Global Computer Outages Reveal Vulnerabilities of Internet Centralization

‘Today, there’s only three companies that control global access to internet trade and commerce,’ a tech analyst said.
Global Computer Outages Reveal Vulnerabilities of Internet Centralization
Travelers rest where they can in the McNamara terminal at the Detroit Metropolitan Wayne County Airport in Romulus, Mich., on July 21, 2024. Joe Raedle/Getty Images
Kevin Stocklin
Updated:
0:00

As the world’s communications and operations become more concentrated among a handful of tech oligopolies, they become both more efficient and more vulnerable.

This became apparent last week as an antivirus software update issued on the evening of July 18 by CrowdStrike, a security software company, caused more than 1 billion Windows-based computers to cease to function, taking down essential operations at airports, hospitals, 911 centers, police departments, trains, jails, and other municipal services, as well as corporate operations.

Appearing exhausted at times, CrowdStrike CEO George Kurtz spent July 19 issuing apologies on X and in television interviews, attempting to explain the error and the company’s efforts to resolve it.
“This was not a cyberattack,” Mr. Kurtz stated on the company’s website, explaining that the outage was caused by a defect in a software update for Windows in a security system called Falcon, which CrowdStrike produces.

“All of CrowdStrike understands the gravity and impact of the situation,” he stated. “We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”

But many, including White House officials, weren’t reassured. Concerns were raised among government officials regarding public safety and national security.

“The White House has been convening agencies to assess impacts to the U.S. government’s operations and entities around the country,” a senior administration official stated on July 19.

“The White House is in regular contact with CrowdStrike’s executive leadership and tracking progress on remediating affected systems.”

After tens of thousands of flights were delayed on July 19, airline service was largely restored by the weekend, as other services came back online. But because the software update took out individual computers, many have had, or still will have, to be restored individually and manually.

Tech analysts say the evolution of computer-based operations from local area networks (LAN) to the cloud, in a process termed internet centralization, combined with the consolidation of these operations among a handful of tech oligopolies, has heightened the risk of events such as this occurring, according to a post on LinkedIn by Net Expert Solutions. Where operations were once conducted on locally managed systems, today they are integrated and linked together through centralized “nodes.”
“Today, there’s only three companies that control global access to internet trade and commerce, and that’s Alphabet—the parent company of Google—Microsoft, and Apple,” Rex Lee, a security adviser to companies, government agencies, and lawmakers, told NTD. “And the vulnerabilities within that are single choke points throughout the network that can take down millions of customers.”

CrowdStrike’s Rise to Prominence

Austin, Texas-based CrowdStrike, founded in 2011, provides cloud-based software that protects computer systems against cyberattacks to tens of thousands of companies, organizations, and government agencies around the world—including 300 of the Fortune 500 companies. The company’s software has access to the most central elements of computer operating systems.

The company rose to prominence, offering more nimble, artificial-intelligence-based software, that was seen by many as a better, smarter way to protect operating systems from today’s hackers, who were going beyond circulating computer viruses.

“Today’s sophisticated attackers are going ‘beyond malware’ to breach organizations, increasingly relying on exploits, zero days, and hard-to-detect methods such as credential theft and tools that are already part of the victim’s environment or operating system, such as PowerShell,” CrowdStrike’s website states.

“CrowdStrike Falcon responds to those challenges with a powerful yet lightweight solution that unifies next-generation antivirus, endpoint detection and response, cyber threat intelligence, managed threat hunting capabilities, and security hygiene—all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered.”

As the company’s reputation spread, it was called in by the FBI to help investigate the Sony Pictures hack in 2014, which publicized the company’s confidential internal communications, as well as the hack of the Democratic National Committee in 2016.

CrowdStrike went public in 2019, and its market value exceeded $75 billion prior to the outages. CrowdStrike’s share price dropped by more than 12 percent on July 19.

The widespread system failures that occurred last week were the result of a software update that reportedly contained a faulty kernel.

In the tech world, a kernel, sometimes called the engine of computer operating systems, is a program within the operating system that manages the system and coordinates the different processes within the system. If the kernel is outdated, it can leave the operating system vulnerable to outside tampering; if it malfunctions, the entire operating system may malfunction along with it.

Tech analyst and actor Waseem Mirza noted the irony of the latest failure.

“For me, it’s a little bit ironic that we’re always warning about the potential for cybersecurity actors, and in this case, we’re talking about the very people that were supposed to protect the world actually being the root cause of it,” Mr. Mirza told NTD.

While the extent of the damage from this single outage has yet to be fully assessed, analysts say it will be substantial.

“They’re saying that this isn’t a cybersecurity attack, but it had the same net result as a cybersecurity attack, and that bad kernel caused over a billion computers to lose access to back office systems,” Mr. Lee said. “We’re talking about government agencies, we’re talking about Fortune 500 business, airlines. ... the cascading effects of this are unbelievable.

“If you look at the critical infrastructure that’s being affected, this is actually going to cause harm and people may be dying as a result of this, because first responders are being affected, hospitals are being affected,” Mr. Lee said.

“We won’t know the total damage from all this, but it’s going to go down in history as the largest mistake and/or outage in the history of the internet.”

“This is basically what we were all worried about with Y2K, except it’s actually happened this time,” Troy Hunt, a regional director at Microsoft, wrote on social platform X.

“This will be the largest IT outage in history.”

Kevin Stocklin
Kevin Stocklin
Reporter
Kevin Stocklin is an Epoch Times business reporter who covers the ESG industry, global governance, and the intersection of politics and business.
Related Topics