NewsBite

ANALYSIS

CrowdStrike failure now a matter of national security

If CrowdStrike can’t defend their big corporate clients against a failed software upgrade, then how can it protect them against more nefarious players like Russian and Chinese hackers?

Travellers around the world were left stranded by the CrowdStrike outage. Picture: AFP
Travellers around the world were left stranded by the CrowdStrike outage. Picture: AFP

The great irony with CrowdStrike is its purpose is to protect companies against – not cause – the type of chaos that its botched software upgrade sparked on Friday.

The Texas-based cybersecurity firm – a company most people have never heard of – lost $US10bn from its market value after investors dumped its stock in US trade on Friday night after its blunder sparked the world’s biggest IT outage.

It crippled key services at big banks, hospitals, media companies and forced airlines to ground flights amid widespread disruption.

The key question is if they can’t defend their big corporate clients – which include the top four banks, Qantas, Coles and Woolworths – against a failed software upgrade then how can it protect them against more nefarious players like Russian and Chinese hackers?

More concerning for the Albanese government is taxpayers have forked out more than $4.2m for the company to protect the Department of Defence, Australian Signals Directorate and Future Fund.

Microsoft estimates around 8.5 million Windows devices affected by outage

The outage is now not just a matter of inconvenience, with people unable to pay for groceries at check-outs or complete online banking, but national security.

Emergency meetings between the Albanese government, CrowdStrike and some of the nation’s biggest companies were held during the weekend.

Home Affairs Minister Clare O’Neil has warned disruptions could continue for up to two weeks, while scammers are already “trying to exploit the outage”.

“There has been a huge amount of work over this weekend to get the economy back up and running,” Ms O’Neil said.

Microsoft says the outage struck 8.5 million Windows-based computers, which became useless bricks, displaying what is known as the “blue screen of death”.

CrowdStrike chief executive George Kurtz says he understands the “gravity of the situation”. But CrowdStrike’s Australian customers were left stranded on Friday. It took five hours for the company to provide any answers and its Sydney office was reportedly deserted.

Until late on Friday evening, all its customers had was a prerecorded phone message, which CrowdStrike ran on its hotlines, merely saying it was aware of “some reports” of crashes on Microsoft Windows operating systems relating to its flagship Falcon product.

It wasn’t until after 8pm that Kurtz ruled out his clients’ worst fears that the disruption – that crippled the world’s airports, banks, telecommunications companies, and shopping centres – wasn’t caused by a cyber attack.

CrowdStrike CEO George Kurtz. Picture: Adam Yip
CrowdStrike CEO George Kurtz. Picture: Adam Yip

Still, it cost businesses across the globe billions of dollars. In NSW alone, it cost the state’s economy more than $200m, according to Business NSW chief executive Daniel Hunter.

Big compensation claims are expected to flow although CrowdStrike’s contracts limit liability to “fees paid”. A CrowdStrike spokesman declined to comment about potential claims.

Kurtz, naturally, faced tough questioning on US television, asking why CrowdStrike didn’t phase in the upgrade, saying not to do so was “irresponsible”.

“Traditionally (the upgrade) goes out in a phased approach. So it initially went out and we started to see some issues, and then pulled it back so not all of our customers are impacted,” he said.

“As soon as we saw this issue, which didn’t manifest itself before we obviously sent it out, we rolled it back. And you know now we’re dealing with the impacted systems.”

It reportedly took CrowdStrike 80 minutes to realise that something was amiss with its upgrade, which infected Microsoft Windows-based computers worldwide, rendering corporate laptops and PCs unusable.

For CrowdStrike, it is a case of hubris. Before the outage, it had talked a big game, taking big swings at Microsoft.

Concerns raised over global tech reliance after CrowdStrike disrupted the world

Kurtz accused Microsoft last year of using “the same failed model that McAfee and Symantec have been using for the past 25 years”. And in March, CrowdStrike stepped up its criticism of Microsoft, branding it a “national security threat” after it was attacked by Russian hackers.

Before the outage it had a stellar reputation, with its share price more than doubling in the past 12 months and its revenue growth averaging 67 per cent in the past three years, compared with 45 power cent growth for other cloud software companies.

Australian companies – and others across the globe – were buying what it was selling.

Qantas, Coles, Woolworths and Bunnings were among some of the biggest companies to suffer outages as a result of a large-scale collapse at global cybersecurity firm CrowdStrike.

The question is will CrowdStrike’s outage serve as a wake-up call for more robust – and even quaint contingencies, such as using pen and paper (which Triple-0 reverted to during the meltdown) or holding cash floats

After all, potential disaster is only a click of a button away, as UniSuper experienced in May when Google accidentally deleted the $125bn fund’s entire subscription on its cloud service, locking more than 600,000 members from accessing their accounts.

Ashurst digital economy partner Anthony Lloyd says there are key learnings for businesses from the CrowdStrike outage, particularly on becoming too reliant on one supplier or system.

“Overall, the recent incident demonstrates that even large sophisticated technology companies are not immune to failures and their customers must ensure they adequately understand and plan for the potential impact if they fail,” Lloyd says.

“However, organisations also need to be thinking ‘what if this was a significant cyber attack – with a similar scale of impact, but a longer, and more complex recovery – how would we have responded?’

“Organisations should have thorough and comprehensive planning in place for significant cyber incidents.”

Originally published as CrowdStrike failure now a matter of national security

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.couriermail.com.au/business/crowdstrike-failure-now-a-matter-of-national-security/news-story/33e10b22bb5cef70e43765c7d2504f47