PATTERN Cited by 1 source

Quarterly Internet disruption review

Pattern: On a recurring quarterly cadence, an Internet-observability team (one that owns a large-scale traffic vantage point — CDN, reverse proxy, DNS resolver, recursive resolver) publishes a long-form narrative review of observed and confirmed Internet disruptions in that quarter — attributing, summarising, and contextualising each event — on the same blog channel as the team's ongoing per-event social-media posts.

The result is a canonical curated record of the quarter's meaningful disruptions: organised by cause category, anchored to the observatory's per-country / per-AS / per-region live data, and linkable for researchers, journalists, academics, and policy-makers.

The Cloudflare Radar instance (canonical)

Cloudflare Radar runs this cadence every quarter. Each quarterly post:

• Opens with a one-paragraph summary of what dominated the quarter (government shutdowns, grid failures, conflict, weather, cable incidents, carrier issues, "unknown cause" drops).
• Organises events by cause category:
• Government-directed shutdowns
• Power outages
• Military action (kinetic strikes, energy infrastructure targeting)
• Severe weather
• Cable damage
• Technical problems (carrier software issues)
• Unknown issues (residual unattributed anomalies)
• Per-event disclosure includes the start and end timestamps in local + UTC, the affected network / country / AS, the approximate magnitude of the traffic drop, and a link to the operator / regulator / news source confirming the event.
• Disclaims completeness explicitly — "This post is intended as a summary overview of observed and confirmed disruptions and is not an exhaustive or complete list of issues that have occurred during the quarter. A larger list of detected traffic anomalies is available in the Cloudflare Radar Outage Center."
• Closes with trend observations — e.g., the Q1 2026 review noted that Q1 2025 had zero observed government-directed shutdowns and Q1 2026 had at least three prolonged ones, making the year-over-year inversion a narrative of its own.
• Cross-references prior quarterly reviews to establish continuity (Cuba's March 2026 grid collapses cited September 2025, March 2025, and October 2024 grid collapses from prior reviews).

Why the pattern works

• Deliverable cadence aligns with media cycles — quarterly reviews feed into trade press, academic papers, and policy-maker briefings on a timeline that's slower than news but faster than annual reports.
• Curation adds value beyond raw data — the anomaly feed alone is too noisy for non-specialists; the quarterly review acts as the high-precision, editorially-reviewed layer on top.
• Institutional memory is preserved — cross-referencing prior reviews creates a cumulative record of infrastructure trends (e.g. Cuba's accelerating grid collapses).
• Policy impact is structural — researchers citing Radar's quarterly reviews appear in academic papers, digital-rights advocacy, and legal challenges (e.g. CIPESA's post-shutdown economic-impact analyses cited in Uganda litigation).

Composes with

• patterns/post-incident-postmortem-as-industry-contribution — the single-incident version of the publish-what-you-observed discipline. The quarterly review is the aggregate.
• Per-event social-media posts (@CloudflareRadar on X, Bluesky, Mastodon) — the quarterly review curates these into a narrative.
• Outage Center — the quarterly review is the long-form companion to the continuous Outage Center surface.

Structural requirements

To run this pattern successfully, a team needs:

• Continuous anomaly telemetry — per-country / per-AS / per-region metrics at fine enough granularity to distinguish regional from national events.
• External-source gathering and citation discipline — ties observed anomalies to operator statements, regulator announcements, and news coverage. Radar cites specific operator posts on X, news articles, and regulator press releases in every event section.
• Editorial willingness to disclaim incompleteness — the pattern explicitly does not promise exhaustive coverage.
• Quarterly editorial capacity — a multi-week effort per quarter to curate, attribute, and write.

Generalises to

The shape generalises beyond Internet observability:

• DDoS landscape reports (Cloudflare's own DDoS Threat Report follows a similar quarterly / semi-annual cadence).
• Threat-intelligence quarterly reports from security vendors.
• Cloud incident reviews at industry-analyst scale.
• Financial-infrastructure reliability reports (e.g. payment network outage compilations).

In each case, the value is the same: raw telemetry alone is not meaningful to most readers, but curation into a quarterly narrative is.

Seen in

• sources/2026-04-28-cloudflare-q1-2026-internet-disruption-summary — canonical sysdesign-wiki instance. Q1 2026 edition covers: government shutdowns (Uganda, Iran ×2, Republic of Congo); power / grid (Cuba ×3, Paraguay, Dominican Republic, Moldova / Ukraine cross-border, U.S. Virgin Islands); military (Ukraine ×2, AWS Middle East drone strikes ×2); weather (Portugal Storm Kristin with its multi-week tail); cable (WACS / Republic of Congo); technical (Verizon Wireless); unknown (Flow Grenada, Orange Guinée, TalkTalk UK). Closes with a narrative-of-the-quarter summary framing this as "an unusually high number of severe and prolonged Internet disruptions."

Related

• systems/cloudflare-radar
• systems/cloudflare-radar-outage-center
• concepts/traffic-anomaly
• companies/cloudflare