Rendered at 22:49:48 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
xoa 42 minutes ago [-]
This may have been long discussed, but I feel like this war is the first time I've really thought hard about how big a target data centers would be in any sort of modern peer war and how that's an entirely new thing since the last time it was really on the radar (end of CW) right? We've built trillions and trillions of dollars in infrastructure in the peace time since, and it seems fairly concentrated. AWS is amongst the biggest there is, and according to mappers like [0] there are only around 240 operational total worldwide with another 130ish under construction. Like, in one respect that seems like a bunch, but vs the kind of attacks we see done in a matter of days in modern wars it's a pretty small number for the whole planet isn't it? In the first 24 hours of the war the US and Israel launched on Iran, they hit something like 1500-2000 targets. How hardened are the data centers? Are they in structures that handle some level of explosives? Do they have counter measures like internal blast walls dividing things into cells so a few hundred pounds of high explosive in one area doesn't damage outside the cell? I mean, of course like all data centers they'll have considered extensive countermeasures to fire, environmental threats, grid issues and so on. But has "nation-state level attack via mass drones or bombardment" been part of the threat model over the last few decades? Hardening of telecoms was certainly considered for old Ma Bell and such back in the CW days but that was a very different environment.
I guess it makes me think about what a soft underbelly this could be for a lot of modern society. There's always been consideration of threats to refineries and power stations and industrial production and all those big metal deals. But like, forget any sort of nuclear exchange, any sort of crazy super Starfish style big EMP, just purely a few thousand drones nailing data centers. Nobody even directly dies, just a lot of wrecked computers. What would be the cost of losing all the clouds and colo stuff? How long to replace, at what cost? How much depends on it?
Instead of targeting data centers, it's far easier to target the electrical substation that powers the datacenter. It's relatively simple to do. Transformers require oil to cool themselves, and if the coolant reservoir is damaged, then they overheat and shut off. This exact infrastructure attack occurred in North Carolina in 2022 [0], where someone fired bullets into the coolant reservoirs and caused a several day power outage. The perpetrator was never caught. It's speculated a foreign actor did this to gauge the response in a future wartime scenario.
>Instead of targeting data centers, it's far easier to target the electrical substation that powers the datacenter
That has a lot of collateral damage that may or may not be desirable though. Simultaneously it might have quite a different long term effect right? If all the actual computers are unharmed they can be powered in other ways in an emergency, even if at much higher cost. Or powered back up later, the time lost might be militarily very significant but they're not gone.
But how many people and companies actually have full functional decentralized clones of all programs and data? How many people and companies have devices that are locked to remote hosts they expect to check in on at least once in awhile even if they're not "cloud dependent"? What if all that was literally gone, a few thousand missiles or drones and data centers are all just completely erased including tape backups, everything, suddenly we're in a world where all that compute and data is poof. And without hurting anything else, no traditional war crimes either, no power or direct food or transport disruptions. Everyone is fine and healthy, except with this huge societal exocortex gone.
In any significant war the Internet is going to go down. That's what has happened empirically in countries undergoing significant wars or social unrest, like Russia, Iran, Yemen, Ethiopia, Syria, Myanmar, and Afghanistan. While IP packet routing itself may have been designed to survive a nuclear war, there have been many centralized systems built on top of it (DNS? Edge caching? Cloudflare? Big Tech) that are essential to the functioning of what we know of as the Internet.
If your threat model includes war and you want to have some of the conveniences of the Internet, you should make plans for how to host local copies of data and develop local-scale communications for the people you regularly talk with. The Internet is too big of a security and propaganda risk for governments to allow it to continue to exist when they are engaged in a real existential war.
pvtmert 23 minutes ago [-]
Agreed that Govt/Military runs on AWS/Azure/whatever. They care about "security" in a "virtual" sense, but I presume soon we'll see requirements like: "Must Have: Missile Defence Perimeter" next to the "Must be FIPS compliant".
dgxyz 15 minutes ago [-]
My partner works in that space.
Sovereignty and self-sufficiency are big topics. The US centric cloud at least is killing itself through geopolitical risks for gov customers outside the US. Literally number one operational risk now.
asdff 35 minutes ago [-]
The way everything is so overleveraged on the success of these companies being packed into ETFs, it would probably take down the whole economy. You'd be able to shut down even more manufacturing without even destroying it just from economic forces. That is unless the US responds by nationalizing everything, which they won't. They'd rather it go to smithereens so someone has a chance to be made wildly rich rebuilding.
>We've built trillions and trillions of dollars in infrastructure in the peace time since, and it seems fairly concentrated.
and thus is easily defended. It would be a pocket change - tens of millions - for AMZN to put say a Rheinmetall Skyshield https://en.wikipedia.org/wiki/Skyshield at the data center.
afiori 12 minutes ago [-]
Considering how hard US military bases and radar systems have been hit (and those are not city-sized target) I am unconvinced that even AMZN's pocket change could realiably protect against the kind of attacks we see in this war
georgemcbay 33 minutes ago [-]
> the first time I've really thought hard about how big a target data centers would be in any sort of modern peer war
Given the rapid and increasing rise of AI use in actually fighting wars, I suspect data centers won't just be a big target, they will eventually be the #1 priority target. Taking them offline won't just be of interest in terms of economic damage, it will be a direct strategic goal toward militarily winning the conflict.
PaulDavisThe1st 30 minutes ago [-]
Until it is clear that the use of AI in "actually fighting wars" doesn't put senior military people at risk of never being able to leave their own country again for fear of prosecution for war crimes, I'm not so sure that the "rapid and increasing rise" is going to actually be a thing.
georgemcbay 25 minutes ago [-]
> Until it is clear that the use of AI in "actually fighting wars" doesn't put senior military people at risk of never being able to leave their own country again for fear of prosecution for war crimes
I don't believe that's a real concern that the senior military people have anymore. War crimes are legal in 2026. That ship has sailed (and was double tap struck by the US Navy). Nobody is doing anything about it.
edgyquant 12 minutes ago [-]
War crimes have never been anything more than a way the west can punish its enemies. It’s hilarious people think this norm continuing is some refutation of the system as designed.
georgemcbay 4 minutes ago [-]
> War crimes have never been anything more than a way the west can punish its enemies
That's a fair point, the major change isn't that we suddenly started committing war crimes, it is that we've dropped all pretenses of trying to justify why what we did isn't one.
propagandist 24 minutes ago [-]
The Hague Invasion Act takes care of that.
sva_ 48 minutes ago [-]
I didn't know they had strong workers rights/union culture down there to strike.
kelsey98765431 1 hours ago [-]
if you dont colo your own servers you don't own anything.
xoa 54 minutes ago [-]
>if you dont colo your own servers you don't own anything.
I'm confused, what does ownership have to do with this particular failure mode? The issue here is a (for many) unforeseen new tradeoff involved in centralization. Colocating at a central place has the exact same tradeoff in this case: bandwidth is vastly more available and cheaper towards the core, and there are significant amortization gains to be had with a lot of basic shared infra. But it's also one big structure holding a lot of computers and infra everyone is depending on, that's the whole point of it! We're all sharing network backbone and power filtering/redundancy and so on and so forth, vs paying for that separately. That means a missile or drone or bomb hit to the building still hits all of us whether we own the servers there or we're running workloads on someone else's servers.
The only responses are either central counter measures or decentralization. Both have significant costs and complexity, that's why it wasn't just done proactively right?
indolering 41 minutes ago [-]
I think it's a joke: you REALLY don't want to own your own servers.
lta 33 minutes ago [-]
I don't think it is. There are many many cases where you do want to own them.
The people you rent yours from are making a shit load of money so it doesn't sound that bad of an idea
sophacles 6 minutes ago [-]
I buy lots of things from people who make a pile of money from low margin goods/services sheerly on scale. There are many things i could not reproduce more cheaply from constituent parts, even if i value my time at $0.
This includes things I have experise in.
brianwawok 31 minutes ago [-]
It sometimes makes financial sense to own your own servers
legitster 5 minutes ago [-]
You should have the opposite takeaway - if you don't have redundancy in the cloud you don't actually have uptime.
pvtmert 20 minutes ago [-]
I don't think co-locating with AWS or any other DC in Middle-East would help in this case. Unless you bring your own missile defence network, you are vulnerable.
In the case of if you could bring your own missile-defence-network, then you probably don't need co-location anyway. (There is nothing "co", it's just location you build & operate, with your Patriot or whatever)
NooneAtAll3 12 minutes ago [-]
boolean "you are vulnerable" means nothing, because it's always True
spreading out decreases risk, concentration increases it
postepowanieadm 53 minutes ago [-]
Your servers also may get hit with a bomb/missle.
stavros 57 minutes ago [-]
Why would I want to own a cut-off datacenter in Dubai?
I guess it makes me think about what a soft underbelly this could be for a lot of modern society. There's always been consideration of threats to refineries and power stations and industrial production and all those big metal deals. But like, forget any sort of nuclear exchange, any sort of crazy super Starfish style big EMP, just purely a few thousand drones nailing data centers. Nobody even directly dies, just a lot of wrecked computers. What would be the cost of losing all the clouds and colo stuff? How long to replace, at what cost? How much depends on it?
----
0: https://www.datacentermap.com/c/amazon-aws/
[0] https://en.wikipedia.org/wiki/Moore_County_substation_attack
That has a lot of collateral damage that may or may not be desirable though. Simultaneously it might have quite a different long term effect right? If all the actual computers are unharmed they can be powered in other ways in an emergency, even if at much higher cost. Or powered back up later, the time lost might be militarily very significant but they're not gone.
But how many people and companies actually have full functional decentralized clones of all programs and data? How many people and companies have devices that are locked to remote hosts they expect to check in on at least once in awhile even if they're not "cloud dependent"? What if all that was literally gone, a few thousand missiles or drones and data centers are all just completely erased including tape backups, everything, suddenly we're in a world where all that compute and data is poof. And without hurting anything else, no traditional war crimes either, no power or direct food or transport disruptions. Everyone is fine and healthy, except with this huge societal exocortex gone.
(Perpetrators also not caught)
If your threat model includes war and you want to have some of the conveniences of the Internet, you should make plans for how to host local copies of data and develop local-scale communications for the people you regularly talk with. The Internet is too big of a security and propaganda risk for governments to allow it to continue to exist when they are engaged in a real existential war.
Sovereignty and self-sufficiency are big topics. The US centric cloud at least is killing itself through geopolitical risks for gov customers outside the US. Literally number one operational risk now.
and thus is easily defended. It would be a pocket change - tens of millions - for AMZN to put say a Rheinmetall Skyshield https://en.wikipedia.org/wiki/Skyshield at the data center.
Given the rapid and increasing rise of AI use in actually fighting wars, I suspect data centers won't just be a big target, they will eventually be the #1 priority target. Taking them offline won't just be of interest in terms of economic damage, it will be a direct strategic goal toward militarily winning the conflict.
I don't believe that's a real concern that the senior military people have anymore. War crimes are legal in 2026. That ship has sailed (and was double tap struck by the US Navy). Nobody is doing anything about it.
That's a fair point, the major change isn't that we suddenly started committing war crimes, it is that we've dropped all pretenses of trying to justify why what we did isn't one.
I'm confused, what does ownership have to do with this particular failure mode? The issue here is a (for many) unforeseen new tradeoff involved in centralization. Colocating at a central place has the exact same tradeoff in this case: bandwidth is vastly more available and cheaper towards the core, and there are significant amortization gains to be had with a lot of basic shared infra. But it's also one big structure holding a lot of computers and infra everyone is depending on, that's the whole point of it! We're all sharing network backbone and power filtering/redundancy and so on and so forth, vs paying for that separately. That means a missile or drone or bomb hit to the building still hits all of us whether we own the servers there or we're running workloads on someone else's servers.
The only responses are either central counter measures or decentralization. Both have significant costs and complexity, that's why it wasn't just done proactively right?
This includes things I have experise in.
In the case of if you could bring your own missile-defence-network, then you probably don't need co-location anyway. (There is nothing "co", it's just location you build & operate, with your Patriot or whatever)
spreading out decreases risk, concentration increases it