Q&A: What you need to know about the worldwide cyber snarl
Flights were delayed. Court cases were postponed. Government computer systems were shut down. Even Starbuck’s beverage orders failed to register. It was a truly worldwide day of disconnections.
At the heart of Friday’s massive international technology disruption was CrowdStrike, a cybersecurity firm that provides software to scores of companies worldwide. The company says the problem occurred when a faulty update was pushed out to computers running Microsoft Windows for one of its tools, “Falcon.”
Related: Crowds, frustration, resignation roils LAX, John Wayne and other airports during tech meltdown
Because scores of companies rely on CrowdStrike for their security needs with Windows as their operating system, the consequences of this kind of technical problem have been far-reaching.
As the news broke, Chris Haire of Southern California News Group interviewed Amin Rezaei, PhD, an assistant professor and director of Computer Architecture, Reliability, and Security Laboratory at the Department of Computer Engineering and Computer Science at California State University, Long Beach.
While the worldwide computer woes underscored the vulnerability of worldwide dependence on software that comes from only a handful of providers, Rezaei encouraged deeper discussions in the days ahead to identify solutions to prevent these kinds of outages.
Here is our Q&A with Rezaei.
Q: Based on other reports we’ve seen, CrowdStrike is really successful and a leader in cybersecurity — a press release on its website even says it recently surpassed $1 billion in sales. But its most recent quarterly filing with the SEC says it has a history of losses and only achieved profitability in fiscal year 2024. … So, if you do know anything about CrowdStrike, how would you describe its reputation among cybersecurity professionals? How many companies use CrowdStrike? And can you describe in a way laymen can understand how the company’s cybersecurity operations work?
A: I have heard of the company as it offers real-time cloud security (and other endpoint protection services) to thousands of clients, including many Fortune 500 companies. However, I am not in a position to access the company’s success or failure because a company’s reputation is influenced by a variety of factors that go beyond my pay grade.
Related: Global IT snarl puts cyber firm CrowdStrike in spotlight
But let me comment on the need for cloud security. These days, cloud computing (i.e., the on-demand availability of computing power, data storage, or applications via the internet) is used by many businesses. In this case, their operating costs are lowered because they usually only pay for the cloud services they use.
Because so much data is retrieved and used over the internet and saved on certain physical storage servers, the security of cloud services becomes essential. This is where cybersecurity service providers come into the picture, offering real-time solutions and preventing or detecting malicious threats.
Q: Why would a software bug for a cybersecurity program cause computers around the world to shutdown? Shouldn’t CrowdStrike have a plan to ensure such bugs don’t happen?
A: Again, I am not in a judging position on what a company should or should not do. But the incident highlights, once again, the significance of one simple practice that is unfortunately overlooked: the need to prevent a single point of failure (i.e., the system’s reliance on a single component that, if it fails, can bring the entire system down). Currently, the computer systems employed in many firms suffer from single points of failure, ranging from hardware to cloud providers and services.
Related: Faulty software update causes havoc worldwide for airlines, hospitals and governments
Q: This wasn’t a hack, but is this issue cause for concern about potential vulnerabilities for companies that use CrowdStrike?
A: I prefer to answer this question broadly. Another overlooked issue in high-tech companies is the need to revisit cybersecurity practices in effect. While in this incident the crash is seemingly caused by a software update bug, in more severe situations, deliberate attacks can result in system malfunctions that might be very difficult to fix. Traditionally, security has been considered an afterthought in computer systems (i.e., we have a system; let’s secure it!), not necessarily taken into consideration during the design flow, from specification to implementation. This needs to be changed.
Q: Some reports are saying this is the largest tech outage ever. Can you contextualize how significant or severe this outage is, relative to others?
A: I do not have enough data to fact-check this claim. But looking forward, there should be discussions on preventive solutions against these kinds of outages, such as the ones mentioned above, which I reiterate here: (1) From a business owner’s view: avoiding single points of failure in a business infrastructure; and (2) From a high-tech provider’s view: having measurable security metrics in mind when designing computing systems instead of post-implementation security methods.
Q: Experts say fixing this issue — besides rectifying the bug — will require individual computers to be manually rebooted, which could be a lengthy process. Can you explain this to me? Why is this required and why is it such a lengthy process?
A: The fix for the systems that have not been updated by this buggy update should not be a big issue. However, for impacted systems, the suggested patch seems to require a manual process. For this, each computer needs to be run in safe mode with admin access, and then the corrupted file needs to be deleted. They may be able to come up with a less lengthy option, but it is not guaranteed.
Q: Is there anything a regular citizen can do to be ready for such a day as today?
A: I hope that this incident will poke business owners and high-tech companies to reconsider their traditional mindset of security & trust and follow the advice of cybersecurity experts and researchers who have been doing research in this area for several decades. My suggestion to regular citizens is to first become even more aware of cybersecurity incidents and possible preventions.
There are many free courses and videos online from cybersecurity experts that describe these threats in a non-technical fashion. Second, some levels of familiarity with addressing technical issues are also suggested. We are in a fast-growing world in terms of technology; basic familiarity with system maintenance is now like knowing how to top up your car’s radiator with water in an emergency.
—Amin Rezaei, PhD, is an assistant professor and director of Computer Architecture, Reliability, and Security Laboratory at the Department of Computer Engineering and Computer Science at California State University, Long Beach. Information: aminrezaei.com/
—
The Associated Press contributed to this report