Follow
Follow
News
By Kevin Stocklin, NTD News
As the world’s communications and operations become increasingly dominated by a handful of tech oligopolies, they become more efficient and vulnerable. This became apparent last week as an antivirus software update issued on the evening of July 18 by CrowdStrike, a leading security software company, caused over a billion Windows-based computers to crash. Essential services at airports, hospitals, 911 centers, police departments, trains, jails, and corporate operations are halted.
CrowdStrike CEO George Kurtz, appearing visibly exhausted, spent July 19 issuing apologies across social media and in television interviews, explaining the error and the company’s efforts to resolve it.
“This was not a cyberattack,” Mr. Kurtz stated on the company’s website, explaining that the outage was caused by a software update for Windows in a security system called Falcon, which CrowdStrike produces. “All of CrowdStrike understands the gravity and impact of the situation,” he stated. “We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.”
But many, including White House officials, were not reassured. Concerns were raised among government officials regarding public safety and national security. A senior administration official stated on July 19 that “the White House has been convening agencies to assess impacts to the U.S. government’s operations and entities around the country.
“The White House is in regular contact with CrowdStrike’s executive leadership and tracking progress on remediating affected systems,” the official stated.
After tens of thousands of flights were delayed on Friday, airline service was largely restored by the weekend, as other services came back online. But because the software update took out individual computers, many have had, or still will have, to be restored individually and manually.
Tech analysts say the evolution of computer-based operations from Local Area Networks (LANs) to the cloud, in a process termed internet centralization, combined with the consolidation of these operations among a handful of tech oligopolies, has heightened the risk of events like this occurring, according to a post on LinkedIn by Net Expert Solutions. Where operations were once conducted on locally managed systems, today they are integrated and linked through centralized “nodes.”
“Today, there are only three companies that control global access to internet trade and commerce, and that’s Alphabet—the parent company of Google—Microsoft, and Apple,” Rex Lee, a security advisor to companies, government agencies, and lawmakers, told NTD. “And the vulnerabilities within that are single choke points throughout the network that can take down millions of customers.”
Austin, Texas-based CrowdStrike, founded in 2011, provides cloud-based software that protects computer systems against cyberattacks to tens of thousands of companies, organizations, and government agencies worldwide, including 300 Fortune 500 companies. The company’s software has access to the most central elements of computer operating systems.
The company rose to prominence, offering more nimble, artificial-intelligence-based software, seen by many as a better, smarter way to protect operating systems from today’s hackers, who were going beyond circulating computer viruses.
“Today’s sophisticated attackers are going ‘beyond malware’ to breach organizations, increasingly relying on exploits, zero days, and hard-to-detect methods such as credential theft and tools that are already part of the victim’s environment or operating system, such as PowerShell,” CrowdStrike’s website states.
“CrowdStrike Falcon responds to those challenges with a powerful yet lightweight solution that unifies next-generation antivirus, endpoint detection, and response, cyber threat intelligence, managed threat hunting capabilities, and security hygiene—all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered.”
As the company’s reputation spread, it was called in by the FBI to help investigate the Sony Pictures hack in 2014, which publicized the company’s confidential internal communications, as well as the hack of the Democratic National Committee in 2016.
CrowdStrike went public in 2019 and its market value exceeded $75 billion, before the outages. CrowdStrike’s share price dropped more than 12 percent on July 19. The widespread system failures that occurred this week were the result of a software update that reportedly contained a faulty kernel.
In the tech world, a kernel, sometimes called the engine of computer operating systems, is a program within the operating system that manages the system and coordinates the different processes. If the kernel is outdated, it can leave the operating system vulnerable to outside tampering; if it malfunctions, the entire operating system may malfunction.
Tech analyst and actor Waseem Mirza noted the irony of the latest failure. “For me, it’s a little bit ironic that we’re always warning about the potential for cybersecurity actors, and in this case, we’re talking about the very people that were supposed to protect the world being the root cause of it,” Mr. Mirza told NTD.
The extent of the damage from this single outage has yet to be fully assessed, but analysts predict a substantial impact. “They’re saying that this isn’t a cybersecurity attack, but it had the same net result as a cybersecurity attack, and that bad kernel caused over a billion computers to lose access to back-office systems,” Mr. Lee said. “We’re talking about government agencies, we’re talking about Fortune 500 business, airlines … the cascading effects of this are unbelievable.
“If you look at the critical infrastructure that’s being affected, this is going to cause harm and people may be dying as a result of this because first responders are being affected, hospitals are being affected,” Mr. Lee said.
“We won’t know the total damage from all this, but it’s going to go down in history as the largest mistake and/or outage in the history of the internet…This is basically what we were all worried about with Y2K, except it’s happened this time,” Troy Hunt, a regional director at Microsoft, wrote on social platform X. He also noted that “this will be the largest IT outage in history.”
About the Author: Kevin Stocklin is an Epoch Times business reporter who covers the ESG industry, global governance, and the intersection of politics and business.
Interested in what events we have to offer? Check here to see what upcoming TechTalk Events are happening in your area.
