Tech
Government faces questions about why US AWS outage disrupted UK tax office and banking firms | Computer Weekly
The UK government is being pressed for a response as to why a major, multi-hour Amazon Web Services (AWS) outage in the US disrupted UK-based organisations, including HM Revenue & Customs (HMRC) and Lloyds Banking Group.
The outage, which AWS confirmed started just before 8am UK time on 20 October, originated in AWS’s US-East-1 datacentre region in North Virginia, and caused large-scale disruption to a host of companies across the world, including in the UK.
The US-East-1 region is renowned for being Amazon’s first and flagship cloud region, as well as its largest, and is often the place where the public cloud giant rolls out new services to customers first.
For this reason, it is not unheard of for service issues with the US-East-1 region to blight overseas users of the firm’s cloud technologies.
But with concerns mounting in the UK (and other geographies) about the public and private sector’s over-reliance on US-based big tech platforms, the outage has led to renewed calls for greater transparency about the resiliency of the nation’s hosting arrangements.
“The narrative of bigger is better and biggest is best has been shown for the lie it always has been,” Owen Sayers, an independent security architect and data protection specialist with a long history of working in the public sector, told Computer Weekly. “The proponents of hyperscale cloud will always say they have the best engineers, the most staff and the greatest pool of resources, but bigger is not always better – and certainly not when countries rely on those commodity global services for their own national security, safety and operations.
“Nationally important services must be recognised as best delivered under national control, and as a minimum, the government should be knocking on AWS’s door today and asking if they can in fact deliver a service that guarantees UK uptime,” he said. “Because the evidence from this week’s outage suggests that they cannot.”
Government use of cloud under scrutiny
AWS has vowed to publish a detailed “post-event summary” detailing the causes of the outage and the steps it had to take to bring services back online.
In the meantime, and in line with Sayers’ recommendations, HM Treasury is already being asked to account for why it has not used powers conferred on it earlier this year to ensure suppliers like AWS are up to the job of delivering resilient cloud services to organisations in the financial services sector.
The chair of the Treasury Select Committee, Meg Hillier, published a letter she has written to the economic secretary, Lucy Rigby, that appears to have been penned during the AWS outage.
The letter calls on Rigby for clarification about why, despite having the power to do so since January 2025, the Treasury has apparently so far neglected to add AWS to its Critical Third Parties (CTP) list of suppliers.
This designation, which was introduced through changes made to the Financial Services and Markets Act 2020 in November 2024, is intended to provide the UK’s financial regulators with the means to include third-party suppliers to the sector within their supervisory scope – the idea being that doing so might help better manage any potential risks to the stability and resilience of the UK financial system that might arise as a result of a third-party supplier suffering from service disruption, as happened on 20 October with AWS.
As stated in Hillier’s letter, it appears the Treasury is yet to call any suppliers into the scope of the CTP regime, including AWS, which is known to be a supplier to a large number of UK financial services institutions.
“In light of today’s major outage at Amazon Web Services … why has HM Treasury not designated Amazon Web Services or any other major technology firm as a CTP for the purposes of the Critical Third Parties Regime,” asked Hillier, in the letter. “[And] how soon can we expect firms to be brought into this regime?”
Hillier also asked HM Treasury for clarification about whether or not it is concerned about the fact that “seemingly key parts of our IT infrastructure are hosted abroad” given the outage originated from a US-based AWS datacentre region but impacted the activities of Lloyds Bank and also HMRC.
On the latter point, Hiller asked: “What work is HM Treasury doing with HMRC to look at what went wrong, and how this may be prevented in future?”
Computer Weekly contacted HM Treasury for details of its response to Hillier’s letter, and to seek clarification on whether it has plans to imminently add AWS to the CTP list. It also asked if the Treasury has concerns about parts of the UK’s banking infrastructure being hosted overseas, in the wake of the outage.
A spokesperson for the government department did not directly answer the questions posed by Computer Weekly, but did provide the following statement in response:
“We know the threat cyber attackers present, which is why we are working with regulators to establish a Critical Third-Party regime, so we can hold firms providing these services to the same high standards as other financial services institutions,” the Treasury statement read.
UK reliance on overseas clouds
Hillier’s question to the Treasury about whether it has any concerns about key parts of the UK’s IT infrastructure being hosted overseas is being echoed by other UK cloud market watchers and stakeholders in the wake of the outage.
“We should be asking the obvious question: why are so many critical UK institutions, from HMRC to major banks, dependent on a datacentre on the east coast of the US?” said Mark Boost, CEO of London-based cloud services provider Civo.
“Sovereignty means having control when incidents like this happen – but too much of ours is currently outsourced to foreign cloud providers. The AWS outage is yet another reminder that when you put all your eggs in one basket, you’re gambling with critical infrastructure.
“When a single point of failure can take down HMRC, it becomes clear that our reliance on a handful of US tech giants has left core public services dangerously exposed,” he said.
AWS has operated a UK datacentre region since 2016, with a key selling point of these facilities being that it would allow UK-based organisations to access locally hosted versions of its public cloud services.
This adds further weight to Boost and Hillier’s line of questioning about why a US outage impacted UK-based organisations when, presumably, these organisations should be relying on the UK region to access AWS services.
When Computer Weekly put this question to AWS, citing the disruption caused to HMRC during the outage as an example, a company spokesperson advised the publication to direct that comment directly to the government tax agency.
Shared responsibility model
That response (or lack thereof) potentially speaks to the notion of the “shared responsibility model” that AWS subscribes to, whereby the organisation considers security, compliance and the resilience of its customers’ cloud environments to be something of a shared burden.
As detailed on the company’s Shared Responsibility Model reference web page, this setup is designed to “relieve” AWS customers of the operational burden of running their own cloud infrastructure, but they remain responsible for whatever data they choose to host in it.
“Customers should carefully consider the services they choose [to host in AWS] as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations,” said AWS.
“The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment.”
Speaking to Computer Weekly, Brent Ellis, principal analyst at IT market watcher Forrester, said the fact the outage originated in the AWS US-East-1 region and impacted UK organisations suggests “at least some part” of the HMRC and Lloyds setups had a dependency on that region.
“That would have been an architecture choice by those companies, but not necessarily a fault of AWS,” said Ellis. “That dependency could also have been introduced by a nested SaaS [software as a service] component for the organisations involved.
“Generally, I think this shows how complex and interconnected modern cloud-based infrastructure is, and that is a problem from a resilience perspective, especially if you do not have visibility into the nested dependencies that underlie your business technology stack.”
Regulatory intervention
Because of the impact such dependencies can have, Ellis is of the view that the AWS outage may prompt calls for regulatory intervention to prevent a repeat of it, in a similar vein to what Hiller and her colleagues on the Treasury Select Committee are calling for. “I do think it gives fodder to the greater push for sovereign cloud,” he said. “It also will probably spur regulation to increase visibility into dependencies and fault domains for critical sectors like finance.”
What users of hyperscale cloud services, such as AWS, need to know is what services and capabilities within their chosen suppliers’ extended portfolios are hosted in the UK, and how resilient they are, added Sayers.
To highlight why this is important, he cited the findings of a series of investigations into Microsoft’s cloud hosting arrangements in the Scottish policing sector that he worked with Computer Weekly to make public.
That work resulted in an initial disclosure from Microsoft that it could not guarantee the sovereignty of UK policing data stored and processed in its M365 platform.
This was later followed up with further revelations that policing data hosted in the Microsoft cloud could be processed in more than 100 countries, without users explicitly knowing about it.
“We already know Microsoft do not have a UK-based capability for all their services, but we need to know exactly what the [overseas hyperscalers] can deliver in the country and how resilient that actually is,” said Sayers. “We need to properly understand their points of failure and how they can be engineered around.”
Some of the hyperscalers have sought to evade answering questions on this point, claiming the information is commercially sensitive, he continued. “That’s not a defence we can tolerate anymore,” said Sayers. “These services are increasingly friable, increasingly complex and increasingly hidden from our view. If we are to rely on them, we need to know they are reliable, and if they aren’t then we need to pivot – at least for critical services.”
Customer-created issues
Ellis’s colleague, Dario Maisto, is a senior analyst at Forrester, who told Computer Weekly that AWS is aware that customer-created, cross-region architectural dependencies are part of a “bigger sovereignty problem” facing its European customer base.
“[AWS] is about to launch a perfect replica of its services [in Europe] under the AWS EU [European Union] sovereign cloud offer, with the first isolated [sovereign] region in Germany,” he said.
“In fact, the only way a client can be sure that its data and workloads do not suffer from any dependency from infrastructure abroad is physical and logical isolation of the cloud regions the client uses [so that it] must not be possible at all that the client is able to make any choice that creates a dependency on foreign infrastructure.”
Achieving this outcome, continued Maisto, means all of the services the customer needs must be hosted within the isolated region as the only ones the client can access. “A data boundary or a commitment to the market cannot guarantee what only a precise architectural construct of the client’s cloud environment can grant,” he added.
AWS is far from the only cloud provider to suffer an outage, and any cloud company an enterprise entrusts their data to could suffer a similar fate at some point in their existence.
However, Civo’s Boost said the incident highlights why enterprises should be looking to diversify their pool of cloud providers, but also why governments and regulators need to be taking a closer look at how much of the world’s infrastructure runs on a relatively small number of hyperscale cloud platforms.
“The more concentrated our infrastructure becomes, the more fragile and externally governed it is,” he said. “If Europe is serious about digital sovereignty, it needs to accelerate its shift towards domestically governed and diversified infrastructure. Governments and regulators have a responsibility to create the conditions for real competition. That means rethinking procurement, funding sovereign alternatives and making resilience a baseline requirement.”
Here’s what to get for your friend with the fiddly little fingers and stinky feet.
Source link
Britain’s Cyber Monitoring Centre (CMC) – a non-profit dedicated to analysing and categorising cyber incidents in the UK – has declared the Jaguar Land Rover (JLR) cyber attack a Category 3 Systemic Event on its “hurricane” scale and believes the overall financial cost to the economy adds up to about £1.9bn so far.
The cyber attack – linked to the loosely affiliated Scattered Lapsus$ Hunters hacking collective – shut down JLR’s assembly lines, with ripple effects spreading quickly across the UK’s automotive supply chain and harming more than 5,000 other organisations so far.
The CMC said its estimate, which sits within a modelled range of £1.6 to £2.1bn but may yet run higher, reflected the substantial disruption to JLR’s own capabilities and downstream organisations.
It cautioned that the estimate was still sensitive to multiple assumptions, with some key factors in this including whether or not JLR’s operational technology (OT) infrastructure was affected, and exactly when the organisation is able to fully restore its production lines – based on the time it took to reboot JLR production after the first Covid-19 lockdown, it estimates that this may not be until January 2026.
It described the JLR cyber attack as the single most economically damaging cyber event to ever hit the UK.
“That should make us all pause and think, and then – as the National Cyber Security Centre [NCSC] said so forcefully last week – it’s time to act. Every organisation needs to identify the networks that matter to them, and how to protect them better, and then plan for how they’d cope if the network gets disrupted,” said CMC technical committee chair and former NCSC lead Ciaran Martin.
CMC chief executive Will Mayes added: “We tend to think of systemic cyber risk as something that spreads through shared IT infrastructure: the cloud, a common software platform, or self-propagating malware. What this incident demonstrates is how a cyber attack on a single major manufacturer can cascade through thousands of businesses, disrupting suppliers, transport and local economies, and triggering billions in losses across the UK economy.
“No single organisation can manage these risks alone. Industry, insurers and government each have a role in strengthening the UK’s operational resilience. The CMC’s purpose is to create a shared, trusted evidence base that supports better decisions following major cyber events.”
The CMC’s assessment also considered some of the human impacts of the JLR attack, noting that while it had not endangered human life in the same way as cyber attacks on NHS bodies might, it had affected the job security of thousands, with knock-on consequences for mental and physical wellbeing and household resilience, as well as compound effects on existing economic, regional or social inequalities.
Phil Wright, partner at business advisory and accountancy firm Menzies, said the JLR incident demonstrated how exposed supply chains really are to disruption.
“The ripple effects stretch far beyond JLR itself. This isn’t just about delayed orders. Warehousing, logistics and even communication tools are paralysed, showing how fragile integrated supply chains become when a single system goes down,” he said.
“Integrated supply chains demand that all suppliers, regardless of size, need to critically evaluate the adequacy of their IT security infrastructure. The cost of more advanced infrastructure may be prohibitive for smaller players further down the chain, but their lack of resilience can mean that an incident proportional to their scale could be terminal.”
To meet the growing demands of flexible and wearable electronic systems, such as smart watches and biomedical sensors, electronics engineers are seeking high-performance transistors that can efficiently modulate electrical current while maintaining mechanical flexibility.
Thin-film transistors (TFTs), which are comprised of thin layers of conducting, semiconducting and insulating materials, have proved to be particularly promising for large-area flexible and wearable electronics, while also enabling the creation of thinner displays and advanced sensors.
Despite their potential, the energy-efficiency with which these transistors can switch electrical current has proved difficult to improve. This is due to the so-called thermionic limit, a theoretical threshold that delineates the lowest possible voltage required for a transistor to boost electrical current by a factor of 10 at room temperature when switching between “off” and “on” states.
Researchers at Soochow University and other institutes have developed a new TFT based on organic materials that could bypass this limitation, as it operates below the thermionic limit. The transistor, introduced in a paper published in Nature Electronics, was found to amplify signals with remarkable efficiency.
“Our work was driven by a fundamental challenge in wearable electronics and Internet of Things (IoT): the pursuit of high-performance devices with ultra-low-power consumption,” Jiansheng Jie, senior author of the paper, told Tech Xplore.
“Conventional organic thin-film transistors (OTFTs) are inherently limited by the thermionic emission mechanism, which sets a theoretical minimum for the subthreshold swing (SS)—a key metric that determines how efficiently a transistor can switch—of 60 mV dec-1 at room temperature. This inherent limitation results in excessive power dissipation during switching operations, posing a major barrier to energy-efficient operation.”
This recent study builds on recent works that highlighted the promise of so-called tunnel field-effect transistors (TFETs) based on inorganic semiconductors. These transistors were found to overcome the limitations of conventional transistors, leveraging a quantum mechanical process known as band-to-band tunneling.
“We sought to translate these advantages into the field of organic electronics,” said Jie. “Our central objective was to develop organic thin-film tunnel transistors (OTFTTs) capable of sub-60 mV dec-1 performance, thereby breaking the fundamental thermionic limit that has long governed conventional OTFTs.
“By demonstrating such behavior in a solution-processable, flexible organic platform, our research addresses a critical gap in the technological evolution of organic electronics and paves the way toward low-voltage, highly efficient flexible circuits for next-generation wearable and IoT applications.”
The new OTFTT developed by the researchers replaces the thermionic injection mechanism that drives the operation of conventional TFTs with band-to-band tunneling. This process allows charge carriers to pass through the energy barrier directly and at extremely low voltages, significantly boosting the devices’ switching efficiency.
“The key innovation lies in the design of a hybrid inorganic-organic source-channel heterojunction,” explained Jie.
“We combined molybdenum trioxide (MoO3), an inorganic metal oxide with a deep-conduction-band, with the 2,7-dioctyl[1]-benzothieno[3,2-b][1]benzothiophene (C8-BTBT) single-crystalline thin film, which has a relatively low highest occupied molecular orbital (HOMO) energy level. This creates a ‘broken-gap’ alignment, where the HOMO of C8-BTBT lies above the conduction band (CB) of MoO3.”
The configuration of the team’s transistor prompts the thermally excited tail of carriers originating from the MoO3 source to be sharply truncated. This in turn effectively suppresses classical thermionic emission processes, making band-to-band tunneling the dominant carrier injection mechanism.
“Meanwhile, by introducing a molecular decoupling layer (BPE-PDCTI) at the heterojunction interface, the Fermi-level pinning effect was effectively alleviated and the tunneling barrier height was further reduced,” said Jie.
“This strategic design enables the device to trigger charge band-to-band tunneling at an extremely low supply voltage. As a result, our OTFTTs overcame the 60 mV dec-1 thermionic limit on SS, achieving the lowest SS of 24.2 ± 5.6 mV dec-1 among the existing thin-film transistor technologies, alongside the record-high signal amplification efficiency of 101.2 ± 28.3 S A-1.”
The ultra-low SS yielded by the newly developed transistor is highly favorable for the development of low-power signal amplification circuits. In initial tests, circuits based on the transistor were found to achieve a gain in amplification of over 537 V V−1 at an ultra-low power consumption below 0.8 nW.
“Our OTFTTs break the fundamental thermionic limit—a long-standing theoretical ceiling on SS (60 mV dec⁻¹ at room temperature) that has constrained the energy efficiency of conventional thin-film transistors for decades,” said Jie.
“This breakthrough not only redefines the performance boundaries of organic electronics but also enables a new class of ultra-low-power devices. The practical implications are substantial. Our OTFTTs are ideally suited for energy-constrained applications such as wearable health monitors, implantable biosensors, and self-powered IoT nodes.”
Notably, the OTFTT developed by Jie and his colleagues is compatible with existing processing and electronics fabrication strategies. In the future, it could be improved further and used to develop a wide range of high precision sensing devices, including trackers for the diagnosis or monitoring of specific medical conditions, environmental sensing systems and neuromorphic (brain-inspired) computing hardware.
“In bridging the gap between the intrinsic physical limitations of organic semiconductors and the stringent efficiency demands of next-generation technologies, this work represents a critical step toward intelligent, pervasive, and environmentally benign electronic systems,” said Jie.
Other researchers could soon build on the team’s design and set out to develop similar OTFTTs. Meanwhile, Jie and his colleagues plan to continue improving their device, for instance, by optimizing its performance via the careful engineering of energy levels at the interface between the organic materials it is based on.
To do this, they will select organic semiconductors with reduced bandgaps and lower carrier effective mass, while also creating high-conductivity interfacial decoupling layers that could enhance the transistor’s tunneling efficiency and performance.
“We will also expand the technology to n-type OTFTTs to enable all-organic tunneling logic circuits, addressing the current gap in low-power organic logic applications,” added Jie.
“Moreover, we plan to deploy OTFTTs in high-precision biomedical signal amplification (e.g., EEG, EMG), ultra-sensitive environmental sensing (e.g., trace gas detection, low-light imaging), and low-power IoT signal processing.
“Finally, we will continue developing scalable integration techniques for the large-scale fabrication of the OTFTTs on flexible substrates, aiming to accelerate the industrial adoption of high-performance, energy-efficient organic electronic systems.”
Written for you by our author Ingrid Fadelli, edited by Sadie Harley, and fact-checked and reviewed by Robert Egan—this article is the result of careful human work. We rely on readers like you to keep independent science journalism alive.
If this reporting matters to you,
please consider a donation (especially monthly).
You’ll get an ad-free account as a thank-you.
More information:
Wei Deng et al, Organic thin-film tunnel transistors, Nature Electronics (2025). DOI: 10.1038/s41928-025-01462-7.
© 2025 Science X Network
Citation:
New organic thin-film tunnel transistors for wearable and other small electronics (2025, October 22)
retrieved 22 October 2025
from https://techxplore.com/news/2025-10-thin-tunnel-transistors-wearable-small.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Expert reveals why Duke of York title will remain dormant after Andrew
GM plans to launch eyes-off driving, Google AI and other new in-vehicle tech by 2028
The U is back … in the Bottom 10
-
Tech6 days agoWhy the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks
-
Tech1 week agoWhat Is Google One, and Should You Subscribe?
-
Tech3 days agoHow to Protect Yourself Against Getting Locked Out of Your Cloud Accounts
-
Tech1 week agoWIRED’S Favorite PC Monitor Is $75 Off
-
Business1 week agoBaroness Mone-linked PPE firm misses deadline to pay £122m
-
Sports1 week agoBrewers player ripped for avoiding hit-by-pitch that would have tied game: ‘All he had to do was stand there’
-
Fashion1 week agoItaly to apply extra levy on Chinese goods to safeguard its own fashion industry
-
Fashion1 week agoSelf-Portrait unveils high-profile Apple Martin campaign