CrowdStrike 19th July 2024 Outage Summary

This article is a brief review of the CrowdStrike outage of 19th July 2024. This is not necessarily, as far as is currently known, a cyber warfare or cyber attack problem but it exposes a number of issues of relevance.

CrowdStrike is a USA $80 billion p.a. turnover cyber security business founded by the CEO George Kurtz. Its key product, Falcon, uses Continuous Integration and Continuous Delivery/Continuous Deployment techniques (which should deliver incremental code changes frequently and reliably) to update the cyber security programme that underlies millions of users’ devices. Its major client is Microsoft Inc,

Kurtz and Chairman Gerhard Watzinger are both ex McAfee (an earlier cybersecurity company). Inter alia, McAfee had its own Compliance, Risk and Governance problems. CrowdStrike has previously been a supplier to Solar Winds, affected by a huge cyber attack. CrowdStrike were identified as running insecure DNS serves over a long period. The rest of the Board is mainly industry insiders or financiers. The Board would not pass the Saxton Bampfylde ‘Board of the Future’ test.

On Friday 19th July 2024 a rogue code update to Falcon was released. Apparently, this had passed the reliability test. However, under questioning on USA national TV networks Kurtz was unable to be definitive that it had passed a release test. These tests are often skipped to deliver ‘in real time’ solutions to threats. The release caused the biggest single computer outage in history. The problem centred on Windows 11, primarily, with flights, banks, health and other critical infrastructures affected worldwide, on perhaps the busiest Friday across a range of sectors of the year, by the ‘Blue Screen of Death’. A fix was released but this can and has consumed many manhours to often manually reboot affected computers and systems.

China, behind the Great Firewall, and Russia, with different systems and its own version of the Great Firewall, were largely untouched. This also applied to the other ‘Axis’ powers North Korea and Iran. This outage will provide comfort to the ‘Axis’ because it demonstrates the efficacy of some of their own measures against western ‘interference’.

Apple devices and other non- Microsoft OS devices were largely unaffected.

In the West there is operational chaos, individual chaos, legal chaos, supply chain chaos. Operational chaos continues as this is written, some systems may take weeks to recover, flights are all over the place, individual businesses have had to revert to analogue techniques like writing and talking. Legal chaos has and will ensue as the arguments as to who pays and what is covered by insurance become the subject of contract discussions and, no doubt, litigation. It is likely that the end-user will pay in the end. Supply chains are in disarray and will take time to be stabilised and reorganised. Banks and those critical infrastructures used to high security have been less affected.

Despite an 11% fall in share price on Friday 19th it is not expected that the CrowdStrike share price will be greatly affected. Quarterly earnings are due at the of July which may have an impact. In some ways this is astonishing. Microsoft's share price has hardly moved at all, to date.

Microsoft, and others, should also have tested the release before passing it on to their own clients. They do not appear to have done so. Microsoft’s own customers should also have checked. The chaos that has ensued lays bare a shortfall in contingency and resilience plans which, hopefully, will be high on the agenda of many a Board meeting in the next month or so.

The outage reflects a dichotomy in the West’s systems. Increasingly complex systems based on a narrowly owned and operated sub-structure with insufficient redundancy controlled by monopolistic technology giants (both Microsoft and CrowdStrike fit this bill), where the pursuit of ego, profits and technical solutions have overtaken systems thinking, safety and longevity. The cause of this outage is not yet absolutely clear.

In the meantime, the West's enemies have realised the extent of vulnerabilities, and their own immunity to same. This does not bode well for a reduction in cyber warfare between the West and the ‘Axis’.

It is worth bearing in mind the University of Buckingham 's own Mixed Reality Leadership Model as a step towards protecting against these incidents. As is increasingly clear these incidents are often as much human as technological.

1. Have clear VALUES for yourself and your organisation.

2. Run a BOARD (or equivalent) in line with the Saxton Bampfylde model.

3. Have a MIXED REALITY AWARE CEO and C-Suite.

4. Use a SYSTEMS APPROACH to your organisation.

5. Do not be a slave to TECHNOLOGY or the IT Department's view on same.

6. Adopt a ZERO TRUST approach to managing devices (Especially DNS Servers)...this means you have to:

7. Create a TOTAL TRUST environment with your employees/staff/family.

8. Align hardware, software, applications, programmes, supply chain, contracts, and licences. This is NOT an IT department job but one for the legal or accounting staff as they have the right mindset. The IT department, generally, does not have the right mindset. Switch to BLOCKCHAIN where appropriate.

9. CYBER DISCIPLINE and ROUTINE frees up time and makes you more secure.

10. Have a comprehensive CYBER SECURITY, RISK and BUSINESS RESILIENCE/INTEGRATED HARDENING PLAN.

www.buckingham.ac.uk

#CrowdStrike

#Saxton Bampfylde

#University of Buckingham

#McAfee

#Microsoft

#Solar Winds

#China

#Russia

#North Korea

#Iran