Crowdstrike Fix – Global Tech Coordination Needed
The recent global IT outage caused by Crowdstrike demonstrated the brittleness of global technology infrastructure and a stark reminder of our reliance on technology. It is an urgent reminder for organisations to step up tech and business resiliency in a world that is extensively interconnected.
This outage,?certainly as the most disruptive and catastrophic tech incident in recent memory,?brings to mind the Y2K scare of 25 years ago.?Back in the 1990s, governments, organisations and tech vendors prepared for the beginning of the new millennium by ensuring that when the year rolled over to 2000, computers would not interpret "00" as 1900 and malfunction. If this happened, there would be potential chaos.
Perhaps the disaster was averted by the billions of dollars organisations and governments spent retrofitting computer systems ahead of time. Was it panic, an irrational hysteria? We would never know. While the Y2K problem didn't materialise,?it holds a valuable lesson in the wake of the Crowdstrike outage: be prepared for catastrophic tech incidents.
A quick re-cap: Crowdstrike's security software hooks deep into the Windows operating system to fend off digital intruders. Unfortunately,?a coding error in a key product update triggered a system crash (blue screen of death) on Windows PCs, rendering them inoperable. ?Even back-ups could not be accessed because the machines were dead. Mac and Linux users unaffected.
The consequence was obvious: given that almost every large organisation in the world is using Microsoft Windows, the operations of organisations including airlines, stock exchanges, hospitals and pharmacies ground to a stop.
Experts said the failure was not intentional, but caused by human error. The update was sent without proper quality assurance and testing and not a cyber attack. Right now, no information is at risk.
While Crowdstrike has issued a fix,?it cannot be deployed remotely because the Windows PCs are bricked up. IT technicians need to manually reset millions of devices. Experts say recovery can take weeks if not months.
Learning from Our Mistakes
In our quest for digital efficiency and interconnectedness, we must not overlook the importance of cybersecurity and tech resilience and fail-safe mechanisms. This incident serves as a wake-up call for organisations worldwide to reassess their cybersecurity and tech strategies and disaster recovery plans even to the point of hauling out manual paper systems.
The open-source community offers valuable lessons.?Their robust testing practices,?like software attestation and signing, could be a model for commercial software.
领英推荐
Users may explore alternative security solutions that do not integrate deeply into the Windows kernel or employ sandboxing technology.
Moving forward, organisations must:
? Improve and enhance testing and deployment protocols for critical software updates
? Diversify security solutions to mitigate single points of failure
However, the most major step is global collaboration due to the complex digital web of IT systems. Nations must come together to develop robust, internationally coordinated responses to potential global IT disruptions
In preparing for the Y2K event, the financial community across 65 countries set up the “Global 2000 Co-ordinating Group” to improve the readiness of global financial institutions to meet the challenges created by the Year 2000 date change.
It gave Singapore an all-green rating, which signalled that the government, financial system and the telecom, transport and public utility providers in the Republic were prepared for any incident arising from Y2K.
It is time for a similar global approach of governments, Big Tech and cybersecurity community to discuss ways to ensure a more robust and unified response to future IT emergencies.
?
?