Days Later, Global Fallout From CrowdStrike Outage Continues
The massive IT outage caused by a faulty software update from the cybersecurity firm, CrowdStrike crippled major systems worldwide. It grounded airlines, and caused chaos for medical facilities, businesses, and even police forces. While CrowdStrike issued a "fix," many systems required manual intervention to recover fully, leading to delays and continued disruptions. The outage highlights significant vulnerabilities in global IT infrastructure and underscores the critical importance of robust cybersecurity measures.
Kara Struckman, Program Associate with the Wilson Center's Science and Technology Innovation Program (STIP), provides an overview of the ongoing impact of this event. She covers the importance of rigorous testing for cybersecurity software updates, diversifying infrastructure so that society is not reliant on a single source for software or product, what CrowdStrike’s response has been to the incident, and the threat that still exists as malicious actors try to take advantage of the continuing chaos.
Video of Transcript
Days Later, Global Fallout From CrowdStrike Outage Continues
This incident highlighted the risks that come with a monoculture software regime. Or essentially, when we're too reliant on specific products or specific companies like Microsoft, and that when we have a monoculture or don't have a diversity in our IT infrastructure, we then have a system that's susceptible to a single source of failure.
So essentially, this single bug in a CrowdStrike update was able to cause damage across the globe.
This was fortunately not a malicious actor attempt. And this should serve as a reminder, that this very well could have been, and because our society continues to be more interconnected, and more digitized, we need to think of security from the onset of every decision.
And security cannot be an afterthought. And that goes in terms of who you employ in terms of ensuring that systems are diversified, in terms of knowing what software is in all your products. And also, I think a big part of that is also shifting burden outside of the consumer to software providers and more generally.
While this bug was most likely a result of a lack of testing and would have been more easily mitigated with fail safes and a phased rollout, CrowdStrike has been incredibly transparent and has been working nonstop to try to help impacted customers in terms of providing different fixes, providing videos in terms of how to manually fix it yourself.
With that all said, it will still take multiple weeks for all impacted systems to be operational again. and I think we will be seeing organizational changes within CrowdStrike, to make sure, and minimize the chances of this occurring again.
And the near term, while this was not an attack, it did not stem from a malicious actor, we still need to remember that most actors take advantage of chaos and are actively doing that right now. So we need to make sure that people try to verify all information they receive and make sure that they're working with trusted partners.
In terms of the long term, cybersecurity software updates need to go through the same rigorous testing and expectations that other software updates go through. So in terms of testing, having phased rollouts and taking the steps needed to make sure that, each change we make, if something goes wrong with it, we're taking the steps to minimize any damage.