecosystem to discuss growing vulnerabilities in our internet-dependent society. Despite construction noise and logistical challenges, the interactive workshop revealed that internet resilience has evolved from a technical concern to a fundamental societal imperative requiring unprecedented collaboration across sectors and geographies.

The discussion was structured in three blocks: foundational presentations on internet dependence and system complexity, perspectives from different stakeholder communities, and audience questions that explored economic sustainability, physical security, and systemic challenges. Key themes included cascading failures from hidden interdependencies, regulatory tensions between technical and governmental approaches, chronic underfunding of preventive measures, and supply chain vulnerabilities.

## Opening Framework: Critical Internet Dependence

Vinton Cerf established the foundational framework by highlighting society’s profound dependence on internet infrastructure. “The implication of dependence is that when it doesn’t work there are all kinds of consequences,” Cerf observed, noting that artificial intelligence applications are further intensifying this dependence.

Cerf introduced “provenance” as a central concern – understanding where internet components originate and ensuring their integrity. He emphasized the importance of documenting supply chains, particularly for open source software libraries, and ensuring their integrity through digital signatures and comprehensive “bill of materials” tracking.

## System Complexity and Hidden Dependencies

Ram Mohan identified four interconnected challenges threatening internet stability: increasing system complexity with hidden interdependencies, regulatory pressures creating friction between technical operators and governments, insufficient funding for preventive measures, and supply chain vulnerabilities.

He highlighted dangerous circular assumptions where power companies assume internet availability for communications while internet providers assume reliable power supplies. “We have a systematic bias towards reactive rather than proactive resilience strategies,” Mohan noted, explaining how organizations struggle to secure investment for prevention while post-incident responses receive adequate funding.

Olaf Kolkman from the Internet Society illustrated these complexities with concrete examples. His most memorable anecdote involved a data center with backup diesel generators tested monthly for two hours, but during an actual emergency lasting longer, “the generators failed after five hours because operators had forgotten to refuel the diesel tanks.” He noted this was a case he knew of, demonstrating how human factors can undermine technical systems.

Kolkman explained how seemingly simple services like food delivery actually depend on complex internet connectivity – requiring not just the delivery app but payment processing, GPS navigation, restaurant systems, and driver communications. He advocated for risk-based thinking that identifies coupled risks and cascade effects.

## Stakeholder Perspectives

### Global South and Equity Concerns

Anriette Esterhuysen brought crucial equity considerations, highlighting how internet resilience creates a two-tier system. In many Global South countries, internet resilience operates “like an act of God” for ordinary users who receive no advance warning, no recovery timelines, and no institutional support during outages.

Users develop their own coping mechanisms – maintaining multiple SIM cards, carrying backup batteries, creating informal information networks. This contrasts with wealthy users who can invest in backup connections and redundant systems. Esterhuysen challenged narrow technical definitions of resilience, arguing that physical transmission infrastructure should be included in resilience planning.

### DNS Infrastructure Lessons

John Crain from ICANN, participating remotely, discussed DNS resilience as a model for critical infrastructure. The DNS root system has evolved from 13 original systems to “roughly 2,000 locations globally” through systematic investment. This demonstrates how proactive resilience planning can scale critical systems while maintaining stability.

Crain emphasized that resilience requires continuous improvement as the internet grows, and that global coordination and policy frameworks are essential for managing critical internet functions.

### Government Role and Regulation

Manal Ismail addressed the complex governmental role in promoting resilience, outlining approaches ranging from awareness-building to mandated requirements. She emphasized that effective government involvement requires understanding both technical realities and policy frameworks needed to support resilience investments.

Multi-stakeholder approaches emerged as essential for balancing competing interests. Government responsibilities extend beyond regulation to promoting investment in redundant networks and developing national digital resilience strategies, coordinated internationally since resilience cannot be achieved within national boundaries alone.

### Industry Implementation Challenges

Mark Nottingham from CloudFlare provided front-line operational perspectives, explaining that the internet is “inherently unreliable” and appears reliable only through multiple layers of abstraction and redundancy. Even well-resourced organizations with extensive engineering expertise face unexpected failures from unanticipated system interactions.

Nottingham described recent CloudFlare incidents, including a “Code Orange” event and another incident “about a week ago,” emphasizing the importance of learning from failures and sharing lessons across the industry. He noted that many resilience problems require industry-wide coordination rather than individual company solutions.

### Infrastructure Mapping Efforts

Fiona Alexander described ongoing efforts to map internet infrastructure dependencies by following IP packet paths through the entire ecosystem. The working group is developing these maps collaboratively, with plans for a first draft and subsequent iterations examining specific sectors like energy infrastructure.

Alexander noted that traditional telecommunications models are inadequate for understanding internet infrastructure, explaining that applying historical telephone accounting rate models to internet infrastructure would “fundamentally break the system.”

## Audience Questions and Broader Challenges

The interactive session included several significant questions that expanded the discussion:

**Business Continuity Strategy**: Nandifa Natsaluba asked online about business continuity strategies, prompting discussion of how organizations prepare for internet disruptions.

**Economic Sustainability**: Juan raised detailed questions about international charging arrangements and revenue flows, arguing that shifts away from traditional telephone models had eliminated crucial revenue flows to developing countries. This generated debate about whether current business models support long-term infrastructure sustainability.

**Physical Security in Conflict**: Qusayr Shati asked about infrastructure safety and security in conflict zones, highlighting how internet infrastructure becomes both target and casualty in warfare.

**Systemic Transformation**: Mallory posed a provocative question about whether meaningful resilience progress requires addressing broader systemic issues like capitalism and global power structures, rather than just technical solutions.

## Key Tensions and Unresolved Issues

The workshop revealed several ongoing tensions:

– **Scope of Resilience**: Disagreement about whether physical transmission infrastructure should be universally considered part of internet resilience

– **Economic Models**: Debate about whether current business models and revenue distribution threaten long-term sustainability

– **Systemic vs. Technical Approaches**: Tension between holistic approaches addressing broader infrastructure issues versus achievable technical solutions

– **Regulatory Timelines**: Friction between government demands for immediate solutions and technical communities’ iterative improvement processes

## Next Steps and Action Items

John Janowiak concluded by outlining concrete next steps:

– The working group will produce a first draft of the internet resilience supply chain map by their November meeting

– Participants were encouraged to download the Internet Resilience Report from the Marconi Society website

– Those interested can join the Internet Resilience Advisory Council to contribute to ongoing mapping efforts

– Future mapping iterations will examine specific sectors, beginning with energy and power infrastructure

## Conclusion

The workshop demonstrated that internet resilience challenges are interconnected and require systematic thinking beyond traditional technical boundaries. While participants agreed on fundamental challenges – complex interdependencies, cascading failures, and the need for cross-sector collaboration – disagreements about scope, approach, and solutions reflect the complexity of achieving resilience in practice.

The session’s interactive nature, despite physical challenges including construction noise, illustrated both the collaborative spirit needed for resilience work and the practical difficulties of coordination. The mapping exercise and ongoing collaboration provide concrete mechanisms for translating insights into actionable improvements, recognizing that internet resilience has become a societal imperative requiring sustained commitment across technical, policy, and social domains.

Moderator: Hello, how are you? It is really an honor to welcome you to the workshop Internet Resilience, Securing a Stronger Supply Chain. Just double check that you are in the right room, and you are very welcome. We are on a tight schedule, so we will need to move quickly, but meaningfully. If you are sitting at the back, please don’t be shy and come closer. This is a roundtable by design, so please don’t spare any seat over there. Come and don’t be shy, just take a seat, you are welcome. The closer that we sit, the more resilient our dialogue becomes, you know. I’m Pablo. I’m supporting the Marconi Society’s Internet Resilience Institute. I’m very happy to be here, and I’ll be your moderator for this session. Let’s dive straight into the substance. I’d like to begin by turning to someone that truly needs no introduction, Vint Cerf. He will help us to set the scene, and Vint, are you there? I am here, yes I am. Fabulous. Can you hear me? Yes. Help us to set the scene, Vint, where the idea of this workshop comes from. What would be your advice in terms of what would be the good outcome for this discussion? Put some stress on us.

Vinton Cerf: So in the short summary is that the… Many of us have been asking ourselves very hard questions about internet and its resilience because we’ve become so dependent upon it and with the arrival of new applications of artificial intelligence that dependence is only going to increase and The implication of dependence is that when it doesn’t work there are all kinds of consequences. No serious serious problems This is true of a lot of infrastructure You don’t think about it until it doesn’t work, like when the power goes out, now what doesn’t work or when the roads are all blocked So I’m sure you can, when your mobile doesn’t work, that’s become a very important infrastructure and when it doesn’t work there are consequences So the internet has become so woven into a significant part of our ecosystem that we are very concerned about its resilience and reliability We talked about that in a number of different contexts and the specific one for this meeting has to do with the supply chain Since the internet is composed of many many pieces, coming from many many different sources, a very significant part of the internet is software After all, it’s the protocols that make all these things work, running on, of course, physical equipment that we also depend upon I’m going to suggest to you that the word provenance will turn out to have a very heightened importance in this conversation Where did things come from? How do we know that they have integrity? Have they been altered sort of in flight? Do we know who is responsible for them? Do we know where to turn when things are not working properly? So if we ask ourselves, can we document the supply chain that leads to a particular product or service? Can we know that it has integrity? And this is particularly applicable to open source libraries, which have become a major component of the development of products and services in the internet space. Open source is wonderful because it’s accessible, but it’s also hazardous because sometimes it’s not well maintained. And so we have to ask questions about the bill of materials used to create a product and the order in which those products have been applied. Do we know whether the software is unaltered? Does it have integrity? Has it been digitally designed? Do I know the party who digitally signed it so that I can trust the integrity of that? And second, security is a huge issue as well, not only in open source software, but in all of the components of the internet. How can we be assured that security has been properly attended to, not only in the fabrication of creation of the software, but also its configuration and installation? So tracking all of that, having the ability to audit where things came from and how they were assembled and who assembled them is a very important aspect of supply chain evaluation. So as you know, I have to go off to another meeting soon, but I hope that you will all take copious notes and that there will be something concrete coming out of the discussion that the rest of us can share. So that would be my little opening homily for you, Pablo.

Moderator: Thank you so much. It’s very strange to hear myself. So I think we have a good scene to work on, and let me introduce more or less how this panel is going to work. So we will have, there are a few lines there, but basically we will have three sections. The first one to talk about the current state of internet resilience, the second one to talk about what we mean by internet resilience supply chain, the interdependencies and the developing solutions, and the third part will be real-time experience and practical examples. Our panelists, it’s a stellar group of people and experts and on the first block we will have Ram, we will have Olaf, and we will have Anriette, Ram from digital identity, Olaf from the Internet Society, Anriette, former MAG Chair and APC. Are you? Fiona, American University, John Crain, he’s joining us remotely, he’s the CTO of ICANN. Manal, I hope you are here, welcome. She is from Egypt, from the regulator, former Chair of the Governmental Advisory Committee of ICANN, and we have Mark from Cloudflare and ITF. So we will be having a conversation and you are welcome to join that conversation and we will get straight into it in terms of the current state of internet resilience. Ram, why don’t you start to talk about what has happened recently in this work?

Ram Mohan: Pablo, thank you so much, and just to frame this issue for us, the internet, as Vint said earlier, the internet is no longer just a convenience, it’s an invisible infrastructure that supports nearly every aspect of our lives, from critical services to daily activities. We know this, But we also perhaps don’t understand fully well just how much our modern world is fundamentally built on Internet connectivity, right? From enabling critical services, healthcare or financial transactions, transportation, energy grids, emergency response, a resilient Internet ensures that these vital services remain operational even in the face of disruptions. The other part of the criticality of what we are looking at is economic stability because businesses of all sizes from global corporations to local shops, they rely on the Internet for every aspect of what they do. We also know in the last decade or a little over the last decade that it’s been significant for social communication and for social connectivity. And for all of us who endured the years of COVID, without the Internet would have been quite a different experience altogether. Certainly the Internet is critical for national security and public safety, but it’s also a key part of trust and confidence. When you don’t have a resilient Internet and you have frequent or prolonged Internet outages that erodes both public and business trust in digital systems. And conversely, a resilient Internet, it fosters confidence, it encourages further digital innovation, investment and adoption, right? And finally, it’s about mitigating disruptions, right? Because resilience is not about preventing outages, which are inevitable, but it’s about the ability to withstand, adapt to and rapidly recover. from them, right? So that means the ability to restore services to route traffic around failures and minimize the impact on users, right? Because without resilience, even minor technical glitches or cyberattacks could have disproportionately severe and long-lasting consequences. So the Marconi Society in November of 2024, it convened a group of 30 or so global experts in Washington, D.C. to review the state of internet resilience. And that group provided a report for 2024, the Internet Resilience Report, and that report

Olaf Kolkman: highlights a critical assessment of the internet’s infrastructure. It identifies key threats, and it also offers recommendations. But here are the pressing challenges in internet resilience. There are really four key challenges. The first is just the increasing system complexity with tangled systems. Modern applications and services rely on a vast web of interdependencies, and inside of those interdependencies are often single points of failure, and they’re hidden within complex supply chains. So for an example is dependency on power, dependency on water, or over-reliance on a few APIs, software APIs. A second part is just intensifying regulatory pressures. The relationship between technical operators and government policymakers is becoming strained. Governments demand accountability and quick responses to incidents given the Internet’s critical role in not only national security but the economy and that clashes often with the technical community’s traditional reactive and problem-solving approach. Try what’s going on, solve it, and if it doesn’t work well, try the next thing. In the meanwhile, you have a government regulator saying, I don’t want you to try the next thing, fix it now, right? So, there’s a growing friction, growing clash that’s happening there. The third part is insufficient funding for preventive measures because if you look at funding for resilience, there’s almost none. What happens is that when incidents occur, when problems happen, those things readily attract funding and they readily attract attention. But the crucial work of prevention, which is about good operational practices, proper training, systematic thinking about infrastructure, those things often lack adequate investment. And resilience is a prevention problem and prevention does not attract money. The last part is the supply chain vulnerabilities in software. The reliance on complex software supply chains, it introduces significant points of fragility and the potential for cascading failures if a single link is compromised. And there are a great number of examples of this happening and that are public. There are a great, much greater number of them. that are happening that are not public. So, if you look at all of this, we are at a point where we have, we’re at a moment where it’s not just a technical challenge. Resilience is an increasingly urgent global and political challenge in front of us, which is why we’re here at the IGF to talk about it, right? And what we need is a fundamental mind shift change. We’ve got to be starting to talk about proactive prevention. We have to really start thinking about how can you enhance collaboration, not inside a sector, but across sectors. An anecdotal and funny story is that when you talk to regulators and they talk about how terrific the resilience plan is for internet service providers, the common thread is that they have great backup plans, but then you start to talk to them about what is the common assumption. The common assumption is power will be available, water will be available, air will be available, right? Now, you go to folks in the power sector and you talk to them about their backup plans and how they have resilience planned. They have very good plans in there, but a common assumption for them is that the internet will be available so that they can communicate, right? So, you have this expectation and an assumption that other parts of critical infrastructure are going to be available, except those parts aren’t actually talking with each other, right? So, we need enhanced collaboration across sectors. And really, the last part is a much deeper understanding of the interdependencies. that really sustain global connectivity. So these things are essential and we’ve got to wake up to these challenges now or we’ll wake up to a world that doesn’t have adequate resilience

Ram Mohan: for a foundational part of not just infrastructure but of life.

Moderator: Ram, thank you. Tangled systems, regulatory friction, the funding gap, software, Achilles heel. What I am thanking you for is that you used enhanced collaboration and not enhanced cooperation because if not we were going to get into a lot of trouble. That’s an inside joke but well Olaf, do you want the clicker for your slides or do you want me to do it?

Olaf Kolkman: There it is. First I want to apologize Martin Borteman who was initially scheduled to moderate the panel but he had to leave because of family emergency and that brings us to the matters of life. What you see here on the picture is a staple food for the global minority, bread. This is something that is delivered to our grocery stores and this is a little bit of a global minority description of the issue but this is being delivered to our shops with our groceries on almost a daily basis and I’m telling this a little bit to make the story of resiliency a little bit more, you know, give it a little bit more life. The way this works is that a grocery store will place an order. that order will go into a logistic system. And if you Google for logistic system software, specifically if you do an image search, you will see enormously complicated architectures with all kinds of building blocks of interconnected systems that go all over the place. But that was the interconnectedness that Ram was talking about. One of those blocks fail and your grocery will not be delivered. And all these type of things depend on the internet connecting, not only in the connecting in your locality, not connecting in your city, not connecting between the warehouse and the grocery store, but also connecting to distance APIs that might be hosted somewhere at the other end of the globe. And everybody in that supply chain is doing their best to maintain uptime. Seriously doing their best to maintain uptime. But once systems get more complex, they become more fragile. A webpage nowadays will do about 100, 200 queries before the page is actually visible, going to all kinds of different locations. And these websites are hosted probably in data centers. These data centers rely on electricity. And of course, the internet providers and the data center maintainers are doing their best, next slide, to maintain their power situation. This, my friends, is a Cummings DFLE 1500 kilowatt diesel generator. I got this picture from a secondhand diesel generator site. This model is available for $139,000. And this is the type of thing that sits in a data center. It slurps about 392 liters of diesel per hour to generate 1500 kilowatts of power. That is one truckload, a 30 ton diesel truckload of diesel every three days. If your internet goes down or if power goes down in a data center, it takes three days before these babies are out. Now, of course, these things are tested all over the place. I actually have a story, or I’m telling a story, but I have a sub-story. I know of a case where the diesel was tested every month for two hours. They turned it on, made sure everything was working. And after five, six years, they really had an emergency. They turned the thing on, it worked for five hours, and it was out of diesel. They forgot to refuel the tanks. You laugh about this, but this is important, because this is the type of thing that can go wrong if you don’t think through your system. And if you think about resiliency, I think that that is the main question that we have to ask ourselves in these approaches is, next slide, what can possibly go wrong and what can possibly be broken? And that informs your risk-based approach. That also informs what can I do when things go wrong. Do I have to have a satellite phone so that I can communicate to somebody, to my diesel provider, for instance, so that I can get diesel? Because if the logistic system sits down at the same time… There’s no way I can refuel my generators to keep up time and things will really break down. So these are the things that we need to think about when we think about resiliency. What can possibly go wrong? What can possibly be broken? And take risk-based approaches on the evaluation and understand, for instance, what are risks that might be coupled to each other? What if an anchor goes over the seabed and breaks both the electricity cable as well as the fiber cable? Coupled risks. And with that, I hope I set the stage for the continued discussion.

Moderator: Olaf, thank you very much. Indeed, we’re thinking about you, Martin, if you’re following us. And Martin said to Olaf, could you moderate? And then they agreed that I would moderate, because if not, we would have missed this wonderful presentation that you just did. I think it was awesome. Anriette, I would like if you could thread this into the IGF. Why we’re discussing this in the IGF?

Anriette Esterhuysen: These mics have to be switched on. Thanks, Mark. Because the IGF, I think, is the place where we connect people, the people at the other end of the breakages, to the processes that involve both technical coordination, policy and development, as well as other areas of policy coordination and development, as well as practice, as well as innovation. So, I think this is the place where we try and talk about, how does all of this make a difference or not make a difference in people’s lives? So, you also asked me to say, you know, what is my take coming, you know, from the Global South on internet resilience? And I think I’m from South Africa, so I live in a big city, but it happens to be a big city that has electricity outages, if not every day, you know, every few days. And I live in a region where there’s been drought recently, so all the countries along the Zambezi River, Malawi, Zambia, Zimbabwe, had power outages as a result of drought because they rely on hydro, and if the dam levels are too low, you just don’t have electricity. So I think for many people, internet resilience is something that other people have. And what you have is this divide where you have financial institutions, for example, will make sure that they have backup. Upper middle class people would have moved to solar by now, so when it comes to dealing with these disruptions, which are often not easy to control, there’s a vast difference in how people are able to respond to that. And then when you look at industry and businesses, obviously the larger the company, the better it’s going to be to be able to address disruptions. You have sectors, you have data centres, which communicate very effectively with their clients. The clients would probably get advance warning, or they would be rerouting, and they would manage. But data centres serve a kind of a small sector of the economy, relatively, or they work with the financial institutions. So the banks might carry on working, but if you rely on a mobile network that needs to use a tower that relies on electricity, and the towers just go down. So even though theoretically the bank services are still up, you’re not as an end user able to access it, because your mobile operator, firstly you’re a pay-as-you-go customer, remember that. which means you get no communications from your service provider that there are disruptions. So, it’s like there’s a two-tier system of how, I think as Ram said, what really matters is how do you respond? How do you do recovery? And I think what you have in many countries in the global South is a two-tier system. Some people who just deal with internet resilience, it’s like an act of God. Sometimes you have, sometimes you don’t. And then there are sectors of the economy and society who are empowered enough to invest in routing around it. And I think that’s what’s so frightening in many ways. I think that, I mean you’ve all talked about how the technical community does the routing around the disruptions. I think what happens in many developing countries is that the end user is expected to do the routing. They have to have two SIM cards, three or four SIM cards because there’s different affordability and different coverage in different parts of the country, for example. They have to have backups. They always have to have batteries. And with the undersea cable disruptions that have hit much of Africa, well, much of the world, you know, in the last year, you have no idea. There’s no communication. There’s no information. Unless you’re actually an internet service provider that belongs to an internet service providers association or a pairing point, they’re very good at communicating. But if you’re any other business, never mind an end user, you will not know what the current status is of undersea cable breakages and repair. You basically just have to wait and see and hope for the best. So I think just my last input here, I think, I mean, Ram talked about enhanced collaboration. I mean, I’m very happy saying enhanced. cooperation, by the way, I think enhanced communication. I think we need to at the moment there’s the security sector, the companies that provide the security and the backup are very good at communicating with one another, in fact, and I think there’s a lot of cross-industry, cross-discipline collaboration, but there’s no communication with end users or with, you know, the rest of the world who still, as Ram said, is so dependent and takes for granted that this is going to be available, and I think the result is exactly as Ram said, it breaks trust and I think it disrupts innovation and it just, it disincentivises people from beginning to embed the internet in daily life and daily services on a more routine basis.

Moderator: Thank you, Anriette. We’re just on time, we’re going well, we’re doing well. We have participation online, Nandifa Natsaluba, what a great topic on resilience, do we have a business continuity strategy for unplanned disruption leading to a total global unavailability of the internet? They are very switched on, I would like to know where are you from, but welcome to this panel. I see as well some empty seats, so I welcome people to join us, don’t be shy if you would like to participate at a later time when we open for questions. Let’s go into the second block about the supply chain, the interdependencies and developing solutions, and for that I would like to ask Fiona if you could help us with some mapping and the work that you are doing in terms of identifying the gaps and the policy concerns.

Fiona Alexander: Hi to everyone and thanks Pablo, you’re doing a great job stepping in to moderate, and thanks for the invitation to participate and speak and to John and Aisha and others at Marconi Society for this really interesting project. So Ram talked about the session that we had in Washington last year now. I don’t know, time all flies for me. But from that we’ve been having a couple of different conversations and we have a working group that’s specifically trying to put together an internet resiliency mapping exercise and actually putting together a map of what that supply chain looks like. And the goal of our, I think there might be a slide somewhere, but the goal of our group is to produce a map that identifies the actors, institutions, and dependencies across the internet ecosystem infrastructure supply chain. And as Anriette’s story really highlights, that’s not just what we normally think of. It’s not just traditional telecom, providers, ISPs, DNS players. What we’re hoping to do with this exercise is demonstrate clearly that our internet ecosystem infrastructure supply chain includes everybody. And we’re hoping to do that with this map. Again, our default is to kind of only focus on the people that we think of and some of the people that are here. But we’re really hoping to help go through this exercise and confirm that it’s much broader than that. So not all actors or institutions fully appreciate their role and corresponding responsibilities. Not all these different silos are in a routine habit of talking to each other, back to enhanced communication or whatever, enhanced see where we’re going with this cycle. So I think we’re hoping to do that as well. So what our working group is doing is that we’re trying to do all of this online as well through Google Docs. That will be an interesting test of our ability to work together. But the group’s going to develop a map that follows the path of an IP packet and that a routine internet user action initiates. So I think we’ll figure out what couple of examples might make sense so that this is an accessible tool for everybody and anyone regardless of their technical skill sets. I should also offer the observation that I’m the least technical person in the working group, which is great for me. I get to rely on all these great engineering minds that are part of the group. But we’re going to follow the packet, the route that a packet takes at a 30,000-foot level. And we’re going to try to identify what infrastructure layers the packet hits as it goes from you typing something to getting to its destination and to delivering. what you’ve asked it to do and so I know obviously we’ll probably talk about power and water which I think we all kind of Know and I think was highlighted with the most recent sort of broad-based internet outages We saw in Europe and Spain most recently But we want to see what other parts of and what other sectors of the world that we’re hitting with all of that We did talk about and we have discussed that we want to find a way to acknowledge. There are some cross-cutting issues That we’re not going to address so that we kind of scope this Carefully and don’t try to take on everything at once So we’re not going to try to take on sort of a policy and regulatory landscape at the outset And sort of acknowledge that at the first instance if this works for us, which I’m optimistic that it will We’re hoping to have a first draft of the map for the Marconi Society meeting That’s happening in November And if we think this is useful and we think we’re providing a value-add to the community for doing this and we like the map But by we I mean all of us collectively we like it Then I could envision next iterations of the map that then dig into each bucket Maybe there’s a resiliency map just for energy and one just for power But I think at the outset we’re just trying to get everyone together and get all these smart engineering minds together to figure out Where does a packet go and what might need to work and what happens when those things don’t work? So that’s what our group is doing and I look forward to talking about it more and others that want to be involved in answering Any other questions? But again, I thought it was a really interesting exercise and one worth spending some time on So I’m really happy to be a part of the exercise

Moderator: Thank You Fiona those were a lot of words per second and it’s Always I Will be like you when I grow up and we’ll have that speed of thought Translated into language, that’s amazing. I’m not sure if you have John Crain John is at a very odd hour. So I’m sure he will be much slower than you at this time John is online if you can I am put him on He’s going to talk about I guess one part of that map, which is the unique identifiers. Good morning, John Have you had coffee?

John Crain: Good morning, can you hear me?

Moderator: We cannot hear you, try again. Okay, I am unmuted.

John Crain: Can you hear me when you put your headphone on? Yes, we can hear you. Yes, good. Where are your headphones? So, good afternoon everybody. It’s early morning here in Southern California. So, indeed, I work for an organization called the Internet Corporation for Assigned Names and Numbers. Many of you may have heard of us, often just referred to as ICANN by its acronym, and as tech folks we love our acronyms. So, resilience is interesting, even if you look at the identifier systems and the role of ICANN. ICANN has existed for approximately 25 years, a little bit longer, and our bylaws talk a lot about security and stability. Those are the other two sides, in my mind, of resilience, you know, with resilience being the ability to bounce back once one of those two things don’t happen. Now, identifiers is not just the domain name system, right? So, most people think ICANN, they think DNS, but ICANN is also responsible for the Internet Assigned Numbers Authority, and they register literally thousands of different types of identifiers that are used on the Internet. And for the Internet to work, and for that packet that Fiona was talking about, to get from one place to another, all of those need to have certain attributes. Often that is a uniqueness to the identifier, or it is some other special relevance to the protocols and how all the protocols work. Now the interesting thing is of course that may not be obvious, most end users, the people who use the internet, are blissfully unaware of how the internet works and most of these things. So while we talk about resilience of the network or the internet, it’s important to remember that the users aren’t aware of a lot of what is happening and also that it’s not a internet. You know you’ll often hear people tell you that the internet is actually a network of networks. So that means that even in the identifier space there are many many people that have a role to play. It’s not just ICANN. ICANN’s role is really about administering the top registration databases, the initial information of many of those identifiers. Now if we look at the DNS, the domain name system, and you look at the history and you go back to the early days of ICANN or pre-ICANN, that was a system and you know the root of the DNS is a very critical system for the internet to work. It’s where the domain names start, where the resolution from that web browser to getting you somewhere starts. Back in the late 90s and you know into the early 2000s, you were talking about 13 systems around the globe. Now what the industry was able to do was to notice that that was an issue. We said to ourselves this is an issue that could affect the resiliency and the stability of the ecosystem. New ways of doing routing were developed, something called Anycast, and now you have 2,000 roughly locations around the globe where this infrastructure is. So you can build resilience, but it actually takes you thinking about it, and it takes time. And it takes, what Ram talked about, it takes investment in resilience. You know, building something like this out is not something you just do overnight. Now, ICANN is also interesting because, you know, very early on we realised that this is a global asset or a global ecosystem, and it required global policymaking. So when it comes down to the domain name system, any of you who are familiar with ICANN know that there is actually a global, what we call, multi-stakeholder system for the governance and the policy setting around that. So, you know, in some ways, you know, and I’ve been with ICANN for quite a few years, in some ways we spent a lot of effort and time over the years to develop ways that we can include the user and the ISP and the governments and everybody else in the discussions. But we also worked on the technical side with our technical partners like the IETF, the route server operators and many others to increase resilience. But you don’t just increase resilience and stop. The internet is a growing thing. You have to keep looking at how you’re going to continue to increase and keep that resilience. And you have to be aware of all the things that you rely on for that resilience. And that’s why the Marconi Society’s work is really interesting to me personally. I do sit and think about what if we have a major power outage, what if we have a major code flaw, you know, how will that affect the identifier systems and further how will that affect the internet. So it’s really good that our friends at Marconi and, you know, I thank them for inviting me to take part in this, are looking at the broader scope of what does it take to provide resilient communication, because remember the internet is a communication device, across the globe. So identifiers are a big part of that and it’s what makes myself in my role as the CTO at ICANN lose sleep at night, sitting thinking about how we keep this stuff resilient, but it’s more than just what we do, it’s so much broader, you know, power, water, protocols and just think about everything it takes to not only move a packet like Fiona was saying from one place to another, but actually to do the right thing with that piece of data when it gets to the other end. So I’m looking forward to hearing what the rest speak and I’m going to hang around to answer questions if there are any. Thank you everybody.

Moderator: This is very nice. Thank you John. And this is all about collective risk management in a collaborative way and it’s really good to converge here to discuss these matters. Manal, I’m not sure if you are online, welcome, she’s in Egypt and this is another part of the map, which is the governmental aspect of things and would love if you could talk about the regulatory challenges and the role of governments. Manal? Yes, I am Pablo, can you hear me? Yes. When you put your headset? Okay.

Manal Ismail: I’m ready. Okay, great. Thank you very much, Pablo, and thanks to everyone for the inspiring interventions so far. So, as was already mentioned by everyone, the internet has become more than just a communication tool. It’s part of nation’s critical infrastructure, backbone for digital economies and the fundamental need for society’s development. So, dependency on the internet and its infrastructure is rising exponentially and it’s increasing even more with IoT, AI and other emerging technologies. This growing reliance exposes the need to work on securing the internet against the escalating risks that endanger not only critical services running on the internet, but also the mere functioning of the internet itself. Such risks include unintentional errors like infrastructure failure, power outages, misconfigurations, but also sometimes intentional disruptions such as internet shutdowns, geopolitical tensions resulting in cyber attacks and disruptions caused by wars and weaponization of the internet and the cyberspace. All this, of course, in addition to the very well known natural and climate disasters, as well as crises that may trigger unforeseen traffic spikes like what we have all experienced with the COVID. In this context, the role of governments is both vital and evolving as today’s digital interconnected world poses unprecedented challenges on how nations operate. This role ranges from simple awareness and incentivized encouragement to mandated requirements and enforced regulations. Accordingly, governments, as stewards of national digital infrastructure, should promote conscious investment in resilient networks with built-in redundancy and also benefiting from technology’s diversity, like satellite versus land or undersea cables. Properly secure and redundantly store digital registries, device robust acts, laws, regulations or frameworks that balances national interests with global interoperability. Be aware of and minimize dependencies that were already mentioned. And carefully manage third-party elements in the network, but also encourage keeping local traffic local through IXPs. As we’ve already heard, also cooperation and collaboration with other sectors is extremely important to align efforts towards having a national digital resilience strategy that is constantly being updated. And also not to overlook the human factor, not only in terms of capacity development, but also in terms of changing the culture that Ram already hinted at of taking for granted the Internet’s underlying infrastructure and its ongoing responsiveness. Of course, governments cannot do all this without embracing the expertise and contributions of other stakeholders, depending on the issue and stage we’re at. The Internet is already a global shared resource, and its governance must reflect that reality through what we refer to as multi-stakeholder approaches, where governments, private sector, civil society, technical community, academia, and international organizations all work together in order to reach well-informed, sustainable decisions, devise more effective people-centered regulations, and achieve feasible and realistic solutions that are mindful of the global public interest. On the other hand, stakeholders should also understand and respect government’s concerns in order to be able to reach a constructive way forward. And since processes followed are equally as important as results achieved, in that respect, I would like also to refer to the Sao Paulo multi-stakeholder guidelines that serve as a valuable reference for strengthening internet governance and digital policy processes. They provide comprehensive and operational framework for establishing, implementing, and assessing inclusive, transparent, and accountable multi-stakeholder processes. In conclusion, it’s important to note that the internet was not developed with security in mind, but now the transition to an increasingly digital society and economy prioritizes internet resilience as a pressing technical and policy challenge that is both national and global in nature. Hence, strengthening internet resilience is the responsibility of everyone, caretakers and beneficiaries, and it should be ongoing and proactive in order for the internet to continue to function as we expect. And I leave it at this and hand it back to you, Pablo. Thank you.

Moderator: Thank you, Manal. Wonderful. And it seems that we’re really working on the basis of resiliency in spite of major construction happening at the back. So if you see, Manal, our faces, like a lot is going on in the backdrop of this. I don’t know exactly what. Are they preparing for the music night? I don’t know. OK, that’s that. So imagine a major concert of the Rolling Stones being prepared at the back. And so are the musicians. Let’s be resilient and let’s move on. We are soon to head towards an opening of the conversation. We have Vint stating a provocative question. Then Ram providing some background. Then Olaf providing some what if scenarios. Anriette more on the collaborative and the linkage between the Internet governance arena and the Internet resilience conversation. We have Fiona on the mapping, John on the unique identifiers. We have Manal on a global perspective on government regulatory, but also cooperation, cooperation, cooperation, cooperation. I think that’s what we try to do. Let’s not say how, just cooperation. Let’s get into the real deal with you, Mark. If you could tell us a bit how this works in the real world.

Mark Nottingham: Sure. Hello. I’m going to take my headphones off. So I was asked to talk a little bit about how my company conceptualizes and deals with internet resilience. I work for a company called CloudFlare. And CloudFlare is a company that provides internet infrastructure in a particular way. You know, the internet itself is inherently unreliable. There’s nothing that guarantees that a packet will get to its destination. We build abstractions on top of that so that we can pretend that it is reliable and resilient. We have TCP so that we have connections and we pretend that that is reliable, except sometimes it’s not. Sometimes that abstraction breaks down. And so we do other things. Web browsers will actually retry requests if they fail so that they paper over that unreliability so that the user of the browser has a nice experience. Websites and other services use companies like mine to further provide resilience. So what we are is a global network of servers everywhere providing services to users, whether it’s in the global south, whether it’s in the minority world. They bring content and services closer to the users to improve the resilience and the availability, to improve the security of those services, and also to make them faster, to make them so that they seem like they’re just next door, even though you’re actually talking to someone around the world. And what that does is make the internet more seamless for everyone. That means that resilience is really an existential threat for our business. We have to be available all the time or our customers are very unhappy. And so we use several techniques to make sure that our systems are as available as possible. The core systems, the data plane, are decentralized so that every node, every one of those servers can operate on its own. It doesn’t need connectivity to the rest of our systems. so that if there’s a partial failure somewhere, they can continue serving data. There are some parts of our systems that need to be centralized, and so we use other techniques to make sure that they are fully available. And so usually that’s redundancies and failovers and things like that. So despite all of those efforts, despite all that engineering and hiring some of the best engineers in the world to do this, we still have problems. As has been said a few times, you can never make something perfectly available. We had an incident last year, just as one example. We called Code Orange. It was an alarm bells kind of situation at the company where one of the generators that Olaf was talking about earlier – thank you for that illustration, by the way, Olaf – was used by one of our power suppliers at a key data center, and it failed in a particular way, and then some other systems failed, and that caused a cascade of failures where that data center went offline completely, which shouldn’t happen. Data center operators – we were renting that space from a data center operator – took extraordinary lengths to keep them highly available. So that was one thing that shouldn’t have happened, or a series of events. Because it was that particular data center, those centralized systems that I talked about, the ones that needed to be in one place, also failed. And we had designed them to fail over to another data center when that happened. It turns out that didn’t happen as well as we anticipated. And so it made those control systems unavailable for about a day and a half. Six hours was the length of the real outage there, but it kind of trailed on for about a day and a half where there was partial availability. That’s a horrific situation for a company like ours, and we resolved not to let that happen again. And so we went through this effort to re-engineer our systems, those key systems that were centralized, so that they were more resilient. And that took a couple of months, basically. We had another big incident at the same time that caused some distraction, which I won’t go into. But there were a lot of lessons that we learned from that. Even though we had a lot of very talented eyeballs on these problems, making sure that these systems were redundant, you still have to continuously improve your resiliency and follow the best practices, define what those best practices are, interrogate how you’re using these systems, provision for failure situations, and test the failure. Make sure that you intentionally fail your systems to understand how they behave, and consider what happens when there are these cascading failures. And finally, be transparent about your failures. We are very proud that every time we have one of these incidents, our CEO or our CTO writes a blog entry that explains what happened and why, so that we’re transparent to our customers. We had, indeed, another incident just about a week ago where we did that. But, unfortunately, this is not just an issue that happens within one company. That would be a much simpler problem to deal with. It’s a systemic issue. It’s a whole of Internet issue for resilience. And one example there is around routing security. The routing system is critical to Internet resilience. We need to be able to route packets around the world. And it’s one of those places where everyone has to agree on what the reality of routing is. And so, Cloudflare has spent a tremendous amount of resource. And we’re very committed to RPKI, the routing security issues. We’re collecting routing data about this in our radar platform, which is our kind of Internet observatory for statistics about the Internet that we are able to observe from that worldwide network of servers we have. And that helps us to identify and mitigate these systemic issues. But I think it’s that cooperation that we’ve been talking about across different kinds of businesses and different parts of the ecosystem that’s so key to make sure that, as a whole, we’re able to have those abstractions so that people don’t have to worry about this in most cases.

Moderator: Mark, thank you. We are moving from theory to practice. And I think this is a very good moment to start opening the conversation. I would love to open the floor if you have any questions, and if not, by all means, que gusto, adelante.

Paticipant: If I may, just to tie what Mark was saying to what Ram was saying, basically, the previous failure is always prevented. Gracias, Pablo, and thank you everybody for being here. I just want to ask a question to the panel about a topic that I think the first speaker mentioned about the economics and finance. I’m going to make a brief introduction to put it in context. Before the Internet, you know, the international communication was through the telephone network, and international communication was long-distance telephone calls. And the model, the business model there is that the call, it was originated by the company in one country. It was finalized by some other company, and they shared the revenue of that call. That was a very sound business model in which everybody that cooperated, maybe there was some other intermediary in that call, but everybody got a fair share of the revenue there. By historical reasons that, you know, when Internet first moved out of the continental United States, there was set a rule that those who want to connect have to pay the whole share of the communication. In the last years of the past century, oh my God, it’s passed so many times, this was a big deal. It was called the international Internet communication cost. It was even raised in the ITU, you know, in study group three, the recommendation from those days, the D50 recommendation. And that’s a very big issue, even for some European countries and companies, even for Australia. They were very vocal about that. As the time passed, the companies from these developed countries solved the problem by putting their connection into what is called the core or the backbone in the Internet. And eventually, this communication problem cost has been alleviated in some other places through IXPs and companies like the one that was just put, but alleviated because still the problem is that these revenues are not external to the country. I forgot to say that during the telephone long distance model, those income, especially for developing countries, was the one who financed, that you mentioned, the financing infrastructure development there was billion every year. When the internet came, all those yearly billions that was going from outside to developing countries disappeared. Now that’s not only happening, this uneven distribution of revenue, it’s not only happening through all of the communication infrastructure, also about the information. We see the information, data, even knowledge that is created in many countries, even if it’s flowing two directions, the money is flowing in one direction, and that is no surprise that a few companies, only a few companies has amassed so massive amount of money from resources that comes from everywhere. So my question to the panel is the following. Don’t you think that that uneven flow of revenues could be a cost in the long run of unsustainability of the internet? Thank you.

Moderator: Those were the days, the international charging arrangements for internet services from 1988, and all those debates, it reflects some part of the economics of the infrastructure, and I wonder how… This is linked to internet resilience, so that’s a provocative question for sure. I’m not sure if any of the panellists would like to take it, Fiona, I knew it.

Fiona Alexander: For sure, I’m happy to talk about the telephone accounting rate regime and two decades of arguments that we had, Juan, about accounting rates and how that system and model could not be applicable to the internet, because if you tried to apply the traditional telephone circuit switch model of accounting and revenue to the internet, it would actually require breaking the internet infrastructure that we’re trying to preserve. I would also dispute that all those accounting rate revenue and that passing of money that went to other countries was not always used to build the infrastructure in those countries. So we could talk about that a lot, too, offline. But I will say that in terms of whether or not the sort of IKEA’s debate or the fair share debate, because it’s back again, I can’t believe, is relevant in the context of this, I’m not quite so sure. But I will say that one of the ways of dealing with sort of internet resiliency, and maybe Olaf and others want to talk about the development of IXPs, and Mark wants to talk about peering and other things like that, but the model of traffic exchange in the internet ecosystem is through peering and transit, and that’s the way commercial parties privately resolve these revenue constructs that you’re talking about. There has been a lot of work, I think John Crane talked about the root server instances, and I know there’s been lots and lots of works by ISOC and others to get IXPs deployed, and that has really shifted and changed the traffic patterns. So we no longer see the unequal traffic patterns, the ones we’re talking about from the 1990s, where if you were somewhere in a different part of the world and you wanted something on the internet, it always had to come back to the United States or Western Europe. That’s no longer the case anymore because of all the work people have done on internet resiliency, but in terms of the policy and regulatory stuff, we could talk about this for hours as you know, but maybe the more technical people want to talk about how this relates to the internet resiliency construct. For hours or for decades indeed.

Paticipant: Thank you for a good workshop that we understood a lot about the resilience of the internet infrastructure. My name is Qusayr Shati, I’m from Kuwait and we are located in the Middle East and as you know the circumstances in our region. It’s a question, can we consider the safety and the security of the internet infrastructure part of the resilience or part of the concept of the resilience of the internet itself? When I talk about the safety or the security of the infrastructure, whether it’s a ship anchor that cuts off submarine cable, or whether an area of hostilities where sometimes the communication or the internet infrastructure gets limited into operation or gets halted or gets targeted. So would we consider the safety and the security of the internet infrastructure part of the resilience approach or this is a different angle? It’s just a question to the panellists.

Moderator: Thank you, Anriette. Then Ram.

Anriette Esterhuysen: Qusayr, I have a view on this, it’s not necessarily a broadly accepted view. I was a member of the Global Commission on the Stability of Cyberspace and so was Olaf. So we debated this together and I think we spent a long time talking about is it the logical resources or is it actually the physical transmission infrastructure. We decided it has to include the physical transmission infrastructure and I haven’t even touched on that but I think it really, having, and I think there’s a, I actually also want to react a bit. I think that we have. Resilience is treated differently by different parts of the internet. I think the technical community understands resilience and I think has good practices and procedures for ensuring resilience or striving towards greater resilience. I do not necessarily think that telcos have the same approaches to the internet technical community. I do not think that governments have the same approaches. There are also not even common definitions of what is critical internet infrastructure, what is critical information infrastructure. I think we also see the destruction of infrastructure and conflict. We have the case of Gaza where infrastructure has been completely destroyed. In fact, and where Gaza users, even when they had internet, were restricted to 2G. Now, so there’s so many different factors, but I certainly think that the physical transmission infrastructure does have to be considered because without that, and I think as Mark and others have said as well, even electricity, which is an external factor, but it disables both the physical and the logical resources. So I personally do think that physical transmission infrastructure is part of it, but that’s not a universal view. In fact, we asked the ICANN board a few years ago to look at the public resources, physical infrastructure as being part of that. In fact, even to look at the DNS as being a part of the public core, and even that I think we struggle to achieve.

Moderator: We need to hurry because we have still some content to cover. I would let Mallory to have a question, Ram, a quick response, and then John to wrap the conversation if that’s okay. Mallory. Thanks.

Paticipant: And thanks for hosting this conversation. And Ram, I really liked your first slide. I don’t know if you can go back to it, but I don’t know if folks are like me, but when we were having these conversations in the framing of fragmentation, and now it kind of came up here. Oh, I love the bread picture as well. Thank you, Olaf. We obviously see there’s an interconnection between electricity and food systems and shipping lines. And I feel a bit odd when we have those conversations because it’s really clear that we don’t think the internet is maybe more important than eating or drinking water. But we don’t quite make the connection, in my view, that every single one of these vulnerabilities is actually a crisis of capitalism. And we aren’t thinking holistically in terms of the political economy of the internet. And I can say, if we think that we can solve those problems without solving power or without, you obviously have gotten that, right? Like, we can’t solve these problems without solving electricity and power and other things. We can’t solve these problems without thinking about what happens when some states invade others or there are internet shutdowns. You know, we have to think of it holistically. I wonder if we imagine the project we’re trying to take on together to keep the internet resilient is a project that will transform our global capitalist system or is a project that very much depends on some other sector sorting those things out.

Moderator: Thank you, Mallory. Ram?

Ram Mohan: Thank you, Mallory. That’s a great provocative question. I think it will transcend rather than transform. And I don’t want to talk necessarily about, I mean, I think there’s quite a bit to discuss about the system and whether the system itself is primarily at fault. I will point out that in these resilience problems happen in non-capitalist systems as well. So, that’s just one thing. One very brief response to the gentleman from Kuwait who had the question. He had talked about he’s on the at the table there. You’ve spoken about security and safety. I want to say you should be thinking about security and stability, not safety, because safety is often what the user perceives. Stability is something that you can actually affect as a regulator or as a government.

Moderator: Thank you, Ram. I would love for John Janowiak, the President and CEO of the Marconi Society, to help us wrap this up. Sure.

John Janowiak: Thank you, Pablo. And thank you to the panel and all of you for attending today. This is a near and dear subject to the Marconi Society. I was approached not too long ago by Vint to take this on as one of our core issues for the society. And since we did, you know, we’ve just gotten a great amount of support from the industry. And so this is one of the first readouts that we’re providing publicly. So thank you for attending today’s session. You know, raising the awareness of this critical issue that’s, you know, often unappreciated or is the topic of internet resilience. And, you know, it’s going to take all of us to ensure that this matter gets the attention that’s required. So, again, we look forward to having you all involved. The responsibilities are cross sectors, cross geographies, and cross disciplines, as you heard today. One of the things that we were fortunate to do is we were able to bring together some of the top experts in the internet. And I think, like, we have a photo up here of our activity together in Washington, D.C. last November, where we really sat down and looked at, you know, what are some of the critical issues in resiliency of the network, you know, reliability, stability, and resiliency. And the report that we ultimately came up with is right here, this yellow report that’s on the internet, on our website. Please go ahead and download that report and take a look at it. We welcome your organizations to get involved in this. The more people we get involved in looking at these issues and helping solve these issues, the more resilient the Internet will become. So we’re really looking forward to working with all of you on this issue. So on behalf of this group here, which is all, most of the members on the panel here are part of the Internet Resilience Advisory Council, as well as the Marconi Board of Directors, you know, we look forward to working with all of you on making the Internet more reliable, stable, and resilient. So thank you for attending today.

Moderator: Pablo? With that, I wish we have a really good concert and thank you very much for attending the workshop.

Agreement points

Internet has become critical infrastructure requiring proactive resilience planning

Speakers

– Ram Mohan
– Vinton Cerf
– Manal Ismail
– John Crain

Arguments

Internet has become invisible infrastructure supporting all aspects of life, creating critical dependencies

Internet dependence is increasing with AI applications, making resilience critical as consequences of failures become more severe

Government role ranges from awareness and incentives to mandated requirements and enforced regulations

Continuous improvement needed as internet grows, requiring ongoing assessment of dependencies and vulnerabilities

Summary

All speakers agree that the internet has evolved from a convenience to critical infrastructure that supports essential services, requiring systematic and proactive approaches to resilience planning rather than reactive responses.

Topics

Infrastructure | Development | Legal and regulatory

Complex interdependencies create cascading failure risks

Speakers

– Ram Mohan
– Olaf Kolkman
– Mark Nottingham
– Fiona Alexander

Arguments

Cross-sector assumptions create vulnerabilities where each sector assumes others will remain available

Modern systems become more fragile as they get more complex, with hidden interdependencies and single points of failure

Even with best engineering practices, failures still occur requiring continuous improvement and transparency

Need to map actors, institutions, and dependencies across the entire internet ecosystem infrastructure supply chain

Summary

Speakers consistently identified that increasing system complexity creates hidden interdependencies and single points of failure that can cascade across sectors, requiring comprehensive mapping and understanding of these relationships.

Topics

Infrastructure | Cybersecurity

Cross-sector collaboration is essential for effective resilience

Speakers

– Ram Mohan
– Anriette Esterhuysen
– Manal Ismail
– John Janowiak
– Mark Nottingham

Arguments

Four key challenges: increasing system complexity, regulatory pressures, insufficient funding for prevention, and supply chain vulnerabilities

Need for enhanced communication with end users who currently receive no information about disruptions

Need for multi-stakeholder approaches balancing national interests with global interoperability

Cross-sector, cross-geography, and cross-disciplinary collaboration essential for addressing resilience challenges

Systemic issues require cooperation across different businesses and ecosystem parts, not just individual company solutions

Summary

All speakers emphasized that internet resilience cannot be achieved by any single sector or organization alone, requiring enhanced collaboration and communication across technical, governmental, business, and civil society stakeholders.

Topics

Infrastructure | Legal and regulatory | Development

Physical infrastructure dependencies are critical vulnerabilities

Speakers

– Olaf Kolkman
– Anriette Esterhuysen
– Manal Ismail

Arguments

Physical infrastructure like power and water are critical dependencies often overlooked in resilience planning

Physical transmission infrastructure should be considered part of resilience, including protection from conflicts and accidents

Governments should promote investment in redundant networks, secure digital registries, and national digital resilience strategies

Summary

Speakers agreed that physical infrastructure dependencies like power, water, and transmission infrastructure are often overlooked but represent critical vulnerabilities that must be addressed in resilience planning.

Topics

Infrastructure | Cybersecurity | Legal and regulatory

Similar viewpoints

Both speakers emphasized how increasing system complexity creates fragility and hidden failure points, with Ram focusing on the broader challenges including regulatory and funding issues, while Olaf provided concrete technical examples of how complexity leads to cascading failures.

Speakers

– Ram Mohan
– Olaf Kolkman

Arguments

Four key challenges: increasing system complexity, regulatory pressures, insufficient funding for prevention, and supply chain vulnerabilities

Modern systems become more fragile as they get more complex, with hidden interdependencies and single points of failure

Topics

Infrastructure | Cybersecurity

Both speakers highlighted inequality in resilience capabilities and the need for inclusive approaches, with Anriette focusing on the Global South perspective and end-user experiences, while Manal emphasized the governmental role in ensuring equitable resilience through multi-stakeholder governance.

Speakers

– Anriette Esterhuysen
– Manal Ismail

Arguments

Two-tier system exists where some have backup solutions while others face internet resilience as “act of God”

Need for multi-stakeholder approaches balancing national interests with global interoperability

Topics

Development | Legal and regulatory | Infrastructure

Both speakers approached resilience from a technical architecture perspective, with Vint focusing on supply chain integrity and provenance, while Mark explained how multiple layers of abstraction are built to create reliability from inherently unreliable systems.

Speakers

– Vinton Cerf
– Mark Nottingham

Arguments

Provenance and integrity of software components, especially open source libraries, are critical for supply chain security

Internet inherently unreliable, requiring multiple layers of abstractions and redundancy to appear reliable

Topics

Infrastructure | Cybersecurity

Unexpected consensus

Revenue distribution and economic sustainability concerns

Speakers

– Paticipant
– Fiona Alexander

Arguments

Uneven revenue distribution from historical internet development may threaten long-term sustainability

Traditional telephone accounting rate model cannot be applied to internet without breaking infrastructure

Explanation

Despite representing different perspectives on internet economics, both speakers acknowledged the complexity of revenue distribution issues while agreeing that historical telephone models cannot be applied to internet infrastructure. This represents unexpected consensus on the technical limitations of applying legacy economic models to internet governance.

Topics

Economic | Infrastructure | Legal and regulatory

Holistic approach to resilience beyond technical solutions

Speakers

– Paticipant
– Anriette Esterhuysen
– Olaf Kolkman

Arguments

Internet resilience problems interconnected with broader infrastructure vulnerabilities requiring holistic thinking

Two-tier system exists where some have backup solutions while others face internet resilience as “act of God”

Physical infrastructure like power and water are critical dependencies often overlooked in resilience planning

Explanation

Unexpected consensus emerged around the need for holistic thinking that goes beyond technical solutions to address broader systemic issues including economic inequality, infrastructure dependencies, and social factors. This represents a shift from purely technical approaches to more comprehensive socio-technical perspectives.

Topics

Infrastructure | Development | Economic

Overall assessment

Summary

Strong consensus exists on fundamental challenges (complexity, interdependencies, need for collaboration) and the critical nature of internet resilience, with broad agreement on the inadequacy of current approaches and the need for proactive, cross-sector solutions.

Consensus level

High level of consensus on problem identification and general solution directions, with speakers reinforcing each other’s points about system complexity, collaboration needs, and the critical nature of internet infrastructure. The consensus suggests a mature understanding of the challenges and readiness for coordinated action across sectors and stakeholders.

Different viewpoints

Scope of internet resilience – physical vs logical infrastructure

Speakers

– Anriette Esterhuysen
– John Crain

Arguments

Physical transmission infrastructure should be considered part of resilience, including protection from conflicts and accidents

ICANN manages critical identifier systems requiring uniqueness and global coordination for internet functionality

Summary

Anriette argues for including physical transmission infrastructure as part of internet resilience, noting this is not a universally accepted view and referencing struggles to get even DNS recognized as part of the public core. John focuses primarily on logical identifier systems and their management, representing a more traditional technical community view that separates logical from physical infrastructure.

Topics

Infrastructure | Cybersecurity | Legal and regulatory

Economic model sustainability and revenue distribution

Speakers

– Paticipant
– Fiona Alexander

Arguments

Uneven revenue distribution from historical internet development may threaten long-term sustainability

Traditional telephone accounting rate model cannot be applied to internet without breaking infrastructure

Summary

The participant argues that the shift from telephone accounting rates eliminated crucial revenue flows to developing countries and that current uneven distribution threatens sustainability. Fiona strongly disputes this, arguing that the telephone model cannot be applied to internet infrastructure and that modern peering/transit arrangements have addressed historical inequalities.

Topics

Economic | Development | Infrastructure

Root cause analysis – systemic vs technical solutions

Speakers

– Paticipant
– Ram Mohan

Arguments

Internet resilience problems interconnected with broader infrastructure vulnerabilities requiring holistic thinking

Resilience issues transcend economic systems, occurring in various political and economic contexts

Summary

The participant frames resilience problems as fundamentally rooted in capitalist systems requiring transformation of global political economy. Ram argues that resilience problems transcend economic systems and occur across different political contexts, suggesting the focus should be on transcending rather than transforming existing systems.

Topics

Economic | Infrastructure | Development

Unexpected differences

Terminology precision in regulatory contexts

Speakers

– Ram Mohan
– Paticipant

Arguments

Security and stability more relevant concepts than safety for regulators and governments

Internet resilience problems interconnected with broader infrastructure vulnerabilities requiring holistic thinking

Explanation

This disagreement emerged unexpectedly during a question about physical security. Ram made a specific terminological correction distinguishing ‘security and stability’ from ‘safety’ for regulatory purposes, while the questioner was thinking more broadly about physical protection. This reveals different conceptual frameworks – technical precision vs. holistic security thinking.

Topics

Legal and regulatory | Cybersecurity

Overall assessment

Summary

The discussion showed relatively low levels of fundamental disagreement, with most conflicts arising around scope, approach, and emphasis rather than core principles. Main disagreements centered on: (1) whether physical infrastructure should be included in internet resilience definitions, (2) economic models and revenue distribution impacts, and (3) whether problems require systemic transformation or technical solutions.

Disagreement level

Low to moderate disagreement level. Speakers generally agreed on the importance of internet resilience and need for collaboration, but differed on scope, definitions, and approaches. The disagreements reflect different professional perspectives (technical, policy, academic, regional) rather than fundamental conflicts. This suggests good potential for finding common ground, though definitional and scope issues need resolution for effective collaboration.

Partial agreements

Similar viewpoints

Both speakers emphasized how increasing system complexity creates fragility and hidden failure points, with Ram focusing on the broader challenges including regulatory and funding issues, while Olaf provided concrete technical examples of how complexity leads to cascading failures.

Speakers

– Ram Mohan
– Olaf Kolkman

Arguments

Four key challenges: increasing system complexity, regulatory pressures, insufficient funding for prevention, and supply chain vulnerabilities

Modern systems become more fragile as they get more complex, with hidden interdependencies and single points of failure

Topics

Infrastructure | Cybersecurity

Both speakers highlighted inequality in resilience capabilities and the need for inclusive approaches, with Anriette focusing on the Global South perspective and end-user experiences, while Manal emphasized the governmental role in ensuring equitable resilience through multi-stakeholder governance.

Speakers

– Anriette Esterhuysen
– Manal Ismail

Arguments

Two-tier system exists where some have backup solutions while others face internet resilience as “act of God”

Need for multi-stakeholder approaches balancing national interests with global interoperability

Topics

Development | Legal and regulatory | Infrastructure

Both speakers approached resilience from a technical architecture perspective, with Vint focusing on supply chain integrity and provenance, while Mark explained how multiple layers of abstraction are built to create reliability from inherently unreliable systems.

Speakers

– Vinton Cerf
– Mark Nottingham

Arguments

Provenance and integrity of software components, especially open source libraries, are critical for supply chain security

Internet inherently unreliable, requiring multiple layers of abstractions and redundancy to appear reliable

Topics

Infrastructure | Cybersecurity

Key takeaways

Internet resilience requires a fundamental mindset shift from reactive problem-solving to proactive prevention and cross-sector collaboration

The internet supply chain involves complex interdependencies extending far beyond traditional telecom providers to include power, water, physical infrastructure, and all sectors of the economy

A two-tier resilience system exists globally where some organizations and regions have backup solutions while others treat internet availability as unpredictable

Prevention-focused resilience measures struggle to attract funding compared to post-incident responses, creating a systematic investment gap

Physical transmission infrastructure must be considered part of internet resilience, including protection from conflicts, accidents, and natural disasters

Multi-stakeholder governance approaches are essential for balancing national interests with global internet interoperability

Continuous improvement and transparency about failures are necessary as internet complexity and dependencies continue to grow

Enhanced communication with end users is critically needed, as most people remain unaware of internet infrastructure vulnerabilities and current disruption status

Resolutions and action items

Marconi Society working group to produce first draft of internet resilience supply chain map by November meeting, following IP packet paths to identify all infrastructure dependencies

Participants encouraged to download and review the Internet Resilience Report from Marconi Society website

Organizations invited to join the Internet Resilience Advisory Council and contribute to ongoing resilience mapping efforts

Working group conducting mapping exercise through collaborative Google Docs to test online cooperation capabilities

Future iterations of resilience maps planned for specific sectors (energy, power) if initial mapping proves successful

Unresolved issues

No common definitions exist for critical internet infrastructure or critical information infrastructure across different sectors

Funding mechanisms for preventive resilience measures remain inadequate and systematically underdeveloped

Communication gaps persist between technical operators, government regulators, and end users during disruptions

Cross-sector coordination challenges where each sector assumes other critical infrastructure will remain available

Debate continues over whether physical transmission infrastructure should be universally considered part of internet resilience

Economic sustainability concerns regarding uneven revenue distribution in global internet infrastructure development

Regulatory friction between government demands for immediate fixes and technical community’s iterative problem-solving approaches

Suggested compromises

Multi-stakeholder approaches that balance national security interests with global internet interoperability requirements

Scoped mapping exercise starting with high-level packet flow analysis before diving into sector-specific details

Enhanced communication strategies that improve information flow to end users without overwhelming them with technical details

Risk-based approaches to resilience planning that prioritize coupled risks and cascading failure scenarios

Collaborative frameworks that respect both government accountability needs and technical community problem-solving methods

The implication of dependence is that when it doesn’t work there are all kinds of consequences… I’m going to suggest to you that the word provenance will turn out to have a very heightened importance in this conversation. Where did things come from? How do we know that they have integrity?

Speaker

Vinton Cerf

Reason

This comment was foundational because it reframed internet resilience from a purely technical issue to one of trust and accountability in supply chains. Cerf’s introduction of ‘provenance’ as a key concept shifted the discussion from reactive problem-solving to proactive verification and documentation of digital supply chains.

Impact

This set the entire tone for the workshop, establishing the framework that subsequent speakers built upon. It moved the conversation beyond traditional infrastructure concerns to encompass software integrity, digital signatures, and supply chain transparency – themes that resonated throughout the entire discussion.

So you have this expectation and an assumption that other parts of critical infrastructure are going to be available, except those parts aren’t actually talking with each other, right? So, you have folks in the power sector… they have very good plans… but a common assumption for them is that the internet will be available so that they can communicate.

Speaker

Ram Mohan

Reason

This observation revealed a critical blind spot in infrastructure planning – the circular dependency problem where each critical infrastructure sector assumes others will remain operational. It highlighted the dangerous illusion of independence in interconnected systems.

Impact

This comment fundamentally shifted the discussion from viewing internet resilience as an isolated technical challenge to understanding it as part of a complex web of interdependent critical infrastructures. It influenced subsequent speakers to consider cross-sector collaboration and helped frame the mapping exercise that Fiona later described.

So even though theoretically the bank services are still up, you’re not as an end user able to access it… it’s like there’s a two-tier system of how… what you have in many countries in the global South is a two-tier system. Some people who just deal with internet resilience, it’s like an act of God. Sometimes you have, sometimes you don’t.

Speaker

Anriette Esterhuysen

Reason

This comment was particularly insightful because it exposed the inequality inherent in current resilience approaches. It challenged the assumption that technical solutions alone can address resilience, highlighting how socioeconomic factors create vastly different experiences of internet reliability.

Impact

This intervention brought a crucial equity lens to the discussion, forcing participants to consider that resilience isn’t just about technical redundancy but about who has access to backup systems and information. It influenced the conversation to consider end-user communication and the social dimensions of resilience, moving beyond purely technical solutions.

I know of a case where the diesel was tested every month for two hours… after five, six years, they really had an emergency. They turned the thing on, it worked for five hours, and it was out of diesel. They forgot to refuel the tanks.

Speaker

Olaf Kolkman

Reason

This seemingly simple anecdote was profound because it illustrated how human factors and operational oversights can undermine even well-designed technical systems. It demonstrated that resilience failures often occur not from sophisticated attacks but from mundane operational gaps.

Impact

This story became a touchstone for the discussion, with other speakers referencing similar themes about the importance of operational practices versus technical solutions. It helped ground the abstract concepts in concrete, relatable examples and emphasized the human element in resilience planning.

Don’t you think that that uneven flow of revenues could be a cost in the long run of unsustainability of the internet?

Speaker

Participant (Juan)

Reason

This question was thought-provoking because it connected internet resilience to fundamental economic sustainability questions, challenging participants to consider whether current business models might themselves be a threat to long-term internet stability.

Impact

While this comment didn’t dramatically shift the technical focus of the discussion, it introduced important questions about the economic foundations of internet infrastructure. It prompted responses about peering arrangements and IXPs, and connected resilience to broader questions of global digital equity and sustainable financing models.

I wonder if we imagine the project we’re trying to take on together to keep the internet resilient is a project that will transform our global capitalist system or is a project that very much depends on some other sector sorting those things out.

Speaker

Mallory

Reason

This was perhaps the most provocative comment because it challenged the fundamental assumptions underlying the entire discussion. It questioned whether internet resilience could be achieved within existing political and economic structures, or whether it required more fundamental systemic change.

Impact

This comment forced participants to confront the limits of technical solutions and consider whether their resilience efforts were addressing symptoms rather than root causes. While it came near the end, it reframed the entire discussion by questioning whether incremental improvements could address systemic vulnerabilities rooted in broader political-economic structures.

Overall assessment

These key comments collectively transformed what could have been a narrow technical discussion into a rich, multidimensional exploration of internet resilience. Cerf’s opening established the conceptual framework around provenance and supply chain integrity. Ram’s insight about circular infrastructure dependencies shifted the focus to cross-sector collaboration. Anriette’s observations about inequality brought crucial equity considerations into the technical discourse. Olaf’s diesel generator story grounded abstract concepts in human operational realities. The economic sustainability question and Mallory’s systemic critique challenged participants to consider whether their technical solutions were adequate to address the scale of the challenges. Together, these interventions created a discussion that moved fluidly between technical specifics and broader systemic questions, ultimately revealing internet resilience as a complex socio-technical challenge requiring collaboration across sectors, disciplines, and global power structures.

Do we have a business continuity strategy for unplanned disruption leading to a total global unavailability of the internet?

Speaker

Nandifa Natsaluba (online participant)

Explanation

This addresses a critical gap in global internet resilience planning – the need for comprehensive business continuity strategies that can handle complete internet failures, which would have catastrophic economic and social impacts.

How can we document the supply chain that leads to a particular product or service and ensure it has integrity?

Speaker

Vinton Cerf

Explanation

This is fundamental to supply chain security and resilience, particularly for open source libraries and software components that form the backbone of internet infrastructure.

How can we be assured that security has been properly attended to, not only in the fabrication of software, but also its configuration and installation?

Speaker

Vinton Cerf

Explanation

This addresses the need for end-to-end security verification throughout the entire lifecycle of internet infrastructure components.

What are risks that might be coupled to each other, and how do we identify and prepare for them?

Speaker

Olaf Kolkman

Explanation

Understanding cascading failures and interdependent risks is crucial for building truly resilient systems, as single events can trigger multiple simultaneous failures.

How can we enhance communication with end users about internet disruptions and recovery status?

Speaker

Anriette Esterhuysen

Explanation

There’s a significant gap in communicating internet resilience status to end users, particularly in developing countries where users are left to manage disruptions without information or support.

How can we develop common definitions of what constitutes critical internet infrastructure across different sectors and stakeholders?

Speaker

Anriette Esterhuysen

Explanation

The lack of common definitions hampers coordinated resilience efforts, as different communities (technical, government, telecom) have varying approaches and understanding of what needs protection.

Should physical transmission infrastructure be considered part of internet resilience, and how do we protect it during conflicts?

Speaker

Qusayr Shati and Anriette Esterhuysen

Explanation

This addresses whether internet resilience should include physical infrastructure protection, especially in conflict zones where infrastructure becomes a target or casualty of war.

Could the uneven flow of internet revenues globally cause long-term unsustainability of the internet?

Speaker

Juan (participant)

Explanation

This explores whether economic imbalances in internet infrastructure financing could undermine global internet resilience, particularly affecting developing countries’ ability to maintain and upgrade infrastructure.

How do we solve internet resilience problems without addressing broader systemic issues like power, water, and political conflicts?

Speaker

Mallory (participant)

Explanation

This questions whether internet resilience can be achieved in isolation or requires addressing fundamental infrastructure and political economy issues that affect all critical systems.

How can we develop next iterations of the resilience map that dig into specific sectors like energy and power?

Speaker

Fiona Alexander

Explanation

This suggests expanding the mapping exercise to create sector-specific resilience maps that would provide more detailed analysis of interdependencies within critical infrastructure sectors.

How do we continue to increase and maintain resilience as the internet continues to grow and evolve?

Speaker

John Crain

Explanation

This addresses the ongoing challenge that resilience is not a one-time achievement but requires continuous adaptation and improvement as the internet ecosystem evolves.