Massive IT outage spotlights major vulnerabilities in the global information ecosystem

Displays at LaGuardia Airport in New York show the infamous โ€œblue screen of death.โ€ AP Photo/Yuki Iwamura

Richard Forno, University of Maryland, Baltimore County

The global information technology outage on July 19, 2024, that paralyzed organizations ranging from airlines to hospitals and even the delivery of uniforms for the Olympic Games represents a growing concern for cybersecurity professionals, businesses and governments.

The outage is emblematic of the way organizational networks, cloud computing services and the internet are interdependent, and the vulnerabilities this creates. In this case, a faulty automatic update to the widely used Falcon cybersecurity software from CrowdStrike caused PCs running Microsoftโ€™s Windows operating system to crash. Unfortunately, many servers and PCs need to be fixed manually, and many of the affected organizations have thousands of them spread around the world.

For Microsoft, the problem was made worse because the company released an update to its Azure cloud computing platform at roughly the same time as the CrowdStrike update. Microsoft, CrowdStrike and other companies like Amazon have issued technical work-arounds for customers willing to take matters into their own hands. But for the vast majority of global users, especially companies, this isnโ€™t going to be a quick fix.

Modern technology incidents, whether cyberattacks or technical problems, continue to paralyze the world in new and interesting ways. Massive incidents like the CrowdStrike update fault not only create chaos in the business world but disrupt global society itself. The economic losses resulting from such incidents โ€“ lost productivity, recovery, disruption to business and individual activities โ€“ are likely to be extremely high.

As a former cybersecurity professional and current security researcher, I believe that the world may finally be realizing that modern information-based society is based on a very fragile foundation.

A display screen shows numerous rows of text
The outage led to thousands of flight delays on July 19, 2024. AP Photo/Yuki Iwamura

The bigger picture

Interestingly, on June 11, 2024, a post on CrowdStrikeโ€™s own blog seemed to predict this very situation โ€“ the global computing ecosystem compromised by one vendorโ€™s faulty technology โ€“ though they probably didnโ€™t expect that their product would be the cause.

Software supply chains have long been a serious cybersecurity concern and potential single point of failure. Companies like CrowdStrike, Microsoft, Apple and others have direct, trusted access into organizationsโ€™ and individualsโ€™ computers. As a result, people have to trust that the companies are not only secure themselves, but that the products and updates they push out are well-tested and robust before theyโ€™re applied to customersโ€™ systems. The SolarWinds incident of 2019, which involved hacking the software supply chain, may well be considered a preview of todayโ€™s CrowdStrike incident.

CrowdStrike CEO George Kurtz said โ€œthis is not a security incident or cyberattackโ€ and that โ€œthe issue has been identified, isolated and a fix has been deployed.โ€ While perhaps true from CrowdStrikeโ€™s perspective โ€“ they were not hacked โ€“ it doesnโ€™t mean the effects of this incident wonโ€™t create security problems for customers. Itโ€™s quite possible that in the short term, organizations may disable some of their internet security devices to try and get ahead of the problem, but in doing so they may have opened themselves up to criminals penetrating their networks.

Itโ€™s also likely that people will be targeted by various scams preying on user panic or ignorance regarding the issue. Overwhelmed users might either take offers of faux assistance that lead to identity theft, or throw away money on bogus solutions to this problem.

Transportation Secretary Pete Buttigieg explains the effects of the outage on airlines and other transportation systems.

What to do

Organizations and users will need to wait until a fix is available or try to recover on their own if they have the technical ability. After that, I believe there are several things to do and consider as the world recovers from this incident.

Companies will need to ensure that the products and services they use are trustworthy. This means doing due diligence on the vendors of such products for security and resilience. Large organizations typically test any product upgrades and updates before allowing them to be released to their internal users, but for some routine products like security tools, that may not happen.

Governments and companies alike will need to emphasize resilience in designing networks and systems. This means taking steps to avoid creating single points of failure in infrastructure, software and workflows that an adversary could target or a disaster could make worse. It also means knowing whether any of the products organizations depend on are themselves dependent on certain other products or infrastructures to function.

Organizations will need to renew their commitment to best practices in cybersecurity and general IT management. For example, having a robust backup system in place can make recovery from such incidents easier and minimize data loss. Ensuring appropriate policies, procedures, staffing and technical resources is essential.

Problems in the software supply chain like this make it difficult to follow the standard IT recommendation to always keep your systems patched and current. Unfortunately, the costs of not keeping systems regularly updated now have to be weighed against the risks of a situation like this happening again.The Conversation

Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.



GWAR Covers Barbie’s โ€œIโ€™m Just Kenโ€ [Video]

Watch as the monsters from GWAR cover “I’m Just Ken” from the Barbie movie. This is probably the best thing you’ll watch today.

[The A.V. Club]



Today’s Hottest Deals: Massive Savings on Marshall Wireless Headphones, RESPAWN Gaming Chair, Life Straw, Premium Colored Pencils, and MORE!

Google Pixel Watch 2 Deal

For todayโ€™s edition of โ€œDeal of the Day,โ€ here are some of the best deals we stumbled on while browsing the web this morning! Please note that Geeks are Sexy might get a small commission from qualifying purchases done through our posts. As an Amazon Associate, I earn from qualifying purchases.

Marshall Major IV On-Ear Wireless Headphones$149.99 $80.81

RESPAWN 110 Ergonomic Gaming Chair$164.99 $77.99 (For Prime Members)

Google Pixel Watch 2 with the Best of Fitbit and Google$349.99 $269.99

eufy Anker RoboVac X8 Robot Vacuum with iPath Laser Navigation, Twin-Turbine 2000Pa x2 Suction$269.99 $179.99 (For Prime Members)

-LOWEST PRICE EVER: Babbel Language Learning: Lifetime Subscription (All Languages)$599.00 $129.97

Microsoft Office Professional 2021 for Windows: Lifetime License$219.99 $39.97

LifeStraw Personal Water Filter for Hiking, Camping, Travel, and Emergency Preparedness$19.95 $9.47 (For Prime Members)

SUPRUS Electric Windproof Rechargeable Arc Lighter$16.99 $6.99

Amazon Basics – Premium Colored Pencils, Soft Core, 24 Count$12.32 $2.99

Amazon Basics Woodcased #2 Pencils, Pre-sharpened, HB Lead, 30 count$4.79 $1.99

Peter Dinklage Delivers a ‘Dam’ Good Reading of a Hilarious Beaver Defense Letter

From Letters Live:

In December 1997, as a result of an official complaint from a neighbour, a Michigan resident named Stephen Tvedten received, indirectly, a stern warning from the regionโ€™s Department of Environmental Quality in the form of a letter โ€“ a letter in which he was given six weeks to remove two โ€œunauthorizedโ€ and โ€œhazardousโ€ dams from the stream on his property or else face prosecution. Tvedtenโ€™s amusing response soon made the local news. The case was quickly dropped.

Peter Dinklage joined us at Letters Live at The Town Hall, NYC to read this hilarious letter.

We Didn’t Start the Fire: A Bardcore Cover by Hildegard von Blingin’

From: Hildegard von Blingin’

There are many covers of Billy Joel’s We Didn’t Start the Fire that adapt it to different times, but we wanted to give it the bardcore treatment. *Unlike the original, the list is not chronological, and jumps around in time a lot. It very loosely spans from around 400 to 1600, and is from a rather Eurocentric point of view. Thank you to my brother, Friar Funk, for devising the lyrics and providing the majority of the vocals. Many thanks as well to his new wife and our dad for joining us in the chorus at the end.

[Hildegard von Blingin’]