One update and the whole world shakes
Author: Alain Blaes, founder and managing director of PR-COM, a Munich-based communications agency specialising in high-tech
From Berlin to Australia to Singapore – a programme update from the IT security company CrowdStrike paralysed infrastructure facilities, companies and organisations worldwide this Friday. Operations in hospitals have been postponed, airports have ceased operations, retail markets and banks are no longer accessible. According to media reports, there are also numerous disruptions in Germany, including the airports in Berlin, Düsseldorf and Hamburg as well as the hospitals in Lübeck and Kiel.
The exact causal chain of the development is currently being reconstructed. The most likely cause is that a faulty update of CrowdStrike forced PCs, infrastructures and services worldwide into a recovery boot. A restart, which fixes the problem after shutting down devices, was then no longer possible. CrowdStrike has confirmed the software problems to customers in a statement, according to The Verge magazine. As CrowdStrike’s software is an essential part of the security stack for many companies and cloud providers, it has contributed to massive outages as a result. Since the morning hours, many disruptions have been reported for services such as AWS, Google and Azure. Microsoft has confirmed the problems in its 365 cloud offering and stated on X that it has taken concrete countermeasures to redirect data traffic.
It is already clear that the financial damage caused by the disruption will run into the billions. CrowdStrike’s share price has plummeted by double digits. The consequential losses will be measured by how long the system outages last. This also applies to possible recourse claims that will be directed at CrowdStrike.
The fact that one piece of software can paralyse the entire global economy on such a massive scale should give us pause for thought. It is an impressive demonstration of what could happen to infrastructure in the event of a blackout – whether accidental or intentional. IT security must therefore be the number one priority on the political and corporate agenda. The more interconnected global players work together, the more it must be ensured that individual providers do not have such an existential market position that their failure becomes an existential issue for the entire system.
This shift towards Computing 2.0 can be thought of as a mental consolidation phase in which resilience is prioritised and fallback levels are established. This also affects large platform and cloud providers in particular. As market power increases, so does the responsibility to contribute to public safety. In a digital society, public security cannot be achieved without IT security. Even if this ‘knock-out’ will probably not lead to existential threats, there is no guarantee for the next time. That is why we need to take precautions.