Massive IT outage sheds light on serious vulnerabilities in the global information ecosystem

By Richard Forno, University of Maryland, Baltimore County | –

(The Conversation) – The global information technology outage on July 19, 2024, which crippled organisations from airlines to hospitals and even uniform deliveries for the Olympic Games, is a growing concern for cybersecurity experts, businesses and governments.

The outage is emblematic of the interdependence of corporate networks, cloud computing services and the Internet and the vulnerabilities they create. In this case, a faulty automatic update to CrowdStrike’s widely used Falcon cybersecurity software caused PCs running Microsoft’s Windows operating system to crash. Unfortunately, many servers and PCs require manual repair, and many of the affected organizations have thousands of them distributed around the world.

For Microsoft, the problem was made even worse because the company released an update to its Azure cloud computing platform around the same time as the CrowdStrike update. Microsoft, CrowdStrike, and other companies like Amazon have issued technical workarounds for customers willing to take matters into their own hands. But for the vast majority of global users, especially enterprises, this will not be a quick fix.

Modern technology incidents, be they cyberattacks or technical problems, continue to shut down the world in new and interesting ways. Massive incidents like the CrowdStrike update failure not only cause chaos in the business world, but also disrupt global society itself. The economic losses resulting from such incidents – loss of productivity, loss of recovery, disruption of business and personal activities – are likely to be extremely high.

As a former cybersecurity expert and current security researcher, I believe the world may finally be realizing that modern information-based society rests on very fragile foundations.

The bigger picture

Interestingly, a June 11, 2024 post on CrowdStrike’s own blog seemed to predict exactly this situation—the global computing ecosystem was being impacted by a vendor’s faulty technology—even though they probably didn’t expect their product to be the cause.

Software supply chains have long been a serious cybersecurity problem and a potential single point of failure. Companies like CrowdStrike, Microsoft, Apple, and others have direct, trusted access to the computers of organizations and individuals, so people need to trust that the companies are not only secure themselves, but that the products and updates they release are well-tested and robust before being applied to customers’ systems. The 2019 SolarWinds incident, in which the software supply chain was hacked, could well be seen as a preview of today’s CrowdStrike incident.

Image by Daniel Kirsch on Pixabay

CrowdStrike CEO George Kurtz said: “This is not a security incident or cyber attack” and that “the issue has been identified, isolated, and a fix deployed.” While this may be true from CrowdStrike’s perspective—they were not hacked—it does not mean that the impact of this incident will not cause security issues for customers. It is entirely possible that organizations may need to disable some of their internet security devices to get ahead of the problem, but in doing so they may have left themselves vulnerable to criminals trying to penetrate their networks.

Users are also likely to fall victim to various scams that take advantage of users’ panic or ignorance about the problem. Overwhelmed users could either accept false offers of help that lead to identity theft or throw money away on fake solutions to the problem.

Organizations and users will need to wait until a fix is ​​available or attempt to recover on their own if they have the technical capabilities. After that, I think there are several things to do and consider as the world recovers from this incident.

Companies need to ensure that the products and services they use are trustworthy. This means they need to carefully vet the vendors of such products for security and reliability. Large companies usually test all product upgrades and updates before releasing them to their internal users, but for some routine products, such as security tools, this may not happen.

Governments and businesses alike need to consider resilience when designing networks and systems. This means taking steps to avoid creating single points of failure in infrastructure, software and workflows that could be targeted by attackers or made worse by a disaster. It also means knowing whether the products organizations rely on are themselves dependent on certain other products or infrastructure to function.

Companies need to recommit to best practices in cybersecurity and overall IT management. For example, a robust backup system can facilitate recovery from such incidents and minimize data loss. Ensuring appropriate policies, procedures, personnel and technical resources are in place is essential.

Such problems in the software supply chain make it difficult to follow the standard IT recommendation to keep systems updated with the latest patches. Unfortunately, the costs of not updating systems regularly must now be weighed against the risk of such a situation recurring.

Richard Forno, lecturer in computer science and electrical engineering, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Video added by IC:

ABC News: “Impact of global power outage – how long will the ripple effects last?”