Katie Hyman and Wendy Gonzales

Originally published on Arbitrate.com, 18 October 2021

Did Monday 6th October 2021 feel like a snow or rain day to you? With Facebook, Facebook Messenger, Instagram, and WhatsApp down for nearly six hours, panic and confusion took over as millions of users could not access their most-used apps and websites. Millions of people and businesses of all sizes are reliant on these platforms as their main line of communication felt adrift, but there was an additional undercurrent of anxiety: what or who had caused this? Did stakeholders in arbitration feel the same way, especially within its more digitized post-pandemic setting?

Many wondered whether there had been a hack or data breach compromising the valuable information already shared on these apps. The fact that it began only a few hours after breaking newsconcerning Facebook only ramped up the speculation.

Reasons to care

As more and more of our lives take place online, cyber attacks seem to increase even more quickly. Reports indicate that, even though the year is not over, there was a 125% increase in cyberattacks in 2021 compared with the year before.

Arbitrators should take note. As discussed in the webinar “Arbitrators and their online identity: a double-edged sword”, social media has become an increasingly important tool for arbitrators building their brands, developing their careers, and expanding their networks. As the participants of that webinar discussed, arbitrators using social media in this way should not lose sight of the need to secure their online identities. Being alert to phishing attacks, which are also possible via instant messaging on social media; using secure passwords; and conducting arbitrations (and related communications) via secure portals are key. In addition, just as businesses need to develop cybersecurity response plans, arbitrators should be thinking along the same lines. Are you ready to respond to an incident quickly? Do you really know the data flows applicable to the storage of all your documents and client work? Are you continuing to educate yourself on the latest threats, ransomware, and cybercrimes that may be associated with arbitration?

The outage

The outage began at around 11:40 Eastern time. The social platforms took to Twitter to notify users – first came WhatsApp at 12.16 ET, followed by Facebook and Instagram. Each of the sites were displaying error messages, showing that the sites had disappeared from the internet. As Facebook has now explained, Facebook had essentially sent a message to the internet that it was closed, by withdrawing its Border Gateway Protocol routes, and making Facebook’s DNS servers unreachable. DNS, or the domain name system, converts human-readable web addresses into machine-readable IP addresses, acting like an internet address book. With Facebook’s DNS unavailable, the rest of the internet couldn’t find it or any of the other apps and sites that are part of Facebook’s group. 

Technology outages are not uncommon, but having so many of the most popular apps go out at the same time was unusual. Facebook’s last significant outage was in March 2019 – it lasted 24 hours and was due to a server configuration change that had a cascading effect through the network. This week, Facebook said that “configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.” The issue was compounded by the fact that the underlying cause of the outage also affected many of Facebook’s own internal tools, from an internal messaging service to engineers’ security passes, which meant it took longer to fix. Somewhat concerningly, at the end of its explanation to users, Facebook stated “we’re working to understand more about what happened today so we can continue to make our infrastructure more resilient.” In other words, Facebook itself is not entirely sure how this happened – but with the global reach and impact that they have and the size of the company, they probably should.

Facebook confirmed that there was no “malicious activity” behind the outage – it was simply a technical issue – and that there was “no evidence that user data was compromised”. But, as many users suspected, it could have been. One of the first reactions from many users during the outage was to assume that there had been a hack and that their passwords and personal information may have been compromised. For some peace of mind, remember that  password hygiene is one of the most frequently recommended measures to mitigate cyber risk. Now that the apps and websites are up and running again, if you have not done so recently, and do not change your passwords on a regular basis, it is recommended to change your passwords on all of these sites. Be creative and try to be safe by using different passwords for each app.

Do you need some light in this tunnel?

Cyberarb is an initiative that aims to bridge the gap between theory and practice, and to provide a set of cybersecurity tools tailored to arbitrators and related stakeholders during their practice. We encourage you to join the community and help to develop best practices in this quickly evolving area. Our tools include a visual roadmap listing the most popular measures, and a procedural order template to guide your arbitration procedures. To go even further, you can now enjoy CyberArb Essentials. This is an All-in-One program aiming to keep you sharp on the moving target that is cybersecurity. There are a range of options available, from “mythbusters” podcasts lasting a couple of minutes, to full e-learning programs such an Introduction Module.