‘When, not if’: Experts reveal major threat in wake of global CrowdStrike outage
An error in a single line of code was all it took to devastate companies across the globe. And it could happen again – with dire consequences.
Internet
Don't miss out on the headlines from Internet. Followed categories will be added to My News.
A company nobody had heard of before. An error in a single line of code. One glitch in the matrix. And companies the world over came tumbling down.
It wasn’t quite the Y2K apocalypse. (January 1, 2000 was when all the world’s computers were supposed to lose track of the time. This “Millennium Bug” didn’t happen).
But the dreaded “Blue Screen of Death” (BSOD) that sprung up in front of employee eyes Friday afternoon was a severe shock to the system.
Supermarket self-serve check-outs went dead.
Airline check-in systems went offline.
News service publishing systems shut down.
And behind the scenes, trucking, shipping and airfreight companies suddenly had to contend with a break in their carefully choreographed dance of global pick-up and delivery.
As the sun marched westward, more and more businesses awoke to crisis. Banking. Retail. Healthcare. Tourism.
The cause?
The one company they all relied upon to protect them from malicious cyber attacks – CrowdStrike.
“We need to shift our focus from prioritising efficiency at all costs to balancing efficiency with resilience,” said Glasgow Caledonian University “smart technology” expert Matthew Anderson.
“The lessons of history, from the Bronze Age to today, demonstrate that the most enduring systems are those capable of absorbing shocks and adapting.”
Systems collapse is a term that is beginning to appear everywhere.
There’s the Bronze Age Civilisation Collapse. And Ancient Rome. The global logistics collapse of COVID-19. The rule of constitutional law during the January 6 insurrection attempt on Capitol Hill, Washington DC. The Australian Optus telecommunications network outage.
Generally speaking, systems collapse is the ultimate embodiment of “Murphy’s Law”. If something can go wrong, it will go wrong.
“Both the Bronze Age Collapse and the CrowdStrike outage illustrate a fundamental principle,” said Anderson.
“Increased complexity often leads to increased fragility. As societies and systems advance and become more interdependent, they become more vulnerable to cascading failures.”
When complex systems collapse
As something gets more complex to cope with more challenges, more points of failure are introduced. And more begins to rely on each point of failure.
As it grows, the benefits of additional complexity begin to get lost in the system.
Eventually, all efforts must focus on keeping the bloated system stable and running.
Which leaves no margin of error for an unexpected shock. Such as a minor software update gone wrong.
“The world’s only AI-native SOC (Security Operations Centre) platform that consolidates siloed security tools and data,” CrowdStrike’s marketing precis reads.
“Generative AI turn hours of work into minutes or seconds …”
But its popular Falcon protective software was an Achilles’ Heel.
There was a regular security update.
This was automatically issued to clients. Automatically downloaded. Automatically installed. Automatically run.
Then, an error clashed with Microsoft Windows’ Azure internet cloud services platform. This brought the machines it was installed upon crashing down.
CrowdStrike insists the damaging code was their own – not the result of a hack attack.
But the outcome for their thousands of global clients was the same.
And it’s left governments, businesses and analysts asking: How bad can it get?
“While a complete internet apocalypse is highly unlikely, the interconnected nature of our digital world means any large outage will have far-reaching impacts,” said Griffith University lecturer in cybersecurity David Tuffley.
“However, the potential for even larger and more widespread disruptions than the CrowdStrike outage does exist.”
CrowdStrike: Fifth Horseman of the Apocalypse
“Any one of these disruptions in isolation would have been a significant incident. For them all to happen at once made Friday’s crisis strikingly rare,” said business supply chain experts Sanjoy Paul and Towfique Rahman.
“That doesn’t mean businesses shouldn’t be prepared. The question is when, not if, the next global IT outage will occur.”
And the biggest concern isn’t the shade of blue on the checkout screen, they added.
It’s the domino effect applying to all those other critical services you rarely hear about.
“It’s often forgotten that our supply chains – the complex networks that turn raw materials into finished products and get them where they’re needed – have also become deeply integrated with technology. They were hit hard, too.”
These digital systems are precise. They are fast. They are huge. Often, only AI can keep track of what’s going on. And they are under immense pressure – on a good day.
“But to achieve such precision and speed, they’ve also become highly interdependent. Making supply chains operate efficiently hinges on the timely success of everyone – and all the technology – involved,” Paul and Rahman wrote for The Conversation.
“We’ve now seen just how quickly things can come undone.”
It could take weeks for international air and sea freight schedules to recover.
But if the digital backbone they relied upon could not be rebooted and recovered – what then?
It took just 30 years for the Bronze Age empires of Crete, Mycenae and the Hittites to go from thriving to gone. Egypt, while significantly weakened, struggled on.
Theirs was the world’s first interdependent international economy.
Establishing what went wrong isn’t easy.
But archaeology and geology suggest that the complex systems supporting international trade collapsed under the combined pressure of drought, plague, an “earthquake storm”, social unrest – and marauding “Sea Peoples”.
“The aftermath was profound,” said Anderson.
“Writing systems were lost, populations plummeted, and it took centuries for the region to recover. This collapse serves as a stark reminder of how vulnerable complex societies can be to systemic shocks.”
Feet of clay
Have you memorised the phone numbers of your closest friends and family? Written them down?
Do you even have a working biro in your top drawer?
Ever heard of the Great Depression systems collapse of the 1920s? Could you feed your family by hunting rabbits and picking wild berries, as your great-grandparents may have done?
Do you have paper versions of your favourite book? Or most essential instruction manuals?
The weak points are the millions of components, nodes, networks and pieces of software behind your user interface.
“The catalogue of possible causes reads like the script of a disaster movie,” said Tuffley.
“Intense solar flares, similar to the Carrington Event of 1859 could cause widespread damage to satellites, power grids, and undersea cables that are the backbone of the internet. Such an event could lead to internet outages spanning continents and lasting for months.”
Then there’s cyber attack. Terror attack. Sabotage. Civil War.
“Many organisations rely on the same cloud providers and cyber security solutions. The result is a form of digital monoculture,” Tuffley explained.
“Modern IT infrastructure is highly interconnected and interdependent. If one component fails, it can lead to a situation where the failed component triggers a chain reaction that impacts other parts of the system.”
The same applies to the realm of supply and logistics.
“The nature of Friday’s outage made its impacts difficult to avoid,” wrote Paul and Rahman. “But not all IT threats are the same. To build more resilient supply chains, businesses within them need to have robust contingency plans in place – even if it means maintaining the ability to perform key processes manually and use paper records (as many did on Friday).”
Alternate sources of supply.
Contingency planning.
Backups.
Historians say the nations that emerged from the Bronze Age collapse demonstrated resilience as their economies were the most diverse. This meant their societies could continue to feed, house and protect the artisans living in their cities. And that meant the skills of writing, accounting, artistry and mutual support were not lost.
“Technology has brought enormous benefits to supply chain management,” said Paul and Rahman.
“But it has also introduced major new vulnerabilities, as we’ve just seen first hand. We need to be better prepared to face similar crises in future.”
Originally published as ‘When, not if’: Experts reveal major threat in wake of global CrowdStrike outage