Tech
Government faces questions about why US AWS outage disrupted UK tax office and banking firms | Computer Weekly
The UK government is being pressed for a response as to why a major, multi-hour Amazon Web Services (AWS) outage in the US disrupted UK-based organisations, including HM Revenue & Customs (HMRC) and Lloyds Banking Group.
The outage, which AWS confirmed started just before 8am UK time on 20 October, originated in AWS’s US-East-1 datacentre region in North Virginia, and caused large-scale disruption to a host of companies across the world, including in the UK.
The US-East-1 region is renowned for being Amazon’s first and flagship cloud region, as well as its largest, and is often the place where the public cloud giant rolls out new services to customers first.
For this reason, it is not unheard of for service issues with the US-East-1 region to blight overseas users of the firm’s cloud technologies.
But with concerns mounting in the UK (and other geographies) about the public and private sector’s over-reliance on US-based big tech platforms, the outage has led to renewed calls for greater transparency about the resiliency of the nation’s hosting arrangements.
“The narrative of bigger is better and biggest is best has been shown for the lie it always has been,” Owen Sayers, an independent security architect and data protection specialist with a long history of working in the public sector, told Computer Weekly. “The proponents of hyperscale cloud will always say they have the best engineers, the most staff and the greatest pool of resources, but bigger is not always better – and certainly not when countries rely on those commodity global services for their own national security, safety and operations.
“Nationally important services must be recognised as best delivered under national control, and as a minimum, the government should be knocking on AWS’s door today and asking if they can in fact deliver a service that guarantees UK uptime,” he said. “Because the evidence from this week’s outage suggests that they cannot.”
Government use of cloud under scrutiny
AWS has vowed to publish a detailed “post-event summary” detailing the causes of the outage and the steps it had to take to bring services back online.
In the meantime, and in line with Sayers’ recommendations, HM Treasury is already being asked to account for why it has not used powers conferred on it earlier this year to ensure suppliers like AWS are up to the job of delivering resilient cloud services to organisations in the financial services sector.
The chair of the Treasury Select Committee, Meg Hillier, published a letter she has written to the economic secretary, Lucy Rigby, that appears to have been penned during the AWS outage.
The letter calls on Rigby for clarification about why, despite having the power to do so since January 2025, the Treasury has apparently so far neglected to add AWS to its Critical Third Parties (CTP) list of suppliers.
This designation, which was introduced through changes made to the Financial Services and Markets Act 2020 in November 2024, is intended to provide the UK’s financial regulators with the means to include third-party suppliers to the sector within their supervisory scope – the idea being that doing so might help better manage any potential risks to the stability and resilience of the UK financial system that might arise as a result of a third-party supplier suffering from service disruption, as happened on 20 October with AWS.
As stated in Hillier’s letter, it appears the Treasury is yet to call any suppliers into the scope of the CTP regime, including AWS, which is known to be a supplier to a large number of UK financial services institutions.
“In light of today’s major outage at Amazon Web Services … why has HM Treasury not designated Amazon Web Services or any other major technology firm as a CTP for the purposes of the Critical Third Parties Regime,” asked Hillier, in the letter. “[And] how soon can we expect firms to be brought into this regime?”
Hillier also asked HM Treasury for clarification about whether or not it is concerned about the fact that “seemingly key parts of our IT infrastructure are hosted abroad” given the outage originated from a US-based AWS datacentre region but impacted the activities of Lloyds Bank and also HMRC.
On the latter point, Hiller asked: “What work is HM Treasury doing with HMRC to look at what went wrong, and how this may be prevented in future?”
Computer Weekly contacted HM Treasury for details of its response to Hillier’s letter, and to seek clarification on whether it has plans to imminently add AWS to the CTP list. It also asked if the Treasury has concerns about parts of the UK’s banking infrastructure being hosted overseas, in the wake of the outage.
A spokesperson for the government department did not directly answer the questions posed by Computer Weekly, but did provide the following statement in response:
“We know the threat cyber attackers present, which is why we are working with regulators to establish a Critical Third-Party regime, so we can hold firms providing these services to the same high standards as other financial services institutions,” the Treasury statement read.
UK reliance on overseas clouds
Hillier’s question to the Treasury about whether it has any concerns about key parts of the UK’s IT infrastructure being hosted overseas is being echoed by other UK cloud market watchers and stakeholders in the wake of the outage.
“We should be asking the obvious question: why are so many critical UK institutions, from HMRC to major banks, dependent on a datacentre on the east coast of the US?” said Mark Boost, CEO of London-based cloud services provider Civo.
“Sovereignty means having control when incidents like this happen – but too much of ours is currently outsourced to foreign cloud providers. The AWS outage is yet another reminder that when you put all your eggs in one basket, you’re gambling with critical infrastructure.
“When a single point of failure can take down HMRC, it becomes clear that our reliance on a handful of US tech giants has left core public services dangerously exposed,” he said.
AWS has operated a UK datacentre region since 2016, with a key selling point of these facilities being that it would allow UK-based organisations to access locally hosted versions of its public cloud services.
This adds further weight to Boost and Hillier’s line of questioning about why a US outage impacted UK-based organisations when, presumably, these organisations should be relying on the UK region to access AWS services.
When Computer Weekly put this question to AWS, citing the disruption caused to HMRC during the outage as an example, a company spokesperson advised the publication to direct that comment directly to the government tax agency.
Shared responsibility model
That response (or lack thereof) potentially speaks to the notion of the “shared responsibility model” that AWS subscribes to, whereby the organisation considers security, compliance and the resilience of its customers’ cloud environments to be something of a shared burden.
As detailed on the company’s Shared Responsibility Model reference web page, this setup is designed to “relieve” AWS customers of the operational burden of running their own cloud infrastructure, but they remain responsible for whatever data they choose to host in it.
“Customers should carefully consider the services they choose [to host in AWS] as their responsibilities vary depending on the services used, the integration of those services into their IT environment, and applicable laws and regulations,” said AWS.
“The nature of this shared responsibility also provides the flexibility and customer control that permits the deployment.”
Speaking to Computer Weekly, Brent Ellis, principal analyst at IT market watcher Forrester, said the fact the outage originated in the AWS US-East-1 region and impacted UK organisations suggests “at least some part” of the HMRC and Lloyds setups had a dependency on that region.
“That would have been an architecture choice by those companies, but not necessarily a fault of AWS,” said Ellis. “That dependency could also have been introduced by a nested SaaS [software as a service] component for the organisations involved.
“Generally, I think this shows how complex and interconnected modern cloud-based infrastructure is, and that is a problem from a resilience perspective, especially if you do not have visibility into the nested dependencies that underlie your business technology stack.”
Regulatory intervention
Because of the impact such dependencies can have, Ellis is of the view that the AWS outage may prompt calls for regulatory intervention to prevent a repeat of it, in a similar vein to what Hiller and her colleagues on the Treasury Select Committee are calling for. “I do think it gives fodder to the greater push for sovereign cloud,” he said. “It also will probably spur regulation to increase visibility into dependencies and fault domains for critical sectors like finance.”
What users of hyperscale cloud services, such as AWS, need to know is what services and capabilities within their chosen suppliers’ extended portfolios are hosted in the UK, and how resilient they are, added Sayers.
To highlight why this is important, he cited the findings of a series of investigations into Microsoft’s cloud hosting arrangements in the Scottish policing sector that he worked with Computer Weekly to make public.
That work resulted in an initial disclosure from Microsoft that it could not guarantee the sovereignty of UK policing data stored and processed in its M365 platform.
This was later followed up with further revelations that policing data hosted in the Microsoft cloud could be processed in more than 100 countries, without users explicitly knowing about it.
“We already know Microsoft do not have a UK-based capability for all their services, but we need to know exactly what the [overseas hyperscalers] can deliver in the country and how resilient that actually is,” said Sayers. “We need to properly understand their points of failure and how they can be engineered around.”
Some of the hyperscalers have sought to evade answering questions on this point, claiming the information is commercially sensitive, he continued. “That’s not a defence we can tolerate anymore,” said Sayers. “These services are increasingly friable, increasingly complex and increasingly hidden from our view. If we are to rely on them, we need to know they are reliable, and if they aren’t then we need to pivot – at least for critical services.”
Customer-created issues
Ellis’s colleague, Dario Maisto, is a senior analyst at Forrester, who told Computer Weekly that AWS is aware that customer-created, cross-region architectural dependencies are part of a “bigger sovereignty problem” facing its European customer base.
“[AWS] is about to launch a perfect replica of its services [in Europe] under the AWS EU [European Union] sovereign cloud offer, with the first isolated [sovereign] region in Germany,” he said.
“In fact, the only way a client can be sure that its data and workloads do not suffer from any dependency from infrastructure abroad is physical and logical isolation of the cloud regions the client uses [so that it] must not be possible at all that the client is able to make any choice that creates a dependency on foreign infrastructure.”
Achieving this outcome, continued Maisto, means all of the services the customer needs must be hosted within the isolated region as the only ones the client can access. “A data boundary or a commitment to the market cannot guarantee what only a precise architectural construct of the client’s cloud environment can grant,” he added.
AWS is far from the only cloud provider to suffer an outage, and any cloud company an enterprise entrusts their data to could suffer a similar fate at some point in their existence.
However, Civo’s Boost said the incident highlights why enterprises should be looking to diversify their pool of cloud providers, but also why governments and regulators need to be taking a closer look at how much of the world’s infrastructure runs on a relatively small number of hyperscale cloud platforms.
“The more concentrated our infrastructure becomes, the more fragile and externally governed it is,” he said. “If Europe is serious about digital sovereignty, it needs to accelerate its shift towards domestically governed and diversified infrastructure. Governments and regulators have a responsibility to create the conditions for real competition. That means rethinking procurement, funding sovereign alternatives and making resilience a baseline requirement.”
Michael Calore: Recording works.
Lauren Goode: Recording. Yeah.
Michael Calore: Yeah. It’s like when people say, let me film that. You’re not actually filming anything. You’re shooting a digital video.
Lauren Goode: So then if you have a video podcast, are you shooting the podcast? What do you say? Do you say taping, then?
Michael Calore: I think you say recording because it just—
Lauren Goode: Recording the pod.
Michael Calore: Yeah.
Lauren Goode: We’re recording the pod.
Michael Calore: It covers all the bases.
Lauren Goode: We’re capturing it.
Michael Calore: That’s what we’re doing.
Lauren Goode: We’re sublimating it. All right. Well, should we record this pod?
Michael Calore: I would like to, yes.
Lauren Goode: Let’s do it.
Michael Calore: Honestly, I’m still recovering from last week’s Big Interview event. My throat is still feeling a little bit raw, even though it’s been like four or five days.
Lauren Goode: You sound delightful to me.
Michael Calore: Thank you.
Lauren Goode: But that really was an epic event.
Michael Calore: It was.
Lauren Goode: Yeah.
Michael Calore: You were on stage.
Lauren Goode: I was. I was first up in the morning. Katie, our boss, gave the intro to the conference and then it was me and Lisa Su, the CEO of AMD. And not only was it a really interesting conversation, but then I was done for the day. I didn’t have to do any more interviews after that. And I just got to listen and absorb, and there were some other really great talks.
Michael Calore: There were, yes. And we’re going to talk through some of them. We’re also going to listen to your conversation with Lisa Su, and then we’ll talk about it, and we’ll take listeners behind the scenes of The Big Interview.
SpaceX is planning to raise tens of billions of dollars through an initial public offering next year, multiple outlets have reported, and Ars can confirm. This represents a major change in thinking from the world’s leading space company and its founder, Elon Musk.
The Wall Street Journal and The Information first reported about a possible IPO last Friday, and Bloomberg followed that up on Tuesday evening with a report suggesting the company would target a $1.5 trillion valuation. This would allow SpaceX to raise in excess of $30 billion.
This is an enormous amount of funding. The largest IPO in history occurred in 2019, when the state-owned Saudi Arabian oil company began public trading as Aramco and raised $29 billion. In terms of revenue, Aramco is a top-five company in the world.
Now SpaceX is poised to potentially match or exceed this value. That SpaceX would be attractive to public investors is not a surprise—it’s the world’s dominant space company in launch, space-based communications, and much more. For investors seeking unlimited growth, space is the final frontier.
But why would Musk take SpaceX public now, at a time when the company’s revenues are surging thanks to the growth of the Starlink Internet constellation? The decision is surprising because Musk has, for so long, resisted going public with SpaceX. He has not enjoyed the public scrutiny of Tesla, and feared that shareholder desires for financial return were not consistent with his ultimate goal of settling Mars.
Data Centers
Ars spoke with multiple people familiar with Musk and his thinking to understand why he would want to take SpaceX public.
A significant shift in recent years has been the rise of artificial intelligence, which Musk has been involved in since 2015, when he cofounded OpenAI. He later had a falling out with his cofounders and started his own company, xAI, in 2023. At Tesla, he has been pushing smart-driving technology forward and more recently focused on robotics. Musk sees a convergence of these technologies in the near future, which he believes will profoundly change civilization.
Raising large amounts of money in the next 18 months would allow Musk to have significant capital to deploy at SpaceX as he influences and partakes in this convergence of technology.
How can SpaceX play in this space? In the near term, the company plans to develop a modified version of the Starlink satellite to serve as a foundation for building data centers in space. Musk said as much on the social media network he owns, X, in late October: “SpaceX will be doing this.”
Weatherproofing. Every model needs a weatherproof rating to survive outside, so if you don’t see one, don’t buy it. There’s usually a lower rating for the control box compared to the rest of the lights, so be sure you can put that somewhere that’s a little less exposed to the elements. (As mentioned above, make sure you have an outdoor outlet, and check if there’s only one on a certain side of your home in case it limits your installation options.)
A range of installation options. You’ll want a set that comes with plenty of options for your own installation, including adhesive and drilled mounting options. What you need will vary based on your home design and materials; e.g., you’ll want adhesive for homes you can’t drill into. WIRED reviewer Kat Merck, who tested a couple different permanent lights, especially liked sets that had holders you screw onto your home that the puck-style permanent lights can slide onto.
Controls for individual lights. This should be a no-brainer, but some cheaper lights won’t give you this ability or have more roadblocks for customized control. Make sure you’ll have easy individual controls, or you might find yourself frustrated with the design results of these lights. It’s similar to design controls that you’d see on smart bulbs and smart string lights.
A great app. This goes hand in hand with the need for individual light control—a good app determines whether that and other features are accessible. Govee and Eufy, two of our favorite permanent outdoor lights we’ve tried, both have good apps that are easy to use and come with preloaded designs. These tech companies make more than just outdoor lights and make other favorite gear of ours, so they’re a good brand to trust to make a usable product and app. We also like Lepro’s more affordable lights, though the app had some extra hoops to jump through to get to controls, while Lumary’s app was a brutal experience for our tester.
Our Favorite Permanent Outdoor Lights
We’ve tested a handful of permanent lights on different homes, and have a few clear favorites. These options are all ones we recommend, provided your home exterior meets the constraints mentioned above.
This model from Govee has been one of our top picks in our smart Christmas lights review for a reason, and it’s still one of our favorite models at this price point for everything you’ll get with it. WIRED reviewer Simon Hill tested the 100-foot string that came with six sections, plus an extension code. He used adhesive and screw clips to secure the light pucks and cables, and found installation easy. This is a set that you can cut and splice, but he says that isn’t a task for the faint of heart. It has an IP67 rating, and an IP65 rating for the control box. The busy companion app has everything you could want within it: color controls, tons of Scenes (Govee’s lighting effects), scheduling abilities, and even a music sync option (though that felt a little gimmicky). There’s Matter support, and Govee can connect to Alexa and Google’s ecosystems for voice control. Simon says he’d like these lights to be closer together and the design to be a little more subtle, as you can see the cords pretty easily.
WIRED reviewer Kat Merck has tested two different sets of permanent outdoor lights on her home, and Eufy’s S4, incorporating RGB with both warm and cool whites, is by far her favorite. She’s found the app incredibly easy to navigate and find the features she wants, from preset holiday scenes (120!) and colors to schedules and brightness adjustments. There’s even an AI feature that lets you create customized light shows based on moods and scenarios. They were relatively easy to install on her home, which has nonstandard architectural features, as this set has extensions and can be cut and spliced. She says the lights aren’t quite as bright as the Lumary Max set below, but the brightness is adjustable. There’s also a radar motion sensor included, which she’s still testing. The Eufy S4 set also works with the Matter protocol, so it will work with Apple, Google, and Alexa’s smart home ecosystems. It’s got a waterproof rating of IP67 like the Govee set above.
Cync, which comes from appliance maker GE, makes affordable smart bulbs and other smart lights I like, so it’s not a huge surprise that I also liked the brand’s Smart Eave Lights. They were easy to install with 3M sticky strips already installed on the individual lights, and since my eaves are out of safe reach on my townhouse, I used the lights on my balcony railing with great success. One piece of the 100-foot set (it comes with four strings, plus an extension) was the perfect length to loop around my 9-foot-long railing. The set quickly connected to the Cync app, and the power cord is nice and long to make it easy to reach wherever your power outlet is. It has a waterproof rating of IP65.
If You Can’t Install Permanent Outdoor Lights
Not every home is a good fit for these types of lights. I haven’t yet found a permanent light set that works with my home, so here’s what I’ve used instead for a similar result.
Twinkly
Strings Multicolor
These lights are photographed on a tree, but they have a weatherproof rating of IP44 (for both the lights and the power supply) to be used outside. I love how much you can customize these lights. You’ll use the app to take a photo of however you’ve set up your lights, whether that’s around the tree, around your balcony’s railing, or along the front of your house, and then you’ll be able to customize the lights and pattern based on how you arranged it. There are tons of fun light designs already in the app, and you can make your own. It’s a good option if you can only do string lights but want smart capabilities. These lights are also compatible with Amazon’s, Google’s, and Apple’s ecosystems. Twinkly also makes an icicle-style smart light string ($110), which I love using outside too; they’re currently hanging above my garage door.
More Outdoor Lights We’ve Tested
- Cync Outdoor Light Strip for $154: I was really hoping this would be a good solution for outdoor lights for my balcony, but this light strip is heavy and tall, and better designed to use to line a yard versus sticking onto the side of a railing. It comes with grass stakes to line it.
- Lepro’s E1 AI for $153 (50 ft): These permanent outdoor lights are completely sold out right now, but they are another more affordable option. However, they aren’t as cheap as Cync and you will have to get around the app’s AI to really get the most out of it.
- Lumary Outdoor Permanent Lights Max ($260 for 105 ft.): Lumary’s lights were frustrating and limiting for our tester. The app wasn’t intuitive or easy to use, and our tester actually had to have the power box replaced after she tried to connect the lights to a different phone. She liked how bright the lights were, and the fact there’s a physical remote, but the app, power box shutdown, and installation limitations compared with other sets (no splicing ability, installation recommended from the left) make this one we’d skip. Lumary has since released an updated version of its outdoor permanent lights, the Permanent Outdoor Lights 2, which includes a completely redesigned app, including the addition of custom-scene saving, but we haven’t tested them yet.
FAQs
What Are the Cons of Permanent Christmas Lights?
The only real downside to permanent Christmas lights, or permanent outdoor lights of any kind, is the cost. These sets usually cost significantly more than a light string, even the smart ones. That’s because they’re designed to last longer on your home, and the more expensive sets allow you to cut and splice the cords to perfectly fit your home instead of dangling strings and extra lights. It’s an investment, but one you can enjoy year-round.
Are Permanent Outdoor Lights Worth It?
Yes, because you’ll install them once and be good to go with every holiday in your future: Christmas! Halloween! Your fave sports team headed to a big championship match! Your kid’s graduation (or your own)! Similar to how smart bulbs can give you so many options inside your home, the possibilities are endless and something you’ll be able to use and enjoy year-round.
How Does WIRED Test Permanent Outdoor Lights? What Happens When We’re Done Testing?
WIRED tests permanent outdoor lights on the homes of our reviewers. We’ve tested these lights on three different homes in separate areas with serious weather: Washington state, Missouri, and Scotland. We’ve also tested a set in the more mild climate of Southern California. We install these on the homes themselves and leave them up for at least a few weeks, if not months and years (depending on performance), to see how they hold up. Our picks remain on our homes for long-term testing, as these lights are supposed to be permanent, and used sets are safely disposed of.
Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.
Refund Delay 2025: A Step-By-Step Guide To Check Income Tax Payout Status
Iran detains Nobel peace laureate Narges Mohammadi
Celebs flood her with wishes
-
Politics5 days agoThailand launches air strikes against Cambodian military: army
-
Sports1 week agoAustralia take control of second Ashes Test | The Express Tribune
-
Politics7 days ago17 found dead in migrant vessel off Crete: coastguard
-
Fashion5 days agoGermany’s LuxExperience appoints Francis Belin as new CEO of Mytheresa
-
Tech1 week agoWIRED Roundup: DOGE Isn’t Dead, Facebook Dating Is Real, and Amazon’s AI Ambitions
-
Politics5 days agoZelenskiy says Ukraine’s peace talks with US constructive but not easy
-
Fashion1 week agoBangladesh’s economic outlook cautiously optimistic: Govt
-
Tech4 days agoJennifer Lewis ScD ’91: “Can we make tissues that are made from you, for you?”