The frequency of large-scale attacks against corporate IT continues to increase. This isn’t unusual or unexpected, as companies invest heavily in cyber defenses to fight asymmetric warfare against hackers who can string together a few lines of code and wreak havoc.
but Biggest IT outage ever on Friday,Depend on CrowdStrike software error was uploaded to the Microsoft operating system rather than any malicious attack, showing a technological threat that continues to increase with hacking attacks but receives little attention: a single point of failure – an error in one part of the system, causing Technological disasters across industries, functions and interconnected communication networks; huge domino effect.
Earlier this year, AT&T experienced nationwide service outages due to a technology update. The FAA had an outage last year when one person replaced a key file in a routing update (now the FAA has backup systems to prevent this from happening again).
“Even if it’s just routine patches and updates, this is going to happen more frequently,” Chad Sweet, co-founder and CEO of the Chertoff Group and former chief of staff at the Department of Homeland Security, told CNBC on Friday.
Due to a global communication outage caused by CrowdStrike, which provides network security services to the American technology company Microsoft, some digital advertising billboards in Times Square in New York City, the United States, appeared blue screens, and some digital advertising billboards turned completely black on July 19, 2024.
Selcuk Akar | Anatolia | Getty Images
Single point failure risk management is a problem that enterprises need to solve planning and prevention. Sweet said there is no piece of software in the world that does not require patches or updates after release, and that best security practices exist covering ongoing software maintenance for a period of time after a product is released.
Companies working with the Chertoff Group are closely reviewing software development and updating standards following the CrowdStrike outage. Sweet noted that the government has provided a set of protocols, SSDF (Secure Software Development Framework), that may give the market an idea of what to expect as Congress begins to look more closely at the issue. This is likely to happen after a series of recent incidents from AT&T to the FAA and CrowdStrike, as this type of technology failure has now been shown to widely impact the lives of citizens and the operation of critical infrastructure.
“Be prepared on the corporate side,” Sweet said.
Aneesh Chopra, Arcadia’s chief strategist and former White House chief technology officer, told CNBC on Friday that key industries including energy, banks, health care and airlines have separate risk regulations. Regulations, in the most highly regulated industries, measures may be unique. But the question now for any business leader is, “What’s Plan B if the system fails? We’re going to see a lot more scenario planning, and if that’s not job No. 1, then having those scenarios That’s Job Overview No. 2 or No. 3,” he said.
Unlike many issues in Washington, D.C., Chopra noted that there is bipartisan commitment on critical infrastructure and systemic risk issues, and that technology standards are a “hallmark” of the American system. What he described as possible efforts now aimed at “improving competition” as a means of increasing accountability.
“If there is a mechanism for doing updates in a more open and competitive way, then there may be pressure to make sure that updates are done in a dotted-line way,” Chopra said.
Sweet said this will inevitably raise concerns among the business community about the risks of over-regulation. Although it is not yet certain whether there is a way CrowdStrike operates using a more open process Allowing detection of single points of failure, which he said is a legitimate concern.
Sweet believes the best way to avoid overregulation is to pursue market-enhancing mechanisms, such as the insurance industry. “The short answer is, ‘Let the free market do this through, for example, the insurance industry, which will reward good players with lower premiums,'” he said.
Sweet also said that more companies should embrace the idea of ”antifragile” organizations, just as he does with his clients, a term coined by risk analyst Nassim Nicholas Taleb. Creative. “Organizations can not only remain resilient in the wake of disruption, but also thrive, innovate and outperform their competitors,” he said. In his view, it will be difficult for any single piece of legislation or regulation to keep pace with malicious attacks and technological updates. And these updates can have unintended consequences.
“This is definitely a wake-up call,” Chopra said.
