The recent incident involving CrowdStrike, a cybersecurity technology company, has brought to light the fragility of global technical infrastructure. The update released by CrowdStrike led to a global outage affecting millions of computers and critical infrastructure sectors worldwide. This incident has underscored the vulnerabilities present in our current cybersecurity systems.
The Association for Computing Machinery’s US Technology Policy Committee (USTPC) has issued a “Statement on Mass Cybersecurity Incidents Likely to Recur,” urging for a comprehensive and public investigation into the CrowdStrike incident. System operators, technologists, and policymakers need to understand the root cause of such accidents to prevent them from occurring in the future.
Jody Westby, CEO of Global Cyber Risk LLC and a principal author of the USTPC Statement, highlighted the inadequacies in our existing legal and policy infrastructure to respond effectively to cyber attacks. There is a pressing need to enhance both technical and regulatory frameworks to address the growing threats in cyberspace.
The USTPC Statement emphasizes the necessity for improved international cooperation and coordination in addressing cybersecurity incidents. The global nature of the CrowdStrike outage revealed the lack of information sharing and technical guidance among countries and companies. A collective effort is required to strengthen cybersecurity defenses globally.
Computer scientists like Carl Landwehr, a visiting professor at the University of Michigan and a principal author of the ACM Statement, play a vital role in understanding the underlying technology behind cyber incidents. While the scale of the CrowdStrike accident was unprecedented, it is crucial to learn from this event to prevent future disasters.
The USTPC has outlined eight key questions that should form the basis of a public investigation into the CrowdStrike incident. These questions include how different systems were affected, the testing processes of software updates, system architecture and implementation, best practices for automatic updates, and efficient ways to restart systems post-outage.
As a non-partisan organization of computer scientists advising government leaders, the USTPC members have called for a public investigation of the CrowdStrike incident by the US government’s Cyber Safety Review Board (CSRB). This investigation is essential to uncover the root causes of the outage and to prevent similar incidents in the future.
The CrowdStrike incident serves as a wake-up call for the urgent need to bolster global cybersecurity infrastructure. By addressing the weaknesses in technical, legal, and policy frameworks, enhancing international cooperation, and learning from past incidents, we can build a more resilient and secure cyberspace. It is imperative that all stakeholders work together to mitigate cyber risks and safeguard critical systems from future threats.
Leave a Reply