Back to Posts Darkened office with only emergency lights and disconnected devices

Staying Cyber-Smart When the Lights (and Internet) Fail

Oct. 22, 2025

On Oct. 20, 2025, Amazon Web Services (AWS) experienced a global outage that disrupted websites, apps, and cloud services across industries. From Alexa to The New York Times, Slack, and GoDaddy, the outage reminded us how deeply embedded cloud infrastructure is in our daily lives. But this wasn’t the first time a widespread disruption exposed systemic vulnerabilities.

By revisiting the 2003 Northeast Blackout, we can better understand how infrastructure failures, whether physical or digital, require proactive leadership and cyber resilience.

What Happened October 20?

AWS had a major issue in their US-EAST-1 region (which is their main and most-used data center zone). The problem started with Domain Name System (DNS) resolution — basically, the system that turns website names (like google.com) into IP addresses (like 142.250.190.14) stopped working properly. When DNS fails, services can’t find or connect to each other, so apps and websites depending on AWS start breaking down.

Think of DNS as the phone book of the internet. First used in the early 1980s, DNS represents interconnected servers that store registered domain names and Internet Protocol (IP) addresses. DNS is the magic ingredient that allows users to interact with devices on the internet without having to remember long strings of numbers.

Tracey Birkenhauer

Tracey Birkenhauer

Principal & Chief Impact Officer, STACK Cybersecurity

“A single point of failure in Amazon Web Services (AWS) infrastructure caused a chain reaction that broke a huge chunk of the internet — proving why having backups and multi-cloud setups isn’t just smart, it’s essential.”

Lessons from 2003 Northeast Blackout

Twenty-two years ago, a cascading power failure plunged over 50 million people into darkness across eight U.S. states and parts of Canada. The blackout exposed how a localized issue—overgrown trees contacting high-voltage lines—could trigger widespread infrastructure collapse. Detroit’s flooded freeways, stalled elevators, and halted airports illustrated the domino effect of unpreparedness.

Today’s digital infrastructure is even more interconnected. The 2003 blackout taught us that:

  • Local failures can have global consequences: Just as a single transmission line failure cascaded across the grid, a DNS issue in one AWS region disrupted global operations.
  • Preparedness matters: Agencies with blackout response plans fared better. In 2025, organizations with cyber incident playbooks and multi-cloud setups minimized downtime.
  • Visibility is critical: The blackout revealed gaps in real-time monitoring. Today, lack of visibility into third-party cloud dependencies remains a top cybersecurity risk.

Cybersecurity Implications

The 2003 blackout wasn’t caused by a cyberattack, but it exposed vulnerabilities that could be exploited. In 2025, AI-powered threats and nation-state actors are targeting critical infrastructure. The World Economic Forum reports that 42% of enterprises in less-prepared regions lack confidence in their ability to respond to major cyber incidents.

Key takeaways for cybersecurity leaders:

  • Proactive defense is essential: Just as tree-trimming and grid monitoring became standard post-2003, today’s leaders must invest in threat detection, zero-trust architecture, and supply chain visibility.
  • Regulatory changes are coming: The 2003 blackout led to energy sector reforms. Cyber incidents like the Colonial Pipeline attack have already prompted new TSA cybersecurity mandates. Expect more.
  • Executive leadership is critical: Cyber resilience starts at the top. Leaders must prioritize training, cross-sector collaboration, and strategic investment in security infrastructure.

Staying Cyber-Smart When the Internet Goes Bye-Bye

Whether facing a blackout or a cloud outage, here’s how to stay secure:

  • Have offline backups: Keep physical copies of critical documents and contact lists.
  • Use alternative communication: Landlines, SMS, and radios can bridge the gap when data services fail.
  • Audit your systems: Use downtime to review passwords, authentication methods, and patch status.
  • Watch for scams: Outages are prime time for phishing. Be cautious with emails and texts requesting credentials.

Conclusion

The 2003 blackout cost the economy up to $10 billion. A similar event triggered by a cyberattack could be even more catastrophic. The October 2025 AWS outage reminded us that digital infrastructure is just as vulnerable as physical systems. By learning from past disasters, investing in resilience, and leading with foresight, we can build a future where the lights—and the internet—stay on.

Need help assessing your organization’s cyber readiness? Contact STACK Cybersecurity for a consultation.

Related Resources

Contact Us

Ready to strengthen your cybersecurity posture?

Contact our team today to schedule a no-obligation consultation or call us at (734) 744-5300.

Cybersecurity Risk Assessment

Do you know if your company is secure against cyber threats? Do you have the right security policies, tools, and practices in place to protect your data, reputation, and productivity? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cyber's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices, and provide you a detailed report and action plan to improve your security posture. Don't wait until it's too late.

Schedule a Consultation Learn More