CrowdStrike crash raises questions about tech dependency
WASHINGTON—Catastrophic computer outages caused by a software update from one company have once again exposed the dangers of global technological dependence on a handful of players, experts warned on Friday.A flawed update sent out by the little-known security firm CrowdStrike brought airlines, TV stations and myriad other aspects of daily life to a standstill.The outages affected companies or individuals that use CrowdStrike on the Microsoft Windows platform: when they applied the update, the incompatible software crashed computers into a frozen state known as the “Blue Screen of Death.”
“Today CrowdStrike has become a household name, but not in a good way, and this will take time to settle down,” said Dan Ives of Wedbush Securities.
The breakdown quickly fueled discussions about internet giants’ power over the increasingly digital world economy, with more activity now taking place in the computing “cloud” or on a few apps or platforms.
Just ‘a taste’
When those platforms have flaws—or are deliberately attacked—the world seems to collapse.
In recent months, entire health-care systems and industries have been paralyzed after hackers infiltrated their systems, leaving consumers at their wits’ end and companies at a loss.
“I think we’re just getting a taste of some potential effects of real reliance by the financial sector and sectors across the economy on a handful of cloud companies and other key systems,” Rohit Chopra, director of the US Consumer Financial Protection Bureau, told CNBC.
“There are just a handful of big cloud companies where so much of the economy is now resting.”
The world has seen a major shift to cloud computing, where companies use servers offered by big tech giants for their computing needs instead of their own infrastructure.
Amazon, through its AWS company, is the world leader, followed by Microsoft’s Azure and Google Cloud.
Friday’s breakdown was caused by a malfunctioning software update fed to Microsoft Windows users by CrowdStrike, which specializes in cybersecurity for cloud-based companies.
“We’re deeply sorry for the impact we’ve caused to customers, travelers, and anyone affected by this,” CrowdStrike CEO Kurtz said in an interview on NBC’s “Today” show.
Microsoft blamed the problems on CrowdStrike, but industry insiders warned that the issue stems from entrusting the digital world to just a few key companies.
“It’s going to continue to raise issues for systems or businesses wholly dependent on Microsoft—this issue of concentration risk,” Michael Daniel, former White House cybersecurity coordinator and current head of the Cyber Threat Alliance told Agence France-Presse (AFP).
“How do you balance the benefits of having everybody on the same operating system with the concentration risk that poses?” said Daniel.
Callie Guenther, senior manager of cyberthreat research at Critical Start, warned that the shift to big players amplifies the impact of any system failure or vulnerability.
One error, like CrowdStrike’s on Friday, threatens society’s smooth functioning worldwide, she said.
No contingency plan
Andrius Minkevicius, cofounder of Cyber Upgrade, a cybersecurity company, said that businesses must fight the complacency often associated with outsourcing technology to the big vendors.
“Today, we’re seeing an example of those who relied mostly on vendor-offered cyber protection without additional contingency plans and are now suffering reputational and financial damage,” he said.
Experts warn that this incident will likely invite scrutiny from regulators and officials.
“CrowdStrike will probably have to let some outside people come in and examine how this happened,” said Cyber Threat Alliance’s Daniel. —AFP
