What We Can Learn from the Chaos and Confusion Caused by the Recent CrowdStrike Update
Written by: Abelian Foundation
On July 19th 2024, a flawed software update from CrowdStrike caused global chaos, grounding flights, disrupting emergency services, and halting surgeries. This incident highlighted the fragility of our internet infrastructure. CrowdStrike, a cybersecurity firm, sent out an update for Windows systems that caused widespread crashes.
The issues escalated rapidly. At Sydney Airport in Australia, travellers faced delays and cancellations, similar to those in Hong Kong, India, Dubai, Berlin, and Amsterdam. In the U.S., at least five airlines — Allegiant Air, American, Delta, Spirit, and United — temporarily grounded all flights, according to the Federal Aviation Administration.
Healthcare systems were severely impacted, causing hospitals to cancel noncritical surgeries. In the United States, 911 lines were down in several states, though many were restored later on Friday. The National Health Service in Britain also experienced problems.
“We knew we had a catastrophe on our hands,” said B.J. Moore, the chief information officer for Providence Health, which operates 52 hospitals across seven states. He reported that 15,000 servers were down and 40,000 out of 150,000 computers were affected, calling it “worse than a cyberattack”.
The company is now under scrutiny regarding its liabilities and those of other software developers for major disruptions and cybersecurity incidents. Experts point out that the repercussions for significant outages are often so minor that companies lack the incentive to implement substantial changes. Unlike car manufacturers, who face severe penalties for defects like faulty brakes, software providers can typically resolve issues with an update and continue operating without major consequences.
Our Internet Infrastructure’s Fragility
Ciaran Martin, former chief of Britain’s National Cyber Security Center, aptly described the situation as “a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure.” This incident underscores several reasons for this fragility:
Centralization Risks
The centralization of key services and reliance on a few major tech companies, such as Microsoft, and a handful of cybersecurity firms, like CrowdStrike, create a brittle system. When these central points fail, the consequences can ripple out globally, causing widespread chaos from even a single point of failure. This was evident as the recent update issue led to significant disruptions across various sectors.
The need for a more decentralized ecosystem where there is no single point of failure is needed.
Cryptographic Vulnerabilities
Our reliance on RSA and ECC cryptography methods places our security eggs in one basket. This centralization in cryptographic methods makes the internet vulnerable to future quantum attacks. Quantum computers could easily break these encryptions, compromising the security of our digital communications and transactions.
The adoption of various types of post-quantum cryptography — lattice-based, code-based, multivariate, and hash-based — needs to be developed and tailored to the most suitable use cases.
Interconnected Fragility & Risk of Unified Cryptographic Break
Modern tech systems are highly interconnected and complex. This means that a problem in one part of the network can cascade, causing global disruptions. The recent CrowdStrike incident is a perfect example of how interconnected fragility poses significant risks to our infrastructure.
If a method, such as Shor’s Algorithm, is discovered to break one type of encryption, it could essentially break all our cryptographic defenses. This potential for a unified cryptographic break further highlights the urgent need to diversify and strengthen our cryptographic methods to PQC.
Legacy Systems Vulnerabilities
Many critical sectors still rely on aging infrastructure and legacy systems. To function in the modern digital landscape, these legacy systems require constant updates and patches. However, each update or patch can inadvertently introduce new vulnerabilities. This is because the original system architectures were not built to accommodate the complexities of contemporary cybersecurity measures. This ongoing cycle makes it challenging to maintain robust cybersecurity defenses.
In contrast, Post-Quantum Cryptography (PQC) offers enhanced flexibility in implementation, allowing for a wider range of parameter choices. This adaptability enables optimization for different environments, such as high-security applications or low-power IoT devices. Consequently, PQC provides a more effective balance between performance, security, and resource constraints, making it a more versatile solution for modern cryptographic needs.
Inconsistent Cybersecurity Standards
The lack of consistent cybersecurity standards and insufficient regulation across different regions exacerbates the problem. This creates gaps that malicious actors can exploit. Furthermore, many countries with significant crypto user bases lack regulation in the crypto industry, leaving users vulnerable and software companies unaccountable for their flaws.
For the crypto industry to receive regulations comparable to those in the general tech or finance sectors, it must adopt similar features and standards. The development of technologies such as selective transparency and multi-tier privacy is imperative for the industry’s maturation.
Call to Action
The recent incident serves as a wake-up call. We must prioritize enhancing our cybersecurity infrastructure with robust and future-proof technologies. Protecting our data and systems is not just a necessity; it is an urgent imperative. We need to ensure that our defenses are capable of withstanding modern and future cyber threats.
Abelian’s Proactive Measures
At Abelian, we believe in proactive measures. Implementing quantum-resistant blockchain (QRC) is crucial for securing our future digital infrastructure. Upgrading to Post-Quantum Cryptography (PQC) is essential to mitigate the risks posed by emerging technologies like quantum computing.
By taking these steps, we can build a more secure digital future and prevent incidents like the recent CrowdStrike update from causing widespread disruption. Let’s work together to safeguard our digital world.
CrowdStrike Update
CrowdStrike has addressed the recent issue, identifying and fixing the problem. Continuous updates are being provided on their support portal. For more details and the latest information, check their support portal here.
About Abelian
Abelian is a quantum-resistant blockchain infrastructure which enables digital gold 2.0 and empowers the post-quantum crypto ecosystem. Learn more about the quantum-safe Abelian blockchain & $ABEL Tokenomics at our documentation page.
The Abelian Foundation welcomes all feedback regarding tech developments and upcoming changes. To join the conversation, please visit us on our various social media and community channels linked on our linktree👇