As the world’s communications and operations become more concentrated among a handful of tech oligopolies, they become both more efficient and more vulnerable.
This became apparent last week as an antivirus software update issued on the evening of July 18 by CrowdStrike, a security software company, caused more than 1 billion Windows-based computers to cease to function, taking down essential operations at airports, hospitals, 911 centers, police departments, trains, jails, and other municipal services, as well as corporate operations.
“All of CrowdStrike understands the gravity and impact of the situation,” he stated. “We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”
But many, including White House officials, weren’t reassured. Concerns were raised among government officials regarding public safety and national security.
“The White House has been convening agencies to assess impacts to the U.S. government’s operations and entities around the country,” a senior administration official stated on July 19.
“The White House is in regular contact with CrowdStrike’s executive leadership and tracking progress on remediating affected systems.”
After tens of thousands of flights were delayed on July 19, airline service was largely restored by the weekend, as other services came back online. But because the software update took out individual computers, many have had, or still will have, to be restored individually and manually.
CrowdStrike’s Rise to Prominence
Austin, Texas-based CrowdStrike, founded in 2011, provides cloud-based software that protects computer systems against cyberattacks to tens of thousands of companies, organizations, and government agencies around the world—including 300 of the Fortune 500 companies. The company’s software has access to the most central elements of computer operating systems.The company rose to prominence, offering more nimble, artificial-intelligence-based software, that was seen by many as a better, smarter way to protect operating systems from today’s hackers, who were going beyond circulating computer viruses.
“CrowdStrike Falcon responds to those challenges with a powerful yet lightweight solution that unifies next-generation antivirus, endpoint detection and response, cyber threat intelligence, managed threat hunting capabilities, and security hygiene—all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered.”
CrowdStrike went public in 2019, and its market value exceeded $75 billion prior to the outages. CrowdStrike’s share price dropped by more than 12 percent on July 19.
The widespread system failures that occurred last week were the result of a software update that reportedly contained a faulty kernel.
In the tech world, a kernel, sometimes called the engine of computer operating systems, is a program within the operating system that manages the system and coordinates the different processes within the system. If the kernel is outdated, it can leave the operating system vulnerable to outside tampering; if it malfunctions, the entire operating system may malfunction along with it.
Tech analyst and actor Waseem Mirza noted the irony of the latest failure.
“For me, it’s a little bit ironic that we’re always warning about the potential for cybersecurity actors, and in this case, we’re talking about the very people that were supposed to protect the world actually being the root cause of it,” Mr. Mirza told NTD.
While the extent of the damage from this single outage has yet to be fully assessed, analysts say it will be substantial.
“They’re saying that this isn’t a cybersecurity attack, but it had the same net result as a cybersecurity attack, and that bad kernel caused over a billion computers to lose access to back office systems,” Mr. Lee said. “We’re talking about government agencies, we’re talking about Fortune 500 business, airlines. ... the cascading effects of this are unbelievable.
“If you look at the critical infrastructure that’s being affected, this is actually going to cause harm and people may be dying as a result of this, because first responders are being affected, hospitals are being affected,” Mr. Lee said.
“We won’t know the total damage from all this, but it’s going to go down in history as the largest mistake and/or outage in the history of the internet.”
“This will be the largest IT outage in history.”
