This Week in Net: Impact Week 2022 special edition
Welcome to our weekly review of stories from our blog and elsewhere, from products, tools and announcements to disruptions on the Internet. And this week we have a special edition about Cloudflare Impact Week 2022!
João Tomé is joined by our CTO, John Graham-Cumming. In this week's program, we discuss the announcements of the week such as Cloudflare Zero Trust services being available for Project Galileo and the Athenian Project, as well as Project Safekeeping (protecting the world's most vulnerable infrastructure), and how we achieved FedRAMP authorization to secure more of the public sector. We also discuss human rights, the war in Ukraine and how Cloudflare helped, sustainability across the organization from data center hardware to offices. There's also a place for policy highlights and how we are helping Internet access (Project Pangea).
To check all the blog posts, Cloudflare TV segments and announcements, don't miss the Cloudflare Impact Week Hub .
Hello and welcome to This Week CNET, already with a Christmas vibe for sure. And this one is the Impact Week special edition I'm drawn to man coming to you from Lisbon, Portugal.
And with me I have, as usual, our CTO, John Graham-Cumming.
Hello John. And today you're a very Christmas like.
Well, I guess I'm a bit festive anyway, my my hat here.
Yes, yes. I don't know.
We maybe we'll do another one of these. I'm going to keep pressing this throughout the entire show.
We'll do another one of these next week before we actually take a little bit of a break for Christmas, for the holidays.
But yes, yes.
Let's just in case.
We try to get into the vice, impress myself.
Because the spirit is already there.
If we do next week, I will bring my I have a sweater that also has lights, Christmas lights.
So I will. Bring I'll wear my the jumper that.
So I don't really like those Christmas jumpers.
And the team in London bought me an epic Christmas jumper which has a T-rex with a Santa hat breathing fire with lasers in it, which is, you know, pretty much could there be much more Christmassy than that?
So I've seen that picture a few times.
It's always interesting to see it for sure.
Let's dig right into Impact the week.
This was our impact week, one of our innovation weeks.
It has new products and features.
It has all about human rights, policy, sustainability, Internet access.
So it's all about an impact, right?
And why not start with the new products, products and features?
We had mostly in the beginning of the week, we talked about how we brought Cloudflare Zero Trust for our project, Galileo and the Athenian project.
Those are two real, real world impact projects in a sense.
How can we describe those two projects and how can we also explain a bit of adding more features in terms of capabilities to those projects?
Yes, well, I can answer the question.
So Project Galileo is about providing our enterprise level service to at risk groups.
For example, you know, a small time blogger in that reporting about corruption in a country who might be getting detoxed offline or whatever, or a group working for human rights in a particular location, they might be having a hard time keeping online.
And so we provide our service for free to them recommended by civil science, civil society partners.
And those groups are able to benefit from the sorts of protections and details and via the web and things like that.
Athenian project is slightly different.
It's around protecting the infrastructure around elections.
So, you know, you want to vote on a particular day and you want to find out where your voting places and you go to a website to find that out maybe.
And if that website is offline because of an attack, then that is interfering with the democratic process.
And so Athenian does a similar thing, which is provide protection.
And actually there's a related item called Cloudflare for campaigns, which is helping political campaigns that online what we have done is we've extended that to cover our zero trust products.
So these are the products which we all need really because we're all working and people working in these project layer projects of the Athenian project are working like the rest of us online all the time, using a variety of services.
And they need protection and they need protection.
And so the protection they need is that only the right people are logging into their applications where they're perhaps tracking what they're doing, writing, using the SAS applications, they're using, using things they use online and they can control that access.
And so this is what the Zero Trust product set does, and now it's extended now to project Galileo and also to Athenian project to help really protect.
If you think about the initial pilot was well protect the external facing side of it like the website, keep it online or whatever.
But now there's actually the how, the how the work gets done has to be, has to be has to be protected, too.
And so that's now that's what Zero Trust in those projects means.
And we have like now in terms of Project Galileo and specific that is helping NGOs and not only NGOs, journalism companies stay online, those are more now than 2000 organizations in 111 countries.
So that's a real world impact throughout the world in a sense.
Which is I think it's always great to emphasize and project value is with eight years now it's from 2014.
Yeah, yeah, yeah it absolutely is.
It's one of those it's one of those sports that's been around for a while and now and has a I think it's over 2000 participants.
It's it's really all those things.
It's grown and grown enormously.
I'm showing while you speak I'm showing here are Impact week hub it's on Cloudflare dot com slash impact dash week.
You can see all of the announcements there.
And here like we were saying, we also helped in terms for example, the US midterm elections making email security available fully available for all sorts of candidates in a sense.
So it's really, really general in terms of who can we are able to help with our services, because I remember we have also here a call for TV segments that you can watch more in detail about some of these topics with Jocelyn Albright and even Samaria explaining some of the details there.
But one of the things I saw there, which I think is really interesting, is sometimes even government sites or even candidate sites, they don't have a lot of money to spend on I.T.
So having like a proper secure site for free, it's sometimes it's a deal breaker because their website, their services won't go down.
People can check information there.
So those are relevant, right?
Yep. Absolutely. I mean, Cloudflare TV is, is a good place to just follow along as well.
Obviously we put a lot of this stuff out on the on the blog, but Cloudflare TV absolutely have it has lots of additional details that people prefer to consume it in that way.
And this one actually is Samaria and Jocelyn in our Lisbon office. They did it on the on the office, which was great.
I did it the other day.
Yeah, absolutely. And let's move on in terms of things.
We witnessed this week, someone, so many things.
Exactly where do you want to start?
I think maybe Fedramp just mentioning the case that we got a fedramp approval in a sense.
Yes, we did. We've been working on this for a very, very long time, which is, you know, we've had a large number of US government customers for a long time, Library of Congress, the FBI, State Department had been Cloudflare customers, but we wanted to have the broader fedramp moderate authorization so that anyone in the US public sector can easily use Cloudflare for government products.
And so that was approved this week.
And so we're very we're very excited about this.
This is an effort by a huge team of people across the company to make sure that we comply with all the requirements for Fedramp and then they are obviously checked so that we make sure that we're actually doing the things that are necessary.
And this allows you then to use Cloudflare Products in the public sector, both in federal government and in state and local governments around the US with a lot of assurance that we've done the work to make sure that what we what we provide is, is up to standard.
And you can see here actually there's a little chart which gives you the range of products.
So it's everything from the sort of Cloudflare traditional application service, the WAF and the DOS and the CDN all the way through the developer platform as well.
So welcome. We welcome any US government, public sector agencies come and come and check out cloud, but we have moderate authorized service for you.
And it means a lot of products. It means also a lot of effort in terms of complying with all of the requirements, being sure that everything is in place and a lot of a long time waiting.
Because it takes a long time for these things to be checked, to be approved.
So it's it's also a resilient effort in the sense. Well, it's not just a sort of a waiting thing, because what you're doing is you're.
You know, you're building the systems in place so that you can continue to comply with the requirements.
So I think that is continues. It's Yeah.
So, you know, we had to build that out to make sure that we could do that just as we do for all that, you know, for SOC two and for other things like that.
So. So I think that this team did a lot and yes, of course, is a waiting component as with anything that needs to get authorized.
But you know, it's here, so let's go for it.
Let's go for it.
And it involves developer platform, network services, Zero Trust. So a bunch of teams put a lot of effort into this.
And so it's really a global Cloudflare in terms of product services that are now available in this fedramp.
That's right. That's right?
And of course, there's the blog post for anyone to see all related to this area.
More things we can discuss actually, still in terms of products we announced.
Where is it?
We announced the project Safe Keeping Protecting the World's Most Vulnerable infrastructure with zero Trust.
Also Zero Trust here at play.
I mean, so when the Russian invasion of Ukraine happened, there was a project that was put together around critical infrastructure.
And so if you think about the major bits of infrastructure that was concerned would get cyber attacks against them and particularly in the US.
And, you know, I think the critical infrastructure is in some ways kind of obviously need to protect.
It's called critical infrastructure. And that word critical tells you it's important, but there's lots of other things that need you know, they need protecting.
And so if you think about, you know, financial institutions, hospital networks, oil pipeline, but then there's like local things, a local water treatment facility, a local energy provider.
I mean, these are all vitally important, but they tend to be from smaller companies or smaller organizations, and they may have a harder time dealing with cyber attacks, but they nevertheless would have a big impact on their lives if they weren't operating correctly.
Yeah, there's an example you highlight here of a hospital being shut down in Japan.
Unable to access patient records for nearly two months. Which is pretty, pretty stunning.
A local county in Germany getting its IT systems attacked.
So I think we've seen these things happen.
So Project safekeeping is bringing our Zero Trust solutions to those small organizations for free.
And that was that was announced this week.
And one of the things that always surprised me is that even like a big hospital, it's a big hospital.
Many people work there, but sometimes they don't have like a big I.T.
They're not, like, fully prepared for a very large attack in some ways. So sometimes even in Portugal, we had this here on the news appearing, sometimes even large organizations, governmental, sometimes from the national state, sometimes are impacted by these.
And for sure, there's more and more on the news.
People are more aware of that, of that.
And in this case, it's kind of amazing that we provide this quite easily for those to be protected.
So a bunch of the different things here.
Also explaining what Zero Trust service.
Available trust is.
Yeah, exactly. Explains the full suite that's available.
And I think importantly it includes email protection because email is the most common way in which people break into an organization.
That's the link that people shouldn't click, and they mostly do. Because most people aren't thinking about cybersecurity as I think they need to think about, right?
They're thinking about doing their job. If you're in a hospital, you're thinking about the administration or helping a patient.
And sometimes by mistakes.
It's just having like a layer of protection.
If you click on the link and it's phishing and it creates all sorts of problems.
If you're a doctor, you're not really aware of is this an attack in some way?
And the attacks are getting more sophisticated in terms of an email that seems legit.
So that is a very interesting area to have for sure.
Oh, and here it explains who can apply.
Australia, Japan, Germany, Portugal and the United Kingdom.
But no doubt if this is successful, we'll expand it to other locations.
But that's that's where we're beginning.
And it's a good place to begin, for sure. Let's move on.
We also have not only we have new products and features, we also have some blog posts related to human rights, mostly also related to Project Galileo, as we spoke before.
But also the policy side.
So let's dig into those in this case more specifically.
Not only there is a lot of challenge of censoring the Internet, but there are specific examples like the Ukraine situation because of the war.
Large attacks happen this year because of that and also the situation.
Should we go.
Into I mean, we've been following along with that.
We've been following along to that in on Cloudflare Radar.
Which you help work on, which is our radar dot com which is the website which gives lots of information from a Cloudflare view of what's happening on the Internet.
And obviously we see traffic to Ukrainian websites or services in particular the U.S.
And we see traffic from Ukraine to other things.
So we get a view of the outages that are happening across the country be they caused by cuts to fiber optics, power outages, which of course is super common, especially with what appears to be happening with the Russians attacking infrastructure.
We see the deliberate rerouting of Internet traffic, particularly in occupied areas into Russia.
We see that come undone again after those areas are no longer occupied by Russia.
And this just gives you a sort of sense of what happened over the last well, now eight months that.
The war has been going on and you see this sort of ebb and flow of attacks.
And I think the striking thing is that on some days, 80% of the traffic to the UK websites we protect is attacked traffic.
Those are very large attacks.
It's like it's just like constantly so. So keeping that stuff online and you sort of see I think if you scroll down this information about kind of the routing kind of stuff that was going on with that because obviously the Russians are they're filtering the Internet to prevent people from reading certain news stories, news sources they don't like.
And we see that in some of the occupied areas that the Internet was rerouted into Russia, which then presumably allows them to apply the filtering they want.
And you actually saw them, you know, return to the open Internet.
So, you know, this is just an update on something we've been doing.
We protect a lot of domains.
We have data center in Kiev, which is still operating and hopefully we will continue to operate that.
But the rerouting is quite impressive how we could see those the Internet starts to be more limited because, of course, the Internet in Russia is limited.
So if there are rerouting through Russia, Internet traffic in the occupied areas, that Internet will be limited to the domains or the website that are banned in Russia.
And that includes, for example, BBC or other websites, even social media and all that.
So there's a lot of websites banned in Russia. And with that routing, the Internet was limited in those occupied areas.
So it's in a sense, it's kind of amazing to see how that works in terms of the Internet and it's a war on the Internet in a sense.
The Internet played a role in this war in several situations, but this is also a specific one.
Limiting trying to limit the Internet access is a concern. And in the situation that happened because of these rerouting.
So we also have a Florida outage center for those who want to see outages that happen.
Even recently, last month in November in Ukraine, we saw like crazy amount of outages related to energy infrastructure strikes, airstrikes.
So you could browse here just to show a bit of what we have on radar.
Yeah. So that's our radar. I mean, radar keeps growing and you should check back because we're adding more and more information.
I mean, Internet outages is a big part of that. And it's interesting to see highlighted on the map there you can see Iran and you can see Ukraine highlighted know there's now in Kenya and the US as well, of course, where, you know, different sorts of outages happen for different reasons.
And you can really zoom in here and see what's been happening.
So the more county one actually we talked about that last time.
Which was. The we did.
Someone shot up the power infrastructure and therefore knocked out access in North Carolina.
Sometimes it's a city, sometimes is the whole country or a region.
So it depends.
Let's move on this.
Also the Iran situation.
We have a blog post about that two months later, Internet use in Iran during the Yemeni protests.
Is in a sense limited. So that's that's a very important and relevant thing in our world today.
And we have some view on that in terms of the Internet.
Well, I think the interesting thing about this blog post is that, you know, I think you see in Iran from an Internet perspective, a nuanced situation in some ways, which is what the Iranians have not done, is cut the Internet off completely.
And you do see that in other countries where there are process booms is just shut it down.
And they have actually taken an approach where they are filtering certain services.
And also at the beginning of the protest, they essentially created a sort of curfew for the Internet.
So if you if you scroll down, there's a graph here.
So this is what just to go through these graphs because it's kind of interesting.
Look at this graph here where it says the one you just scroll past.
Oh, and this is where the protests began.
And you can see what they did was they they turned off mobile Internet during the night.
And so they basically said you're all going to have a curfew. And then it went back to normal.
And then subsequently, they kind of carried on this sort of curfew plan.
And you can kind of see.
Little bit hard to see on this crop. You can see how this kind of these dips that happen, boom, boom, boom on the mobile.
And it was primarily mobile, right. So the rental, the fixed stuff kept, it was primarily mobile.
And now if you look at the what the traffic looks like now, there's a there's an interesting thing, which is that.
The overall Internet traffic is now up enormously in Iran.
So people are clearly using the Internet constantly.
And there is there is less, there's less.
So there's cutting the Internet off completely.
Obviously, there's filtering happening to try and stop certain services operating, but it persists.
And this is one of the challenges.
Yeah, this is a fascinating graph.
So on the left is if you look at the left hand section here, right up until 916 where the protest began, and there's that dip where they did the curfew.
That's kind of the level of normal kind of Internet access in Iran goes up in the day, goes down at night, protests happen and then it really takes off in terms of usage.
And so people are really using the Internet and it's sustained. The Internet use is now up in a really sustained fashion.
And so I think that, you know, the Iranians clearly don't want to or maybe can't for other reasons, cut off the entire Internet.
And it appears that Iranian citizens are using the Internet very widely, despite there being an attempt to block communications.
And those outages that they plan outage that they did and they did a lot in many days throughout more than a month.
It was interesting because it was on the late afternoon and that was when most of the protest was happening.
So it was clearly related to when people were getting together to protest.
So that was the period for a few hours that the Internet, especially the mobile Internet, was.
And I was I think didn't you point out in a blog that the Iranians kept the Internet on during the football match in the World Cup between UK, between England, sorry, and Iran?
And then once the game was over, the Internet got throttled.
Right away and Iran lost that game.
So it was like also that playing around.
But exactly it was it peaked and then dropped completely some type of outage it seemed there or shut down because it's a possibly one that was coordinated and controlled for sure.
So we have a few more things to discuss before we go.
In terms of sustainability, we also have a lot of blog posts related to sustainability that explains how we are in a sense trying to be more sustainable as a company.
Do you want to highlight a specific one here? Well, now let's just try and summarize it quickly, because I guess we're going to we're going to run out of time.
There's so much to talk about. But I mean, if you think about sustainability, there's like, how do we design our offices?
So Caroline Quake did a great post about the redesigning the offices, like using recycled materials and stuff like that or in our offices sustainable office design.
And I think that's really interestingly how, how do you do that and have a positive impact.
There's another blog post which is about our own emissions. So previously we've looked at the historical emissions, so now we've bought what we bought or are buying offsets for our historical emissions.
So what we did is we a couple of years ago we said we were going to make sure that we were net zero going forward, but there's all the historical emissions you have to go out and deal with.
And so we went back and did a calculation of all the stuff we were carbon we'd produced.
And so we went off and do that. And then when we're looking at the what we call scope three emissions, and this is if you scroll down, actually scope three is really kind of an interesting, interesting question here.
So we're we're using renewables.
We all we're using offsets and that's part of what we're doing.
Keep going down and you'll see every part of it.
So scope three is supply chain and logistics.
So it's like so, you know, our, you know, our providers who are maybe part of our supply chain, what's happening with them.
And one of those things within that is embodied carbon in the hardware we buy.
And there's another blog post by Rebecca Weekly about the hardware design at Cloudflare, which is about, you know, not that one, there's not one about the actual machine design, which is like, how do you design machines that you can upgrade that you keep in your infrastructure?
Yeah, Yeah, exactly.
And so this is around hardware sustainability.
So that's part of that, which is like, you know, can you recycle responsibly, can you reuse and responsibility?
And there's actually this is actually really a fascinating topic because it's not you kind of think, well, once the machine is done, we could someone else maybe be able to use it or might be able to recycle it in a way.
And actually there are reasons why that isn't very possible and actually making sure that we are the design of the machines allows that to happen later is really important and deciding how we keep things.
So that's another area. And so this is a whole area around the stuff which we need to take into account to have the environmental, environmental impact we ought to have.
Even in this case, hardware, which is really interesting, not easy. Even we have a lot of it, right?
Part of it is open standards, open code, open designs, because the reason those open designs and things are really, really important is that it means that let's suppose you take a machine out of commission and a Cloudflare and you have a choice about what you're going to do with it.
So in some ways the ideal scenario is that someone else is able to use it.
You obviously you wipe and destroy the hard drives and all the data.
But maybe the idea is someone else can use that machine, but there may be reasons why they can't because the design is not open.
And so making sure that our stuff as we go down the chain is reusable by us or by others is also an important part of this or is recyclable in a way that is easy.
And that makes a difference because a small difference makes a huge difference because we have so many data centers.
So it makes a huge difference for sure.
So, I mean, all of these things go together, right?
All of us are involved in making decisions.
And whether it's offices or hardware or our own emissions, this all fits together.
Before we go today, we're launching today, Friday, December the 16th.
We are launching also our impact report, I think.
But before we go, why not just talk a bit about Project Benga, an important one, because many people don't know, but it's not only in underdeveloped countries that the Internet is bad, there's problems in the Internet.
Even in the US or Europe.
There's areas in those countries where the Internet is not that great.
So we have two blog posts in the sense related to that.
Can you expand just a bit in a minute or so?
So if you think about Internet access, if you're, I feel, very fortunate living in Portugal where there's extremely good fiber optic internet.
And even if you live in quite a small little village in Portugal, you will find that it's possible to get decent Internet access.
But around the world, and this is not a question of actually of like saying, oh, developing country or whatever like that.
It's actually it can be community based.
So it could be a community like we've seen this in the US, which is poorly, poorly served by Internet.
And so what happens is you get people who are build community networks.
And there's a great example of this actually, I think it's in outside of Boulder, Colorado, is a community which is in the mountains, which has terrible Internet access.
And Panja says, look, suppose you're building a community network or some little network of people will give you the onramp to the Internet, the pipe that gets you onto the Internet for free, because normally that network would have to pay for that too.
And so Pangea is we have great connectivity with the Internet. We can we can hook the thing up.
And so that allows somebody to get together and say, okay, for our community, be it maybe a small community in a city which is underserved, which happens or in a rural location or in a country where things are poorly provided for, we can we can provide the on ramp onto the Internet.
And so, yeah, that blog post gives an update on Panjshir.
And it's a good one.
We're almost out of time. Before we go, just not.
Remember that you can check our updates, of course, in our blog and also on our website, Cloudflare dot com slash impact week.
Any thoughts before we go, John?
There's a blog post coming out today which everybody should read, and that blog is about IP addresses and why IP addresses are misunderstood, especially from a blocking perspective that people, organizations, companies, countries, governments like to block IP addresses and it has it's the wrong level at which to be doing blocking.
And though there is a really long, really thoughtful post about the challenges of blocking the Internet and why IP addresses have a huge amount of collateral damage, if that's the way in which things get blocked.
And it's a blog post all about making the internet better.
So makes sense in this week.
And that's a wrap.
And we've I think we'll have something next week.
But wishing everyone happy Christmas and New Year, have the people celebrate.
We've been around the sun one more time again I guess.
And so however you celebrate this kind of time of year.
Enjoy it and maybe you will have a cheaply made flashing hat like me.
It could be Hanukkah. It could be all sorts of things for sure.
Thank you, John.