This organisational inertia is also what makes Renesys deem China at "low risk" of internet cutoff. Beijing's autocrats would have to make too many phone calls to too many frontier ISPs across their vast domain, says Cowie, to make a bona fide internet blackout very practical. And that's just the official global connections. "There are a lot of independent, unlicensed connections; foreign companies [doing business in China] have VPNs" that connect them to their home countries, Cowie says. "I'd have to believe it'd be a leaky bucket."
Not everyone agrees with Renesys's sanguine assessment of China's disconnection risk. "It doesn't seem to be accurate," says Adam Segal, an expert on Chinese technology and cybersecurity at the Council on Foreign Relations. "Given everything we know, there's no reason to believe the [Chinese] ISPs wouldn't fall into line if the government said to shut down."
Segal cites the blackouts in Xinjiang and Tibet as evidence of China's ability to flex its organisational muscle over its frontier internet connections. Chinese ISPs are already accustomed to constantly filtering and censoring all global web traffic; "they know that if they don't do it, they won't be in business any longer," Segal says. "Unless society has completely broken down there, it's hard to imagine that a company would balk [at a cutoff order]." So while it might take a lot of phone calls to cut China off from the web, those calls could go through rather quickly.
What's more, the result probably wouldn't even look like a blackout at first. "The Chinese don't want to be considered in the same category as Syria and Egypt," Segal explains. "They have to maintain a story to their users that they have an open internet, so what they get instead are incredibly slow load times. They very rarely will get blocked."
The organisational nature of resilience extends into the purely digital realm, as well. After all, at its most fundamental level, the internet is just information: a set of open, mutually agreed-upon standards called TCP/IP. Those protocols connect the "autonomous systems" that make up the so-called "network of networks" we call the global internet. This is made up of tens of thousands of these autonomous systems; countries have them, and so do large organisations and companies. "If IP addresses are like street numbers for individual computers, autonomous systems are a bit like postcodes," explains John Graham-Cumming, an author, programmer and cybersecurity expert at Cloudflare. "They are how one network says to another, 'I am the place to go if you want to reach Belarus, or the BBC."
In the case of Belarus – the only country in Europe marked "at significant risk" of internet disconnection according to Renesys – "there is a single 'postcode', controlled by a state-owned telecom company, that connects to the rest of the world," says Graham-Cumming. "If you had control of that, you could cut the country off." These "postcodes" aren't secret, either – the internet wouldn't work if they were. Belarus's is 6697.
To the other autonomous systems and routers connecting the global internet, this single four-digit number represents Belarus's entire existence. And removing it would be trivial, says Graham-Cumming: "You'd go to the telecom company, and a command would be typed into the routers, saying 6697 doesn't exist anymore, or that it's empty. Because the internet operates by cooperation, the other routers would say, 'OK, thanks for the update.' And you'd be gone."
Much like a neutron bomb wiping out life while preserving physical property, neutralising an autonomous system's address can "delete" portions of the internet without making costly or irreversible changes to network infrastructure. "If any country wants to cut [itself] off, it's all done on the command line, and you can leave it all running," Graham-Cumming says. He suspects this is what happened in Syria – although, as Jim Cowie adds, "we won't know for sure until the war's over and we can talk to the network engineers."