ICANN Meeting, Mumbai, India | March 9, 2026

The Internet’s greatest vulnerabilities no longer lie in its protocols – they lie in the systems and infrastructure that sustain them.

That was the central message at ICANN’s Internet Resilience plenary in Mumbai, where the Marconi Society’s Internet Resilience Advisory Council brought technical leaders, policymakers, and operators together to confront a growing reality: the Internet is increasingly shaped by fragile power grids, concentrated cloud infrastructure, complex software supply chains, and regulatory pressure. The protocols that built the Internet remain robust, but the infrastructure and operational environment around them are becoming more fragile.

Fragility in the Internet’s Operational Environment 

Session moderator Ram Mohan, Chair of ICANN’s Security and Stability Advisory Committee (SSAC), framed the challenge clearly: “The problem is not protocol fragility – it is fragility in the Internet’s operational environment and infrastructure dependencies.”

The Internet’s foundational systems – DNS, BGP, IPv4, and the global routing architecture – were designed to survive disruption. They have done so for decades. What has changed is the surrounding infrastructure. Power systems, cloud platforms, software supply chains, and regulatory environments now play a decisive role in determining whether the Internet remains available and trustworthy.

Resilience, the panel argued, must be treated as a foundational design principle across the entire ecosystem, not just within technical standards.

Drawing on a year-long effort by the Marconi Society’s Internet Resilience Advisory Council, the discussion focused on four major threat areas:

1. Major power grid failures and their Internet consequences
2. Cascading outages from cloud and API failures
3. Policy and regulatory interventions with unintended DNS implications
4. Software supply chain attacks at unprecedented scale

Together, these risks reflect a shift from technical fragility to systemic fragility.

Power and the Internet: A Circular Dependency

One of the most urgent themes of the session was the growing interdependence between power and Internet infrastructure.

M.A.K.P. Singh, CTO of CyberPeace and former CISO of the Ministry of Power, Government of India, captured the dilemma succinctly: “We need electricity to run routers, and we need routers to run the grid. They are both interdependent.”

The 2025 Iberian Peninsula blackout illustrated how quickly this interdependence can cascade. Affecting tens of millions of people, the outage caused Internet traffic in Portugal to drop dramatically as autonomous systems stopped announcing prefixes, cell towers exhausted battery reserves, and data centers initiated emergency shutdowns.

The rise of renewable energy adds new complexity. Solar and wind generation, while essential for sustainability, introduce new grid stability challenges because they lack the stabilizing inertia of traditional power plants, making resilience planning more complex. When power fails, Internet infrastructure follows quickly – and recovery becomes harder because the logistics required to restore the grid depend on connectivity.

A counterexample from Puerto Rico offered a different approach. Communities that assumed grid failure was inevitable invested in localized resilience – small-scale solar, generators, and community-managed infrastructure. In those areas, Internet connectivity proved far more resilient, even during severe power disruptions. The lesson was simple but powerful: resilience improves when infrastructure is designed with failure as an expected condition.

Complexity as “Digital Heat”

Beyond power, the growing complexity of digital infrastructure is creating new vulnerabilities.

Modern applications routinely depend on dozens of APIs and third-party services, forming vast dependency chains that few organizations fully understand. Paul Vixie, a pioneer of DNS infrastructure, described the challenge with a striking analogy: “Complexity has the role in digital systems that heat has in physical systems. It’s a waste product, and you can’t get rid of it easily.”

The CrowdStrike incident of July 2024 served as a stark reminder of how monocultures of practice amplify risk. A flawed software update pushed automatically to Windows systems disrupted airlines, hospitals, and other critical services worldwide. The problem was not just the bug itself, but the scale and uniformity of the deployment.

Danny McPherson of Verisign noted that hyperscale infrastructure providers operate at such scale that operational mistakes inevitably have global consequences. The deeper problem is visibility: no single organization fully understands the entire dependency graph of modern Internet infrastructure. Troubleshooting becomes reactive, and risk management increasingly becomes probabilistic. Trust boundaries expand beyond manageable limits.

In this environment, resilience depends not just on engineering excellence, but on transparency and coordination across the supply chain.

The Human Dimension: Resilience is Trust

While much of the discussion focused on technical and operational risks, the session also highlighted the human consequences of Internet fragility.

Dan York of the Internet Society reframed the discussion in human terms. Initiatives in Sierra Leone are deploying mobile digital training centers that expand connectivity and economic opportunity for underserved communities. Small businesses, educators, and local entrepreneurs are using connectivity to grow incomes and improve access to services.

“Every outage that we have also erodes trust in the Internet,” York said. “We’re not just losing uptime. We are losing the argument that the Internet’s worth investing in.”

With billions of people still offline and resilience scores in developing regions remaining low, reliability is directly linked to digital inclusion and economic development. When connectivity fails, the most vulnerable communities are affected first and recover last.

Resilience, therefore, is not only a technical objective. It is a prerequisite for digital inclusion and economic development.

What ICANN and the Community Can Do

The session closed by addressing a practical question: ICANN cannot fix power grids or redesign global software supply chains, so where does its role in Internet resilience begin and end?

The discussion converged on three practical areas of action.

First, systematically identify resilience risks across the identifier ecosystem.
This includes root servers, registries, registrars, ISPs, and recursive resolvers. York suggested that mapping potential failure points and developing best practices for each segment would allow ICANN’s community structures to promote resilience through existing constituencies and operational networks.

Second, increase supply chain transparency and coordination.
Tonkin emphasized supply chain visibility as a prerequisite: demand network and physical design maps from suppliers, require risk management plans and independent audit results, and conduct joint cybersecurity exercises – because disasters don’t respect organizational boundaries.

Third, examine structural governance relationships in a resilience context.
Community member Michael Palage raised an important question: while ICANN maintains binding agreements with gTLD operators, its relationship with the Number Resource Organization is governed by a non-binding memorandum of understanding. In a supply chain resilience framework, such asymmetries may deserve closer examination.

These proposals reflect a broader shift in thinking: resilience is not a single technical solution, but a governance and coordination challenge requiring sustained community engagement.

From Conversation to Action

The Internet was built to route around obstacles. But the obstacles it now faces – fragile power grids, concentrated cloud infrastructure, opaque software supply chains, and underfunded prevention – cannot be routed around by protocols alone.

They require coordination across sectors, deliberate investment in resilience, and a shared commitment from the global Internet community. ICANN’s role, as highlighted in Mumbai, is to help convene that coordination and ensure resilience risks are surfaced and addressed across the identifier ecosystem.

The Mumbai plenary demonstrated that this conversation is moving from the margins to the center of Internet governance. The challenge now is turning awareness into coordinated action –  ensuring that the Internet remains resilient not only in its protocols, but across the infrastructure and operational systems that sustain it.

About the Marconi Society 

The Marconi Society builds communities of leaders and stakeholders that are at the forefront of emerging technology so that together we can create a more connected and sustainable world. 

For over five decades, we have celebrated the innovators, both established and emerging, who have shaped our connected world. The Institutes provide platforms to convene our network of visionaries to collaborate on identifying, assessing, and recommending ways to ensure that emerging technologies benefit society. 

About the Internet Resilience Institute

The Internet Resilience (IR) Institute advances Internet resilience by convening global experts across technical, industry, and policy domains to identify challenges, foster collaboration, and drive actionable solutions for a secure, reliable, and accessible digital future. 

This recap is based on the ICANN plenary session “From Stability to Survivability: ICANN’s Role in the Future of Internet Resilience,” held March 9, 2026, in Mumbai.