How Connected Communities Create Resilience Against Cyberattacks

Modern digital infrastructure has, over the past three decades, evolved in a direction that systematically increases vulnerability to catastrophic failure. The driver is economic efficiency: centralization reduces duplication, achieves economies of scale, and allows optimization that distributed systems cannot match. The cost — paid not by those who make the centralization decisions but by the communities that depend on the centralized systems — is the concentration of critical functions in single points of failure.

The history of devastating cyberattacks is, at its core, a history of successful attacks on centralized systems.

The 2003 Northeast blackout, though caused by a software bug rather than a cyberattack, demonstrated the cascading failure dynamics of a highly interconnected grid: a single event in Ohio propagated through the grid's interconnections to cut power to 55 million people across eight states and two Canadian provinces within minutes. The grid's efficiency — its tight coupling and optimization — was the mechanism of its catastrophic failure.

The 2017 NotPetya attack, now attributed to Russian military intelligence, used a compromised Ukrainian accounting software update to inject malware that spread across the internet, eventually causing an estimated $10 billion in damages to companies including Maersk (the world's largest shipping company), Merck (the pharmaceutical company), and FedEx. NotPetya was not targeted at these companies; it was a worm that propagated through the network dependencies that made global commerce function. The attack exploited the deep interdependence of the global economy's digital infrastructure.

The 2021 Oldsmar, Florida water treatment plant attack — in which an attacker remotely accessed the plant's control system and attempted to increase the sodium hydroxide concentration to dangerous levels — demonstrated that critical infrastructure at local scale is also vulnerable, but in a different way. The attacker gained access through a remote desktop tool that the plant's operators were using for legitimate purposes. The attack was detected and reversed before any harm occurred. Had the plant been integrated into a centralized metropolitan water management system rather than operating independently with local monitoring, the dynamics would have been different.

The pattern across these cases: centralized systems fail catastrophically; distributed systems fail locally.

The internet was designed by ARPA in the 1960s with explicit attention to surviving nuclear attack. The key design principle was packet switching with dynamic routing: data would be broken into packets, each of which could take any available path through the network to its destination, with the routing determined in real time based on what paths were available. If any node in the network was destroyed, packets would route around it. No single node was essential to the network's function.

This design produced a network that was extraordinarily resilient. The early internet had no center; it was pure distribution. It survived decades of hardware failures, software bugs, and attacks without catastrophic systemic failure.

What the internet became, as it evolved into a commercial system, is something quite different. The major chokepoints of the modern internet — the backbone providers, the major cloud platforms, the domain name system — are highly centralized. When Amazon Web Services experiences an outage, significant portions of the internet become non-functional because so many services are hosted on AWS infrastructure. When Cloudflare, which provides DDoS protection and CDN services for a substantial fraction of the web, experiences an outage, the sites it protects disappear. When the BGP routing system — the internet's address book — is corrupted, as happens periodically through misconfigurations or deliberate manipulation, large portions of internet traffic are misrouted.

The commercial internet preserved the packet-switching architecture but rebuilt a de facto centralized control layer on top of it. The resilience properties of the original design have been substantially eroded by the economic incentives toward centralization.

The case for community-scale digital infrastructure is not primarily ideological. It is architectural: distributed systems with local capacity for independent operation are harder to attack at scale, because attacking any node produces local rather than systemic consequences.

Community mesh networks. Mesh networking technology allows devices to communicate directly with each other without routing through centralized infrastructure. A neighborhood mesh network can continue to function — providing local communication, sharing information, coordinating resources — even when its connection to the broader internet is cut, whether by a cyberattack, a physical infrastructure failure, or a deliberate shutdown order from a government.

Projects like Sudomesh in Oakland, Freifunk in Germany, and the Detroit Community Technology Project have demonstrated that community mesh networks are technically feasible, can be built and maintained by community volunteers with modest technical training, and can provide meaningful connectivity in conditions where centralized infrastructure fails. During Hurricane Maria in Puerto Rico, community mesh networks organized by local groups provided communication capacity in communities where cell towers and internet infrastructure were destroyed, and centralized providers could not restore service for months.

Community energy systems. The energy grid's centralized architecture — large generation facilities connected to distribution networks managed by regional utilities — produces vulnerability at every level of the system. Cyberattacks on utility SCADA systems have been documented in multiple countries, including the 2015 and 2016 attacks on Ukrainian power utilities that cut power to hundreds of thousands of people. The attacks succeeded because the SCADA systems were reachable and the grid was centrally managed.

Community energy systems — microgrids, solar cooperatives, community battery storage — distribute both generation and management. A neighborhood with its own solar generation and battery storage can "island" from the grid and continue to function when the grid fails. If the community's energy management system is compromised, the impact is local; the attacker has not gained leverage over regional or national energy supply.

The Bronzeville Community Microgrid in Chicago is designed to provide electricity to a neighborhood during grid outages, including scenarios in which cyberattacks on the larger grid require extended outages. Similar community microgrid projects operate in Australia, Europe, and parts of South Asia, providing both energy resilience and, incidentally, cyber resilience through distribution.

Community water systems. The consolidation of water utilities that has occurred in some countries — driven by the argument that large utilities achieve economies of scale and can maintain technical expertise that small utilities cannot — has increased the attack surface. A large utility serving a metropolitan area represents a high-value target; compromising its control systems could affect millions of people.

The United States' relatively fragmented water system — thousands of small, locally operated utilities rather than a few large ones — is often criticized as inefficient. It is also resilient: an attacker who compromises the Smalltown, Iowa water utility has not gained leverage over the water supply of any significant portion of the country. The argument for maintaining and supporting community-scale water infrastructure includes the cyber resilience argument alongside the local accountability and community control arguments.

The technical architecture of community-scale systems is one dimension of cyber resilience. The social dimension is equally important and less often discussed.

Cyberattacks succeed by disrupting coordination — the flows of information and instruction that allow complex systems to function. The Colonial Pipeline attack did not destroy the pipeline; it disrupted the company's confidence in its ability to manage and monitor the pipeline's operation. Restoring confidence — knowing that the system was clean, that the billing systems were functional, that the company could account for the fuel it was moving — was what took six days.

Communities with robust social coordination capacity are resilient against cyberattacks in ways that technically superior but socially isolated systems are not. When digital systems fail — whether from attack, from power outage, or from any other cause — the community that has maintained face-to-face relationships, knows its neighbors, and has practiced non-digital coordination can continue to function. It can organize resource sharing without an app. It can communicate without digital networks. It can make decisions without online platforms.

This social resilience is not romantic. It is a practical second-layer defense against the failure of digital infrastructure. The community that depends entirely on digital systems for coordination is fully exposed to digital system failures. The community that maintains social infrastructure alongside digital infrastructure retains coordination capacity across failure modes.

The broader point is that cyber resilience is not only a technical problem. It is a community design problem. The most technically sophisticated cybersecurity investment can be undermined by the social dependencies that make organizations unable to function when their digital tools are unavailable. The community that has practiced the social infrastructure of mutual aid, local knowledge, and distributed decision-making is cyber-resilient in a way that no technical investment alone can provide.

The civilizational argument for connected communities as cyber resilience infrastructure rests on a design principle: the right level of integration is the level at which efficiency gains are preserved without creating catastrophic single points of failure.

Pure isolation — communities with no connection to each other — maximizes local resilience but forfeits the efficiency and mutual aid capacity that connection provides. Pure integration — all functions centralized in single systems — maximizes efficiency but creates catastrophic vulnerability.

The optimum is federated: communities that maintain genuine local capacity for independent operation, connected to each other for resource sharing, mutual aid, and knowledge exchange, but not merged into systems where any single failure is a civilizational failure.

This is not a new insight in engineering. Redundancy, fault tolerance, and graceful degradation are standard design principles in safety-critical systems. What is novel is the application of these principles to the social architecture of civilization — the design of communities as the nodes of resilience in a federated network, rather than the design of communities as dependent terminals of centralized systems.

Connected communities create cyber resilience not primarily by being better at cybersecurity — though distributed systems do reduce attack surface — but by being the kind of communities that can continue to function when digital systems fail. The resilience is social before it is technical, and the technical architecture of community-scale distributed systems is the appropriate complement to the social architecture of genuine community.

The civilization that builds this way is not impregnable. No architecture is. But it is a civilization that fails locally rather than catastrophically, recovers from failures through community capacity rather than waiting for centralized restoration, and presents to any attacker a distributed system in which no single strike can produce systemic collapse. That is the architecture of a civilization that can survive.