fbpx

CrowdStrike and the Need for Resilience

John Organek, Director of Program Planning and Operational Architecture

 August 4, 2024

The recent ” software global incident, the costs of which could top $1 billion, points out several glaring gaps and shortcomings in how companies and institutions operate in our brave, new cyber-physical world. And while it did not cause death or injury, it nevertheless, wreaked widespread havoc across other infrastructures, including airlines, hospitals, and 911 services. It caused Delta Airlines alone to cancel more than 2000 flights on July 19 and to cancel over 6,000 flights since then.  Something as small as a few lines of bad code deployed to a myriad of endpoints, globally, caused the largest IT outage in history.  For want of a nail….the kingdom was lost!

A fundamental error made across the board is the failure to fully understand the risk of apparently minor ‘disturbances’ creating major consequences, whether outbound to or inbound from other infrastructures. One wonders if the Board of any of the companies affected had even considered the devastating impact that software could cause, and if so, did they take the appropriate action to ensure that loss would be mitigated? Did CrowdStrike realize how a bit of bad code would be amplified globally and devastate their reputation as a cyber security company, or did Delta Airlines plan for a scenario of almost existential risk? Did their business continuity plans address such an eventuality and if so, what did they do to address it? After all, software is now a part of virtually everything we touch and do.

Our modern societies comprise other sources of near existential risk beyond software bugs, such as Black Sky electric grid events, widespread communications and data center failures, cyber-attacks, etc. In this highly connected world, very small failures can propagate quickly, leading to other such Crowd Strike incidents in the future.

Preliminary reports pinpoint several failures taking place that led to the outage, casting blame across multiple stakeholders. For example, the new software was insufficiently tested and apparently there was no plan for reverting to the original version. Also, end users were not prepared to act when they lost processing capabilities at the edge. No one seemed to be prepared when the inevitable happened. None of these could be rated as being ‘resilient’.

CrowdStrike “Falcon Sensor"

CrowdStrike “Falcon Sensor”

Software issues are going to continue well into the future. Stakeholders need to recognize that accidents such as the recent one happen normally. They should be therefore especially attentive to the risk, ranging from cyber-attacks to bad quality or poor deployment, that software poses to their business operations and reputation. But because these normal accidents will continue to happen, stakeholders must focus on maintaining business continuity as a top priority, ahead of believing they can fully prevent them from happening. Besides, as Delta has discovered, their operations were gravely affected by bits of software that were developed by a company they probably had little corporate knowledge of.

The CrowdStrike incident has again reminded us of the risks posed by our highly interdependent cyber-physical critical infrastructures. But more importantly, it should remind us that we are still far from being resilient.

We are all connected. We are all vulnerable.

Collaboration is our strength.

By: John Organek

Create Impact with us:

Join our membership and
contribution programs:

Get involved >>

Participate in our
upcoming events:

Events >>

Schedule a call with
our experts:

Consult >>

EIS News - EPRO:BLACKSTART now available!

image

Please, do not miss it again!

Undoubtedly, we are at the starting point of a vast infrastructure replacement and development. The recent article of German Chancellor-in-waiting Friedrich Merz, “Germany, Once a Beacon of Frugality, Jolts Europe With Planned Spending Splurge,” published in “The Wall Street Journal,” describes Germany’s infrastructures and administration situation.  Infrastructure challenges like those facing Germany are common across […]

Learn more

When Is the Next Solar Storm? Understanding Risks and Strategies

Solar storms are a natural part of the sun’s activity, yet their impact on Earth can be anything but ordinary. From minor disturbances in satellite communications to potential blackouts in power grids, these geomagnetic events have far-reaching consequences. But the question on everyone’s mind is: when is the next solar storm? What Causes a Solar […]

Learn more

The Emerging Threat to Undersea Infrastructure as Hybrid Warfare Escalate

Undersea infrastructure—including fiber-optic cables, power lines, and oil and gas pipelines—is becoming an increasingly attractive target for hybrid warfare and gray-zone aggression. These critical assets support global connectivity, economic stability, and energy distribution, making their disruption a high-impact strategy for state and non-state actors seeking to destabilize adversaries. Undersea fiber-optic cables transmit 95% of the […]

Learn more
image