Newsreel Asia

View Original

When One Bug Causes a Global Crisis

A Faulty Cybersecurity Update Affects Flights, Trains, Hospital, Banks, Broadcasting

Newsreel Asia Insight #287
July 20, 2024

The global disruption of vital digital services by a software bug that took place on July 19 shows that our world, highly reliant on technology, is also incredibly vulnerable to its failings. An update introduced on July 19 by CrowdStrike, which provides antivirus software to Microsoft for its Windows devices among other clients, contained a critical bug, resulting in significant disruptions across a wide range of systems that rely on CrowdStrike’s security software.

The bug led to a cascade of failures, affecting millions of Windows devices globally. It update caused the devices to malfunction, leading to the cancellation or delay of flights and trains, interruptions in hospital operations and outages in banking and broadcasting services.

The internet and cloud services can be compared to a vast network of roads and bridges connecting every aspect of modern life, from healthcare and finance to media and manufacturing. This infrastructure, much like physical roads, is essential for the smooth functioning of society. However, when one major bridge—here, represented by a software update from CrowdStrike—fails, the effects can ripple across the entire network, just as they did.

The disruption could serve as a warning against our over-reliance on a handful of tech companies. These firms, much like the custodians of a city’s infrastructure, hold the keys to vast swathes of our digital lives. Their software is the foundation upon which businesses operate, governments function and personal lives unfold. However, unlike public infrastructure, these systems are primarily controlled by private entities driven by profit. This dynamic places immense power in the hands of a few, and when something goes wrong, it can lead to widespread chaos that affects millions.

This is like every building in a city was made using the same type of concrete from a single supplier. If that concrete were to suddenly prove defective, the integrity of every building, bridge and tunnel in the city would be compromised overnight. The outages caused by the bug in CrowdStrike exposes a similar vulnerability in our digital infrastructure.

From this, there is a crucial lesson to be learned about the resilience and management of our digital ecosystems. Just as a city would diversify its suppliers and materials and have emergency plans in place for infrastructure failure, there must be greater diversification and contingency planning in our digital infrastructure. This includes ensuring there are effective fallbacks and recovery plans when inevitable failures occur.

Further, the governance of digital infrastructures, particularly those controlled by a few tech giants like CrowdStrike, Google and Amazon, has significant implications for public safety and welfare. Since these companies provide services that are foundational to the operation of critical sectors such as healthcare, transportation and finance, any disruption can have widespread effects. This shows the need for these infrastructures to be governed in a way that aligns more closely with public interests rather than solely corporate interests.

Tech companies need to be held accountable for their operations, especially when their services are so integral to societal functions. They should be required to adhere to high standards of reliability and security, and resolve issues quickly when they arise. Public reporting, transparent policies and open communication during crises are part of this accountability.

Regulatory oversight is crucial in monitoring these companies’ activities to ensure compliance with laws and regulations designed to protect the public. This oversight might come from government bodies that specialise in technology and cybersecurity, ensuring that these firms meet stringent standards to prevent outages or breaches.

It’s also important for these governance structures to involve a wider range of stakeholders, including public representatives, cybersecurity experts and consumer rights groups. This inclusion can help ensure that the governance of digital infrastructure considers diverse perspectives and is more reflective of societal needs.