CrowdStrike’s flawed update raises questions about tech dependency

Nevin Al Sukari - Sana'a - One error, like CrowdStrike’s on Friday, threatens society’s smooth functioning worldwide. — Reuters pic

WASHINGTON, July 20 — Catastrophic computer outages caused by a software update from one company have once again exposed the dangers of global technological dependence on a handful of players, experts warned.

A flawed update sent out by the little-known security firm CrowdStrike brought airlines, TV stations, and myriad other aspects of daily life to a standstill.

The outages affected companies or individuals that use CrowdStrike on the Microsoft Windows platform: when they applied the update, the incompatible software crashed computers into a frozen state known as the “Blue Screen of Death”.

“Today CrowdStrike has become a household name, but not in a good way, and this will take time to settle down,” said Dan Ives of Wedbush Securities yesterday.

The breakdown quickly fuelled discussions about internet giants’ power over the increasingly digital world economy, with more activity now taking place in the computing “cloud” or on a few apps or platforms.

Just ‘a taste’

When those platforms have flaws — or are deliberately attacked — the world seems to collapse.

In recent months, entire healthcare systems and industries have been paralysed after hackers infiltrated their systems, leaving consumers at their wits’ end and companies at a loss.

“I think we’re just getting a taste of some potential effects of real reliance by the financial sector and sectors across the economy on a handful of cloud companies and other key systems,” Rohit Chopra, director of the US Consumer Financial Protection Bureau, told CNBC.

“There are just a handful of big cloud companies where so much of the economy is now resting.”

The world has seen a major shift to cloud computing, where companies use servers offered by big tech giants for their computing needs instead of their own infrastructure.

Amazon, through its AWS company, is the world leader, followed by Microsoft’s Azure and Google Cloud.

Friday’s breakdown was caused by a malfunctioning software update fed to Microsoft Windows users by CrowdStrike, which specialises in cybersecurity for cloud-based companies.

“We’re deeply sorry for the impact we’ve caused to customers, travellers, and anyone affected by this,” CrowdStrike CEO Kurtz said in an interview on NBC’s “Today” show.

Microsoft blamed the problems on CrowdStrike, but industry insiders warned that the issue stems from entrusting the digital world to just a few key companies.

“It’s going to continue to raise issues for systems or businesses wholly dependent on Microsoft — this issue of concentration risk,” Michael Daniel, former White House cybersecurity coordinator and current head of the Cyber Threat Alliance told AFP.

“How do you balance the benefits of having everybody on the same operating system with the concentration risk that poses?”

Callie Guenther, senior manager of cyber threat research at Critical Start, warned that the shift to big players amplifies the impact of any system failure or vulnerability.

One error, like CrowdStrike’s on Friday, threatens society’s smooth functioning worldwide, she said.

No contingency plan

Andrius Minkevicius, co-founder of Cyber Upgrade, a cybersecurity company, said that businesses must fight the complacency often associated with outsourcing technology to the big vendors.

“Today, we’re seeing an example of those who relied mostly on vendor-offered cyber protection without additional contingency plans and are now suffering reputational and financial damage,” he said.

Experts warn that this incident will likely invite scrutiny from regulators and officials.

“CrowdStrike will probably have to let some outside people come in and examine how this happened,” said Cyber Threat Alliance’s Daniel. — AFP