European legislation as an example for IT security after Crowdstrike debacle.
The catastrophic CrowdStrike outage has painfully exposed the vulnerability of our modern digital infrastructure. The global IT system outage caused by a failed software update from cybersecurity firm CrowdStrike Holdings Inc. has caused chaos at airports, stock exchanges and hospitals. These incidents appear to be becoming more common, which is a worrying trend.
The outage was due to an update to CrowdStrike's Falcon software, designed to protect systems against viruses and cyber threats. Falcon, which counts Microsoft as a major customer, has access to a crucial core of operating systems such as Windows. This type of access is necessary to prevent malicious hackers from disabling the antivirus software. However, if an error creeps into the software update, as was now the case, the consequences are disastrous.
consequences for the world
This time the scale of the outage was unprecedented. Windows computers worldwide showed the dreaded “Blue Screen of Death,” rendering them unusable. Airlines had to write flight times on whiteboards and issue handwritten paper tickets. A British television channel temporarily went off the air. Although a solution has now been rolled out, this outage shows how dependent we are on a handful of cloud providers.
The blame lies not only with CrowdStrike, but also with Microsoft, which is responsible for the robustness of its operating system. Interestingly, Apple's and Linux's operating systems were not affected by the outage, according to a blog post from CrowdStrike. Both systems don't give Falcon access to their core, which now seems like a sensible choice. Microsoft did not respond to requests for comment.
This incident was not a cyber attack, but the result of the complex nature of cloud IT processes. Over the past decade, the cybersecurity industry has positioned itself as the protector against all kinds of threats, but this may have neglected basic IT hygiene. “In recent years, most of our customers have spent more on cybersecurity than on IT,” Palo Alto Networks Inc. said. CEO Nikesh Arora earlier this year.
A possible technical solution is “double booting” for software updates, a technique that has been used for years. Joao Alves, head of engineering at online marketplace Adevinta, tweeted that the tech industry will likely require cloud providers to implement duplicate boot procedures for updates. This involves restarting the system once to apply the update, and a second time to ensure system stability before the changes are fully activated. Microsoft has not yet responded to questions about whether they use these procedures.
cloud providers
The bigger challenge lies in the dependence on only a few dominant cloud providers, which leaves companies vulnerable to some points of failure. Only three companies – Microsoft, Amazon and Google – dominate the cloud computing market. This means that a small incident can have worldwide consequences.
European lawmakers have made the furthest progress in tackling these market monopolies with their new Data Act, which aims to reduce the costs of switching between cloud providers and improve interoperability. U.S. lawmakers should also take action. One possible measure could be to require companies in critical sectors such as healthcare, finance, transportation and energy to use more than one cloud provider for their core infrastructure. This ensures that no single provider is responsible for more than two-thirds of their critical IT infrastructure.
Friday's outage is a painful reminder of the dangers of our current IT infrastructure. It would be a shame not to use this opportunity as a catalyst for change. By learning from these incidents and implementing structural improvements, we can prevent these types of nightmares from becoming a recurring reality.
