Catastrophic computer outages caused by a software update from one company have once again exposed the dangers of global technology dependence on a few players, experts warned on Friday.
A botched update sent by little-known security firm CrowdStrike has brought airlines, TV stations and myriad other aspects of daily life to a standstill.
The outage affected companies or individuals using CrowdStrike on the Microsoft Windows platform: when they applied the update, the incompatible software crashed computers into a frozen state known as the “Blue Screen of Death.”
“Today CrowdStrike has become a household name, but not in a good way, and that will take time to sort out,” said Dan Ives of Wedbush Securities.
The collapse quickly sparked debate about the power of the internet giants in the increasingly digital global economy, with more activity now taking place in “cloud” computing or a few applications or platforms.
‘Large scale’ IT outage hits companies around the world
Just “a taste”
When these platforms are flawed — or deliberately attacked — the world seems to fall apart.
In recent months, entire healthcare systems and industries have been paralyzed after hackers infiltrated their systems, leaving consumers at their wits end and companies with losses.
“I think we’re getting a glimpse of some of the potential impacts of the real dependence of the financial sector and industries across the economy on a handful of cloud companies and other key systems,” said Rohit Chopra, director of the US Consumer Financial Protection Bureau. he told CNBC.
“There are only a few large cloud companies where so much of the economy rests now.”
The world has seen a major shift to cloud computing, where companies use servers offered by large tech giants for their computing needs instead of their own infrastructure.
US streaming rivals team up to catch Netflix
Amazon, through its company AWS, is the global leader, followed by Microsoft’s Azure and Google Cloud.
Friday’s outage was caused by a malfunctioning software update pushed to Microsoft Windows users by CrowdStrike, which specializes in cyber security for cloud-based companies.
“We deeply regret the impact we’ve caused to customers, travelers and anyone affected by this,” CrowdStrike CEO Kurtz said in an interview on NBC’s “Today” show.
Microsoft blamed CrowdStrike for the problems, but industry insiders warned that the problem stems from outsourcing the digital world to just a few key companies.
“It will continue to raise issues for systems or businesses that are completely dependent on Microsoft — this issue of concentration risk,” Michael Daniel, former White House cybersecurity coordinator and current head of the Cyber Threat Alliance, told AFP.
“How do you balance the benefits of having everyone on the same operating system with the risk of concentration it creates?”
China’s leaders vow to fight “dangers” plaguing the economy
Callie Guenther, senior director of cyber threat research at Critical Start, warned that the shift to big players amplifies the impact of any system failure or vulnerability.
A mistake like the one by CrowdStrike on Friday threatens the orderly functioning of society worldwide, he said.
No contingency plan
Andrius Minkevicius, co-founder of Cyber Upgrade, a cybersecurity firm, said businesses need to combat the complacency often associated with outsourcing technology to large vendors.
“Today, we’re seeing an example of those who relied primarily on cyber protection offered by vendors without additional contingency plans and are now suffering reputational and financial damage,” he said.
Experts warn that this incident will likely require scrutiny by regulators and officials.
“CrowdStrike will probably have to let some outside people come in and look at how this happened,” said Daniel of the Cyber Threat Alliance.
Source: AFP