chevron-down Created with Sketch Beta.

Voice of Experience

Voice of Experience: August 2024

It Was the Best of Times; It Was the Worst of Times

Jeffrey M Allen

Summary

  • The CrowdStrike catastrophe, while not inevitable, is not unlikely, and we should anticipate more of the same in the future.
  • Exercise caution in the aftermath of the CrowdStrike crash and any similar event, as scammers will endeavor to take advantage of the situation.
  • The duality of technology makes our lives better but also puts us at increased risk.
It Was the Best of Times; It Was the Worst of Times
istock.com/Sashkinw

Jump to:

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us, we were all going direct to Heaven, we were all going direct the other way--in short, the period was so far like the present period, that some of its noisiest authorities insisted on its being received, for good or for evil, in the superlative degree of comparison only.”

Those words, borrowed from one of our favorite authors, Charles Dickens, one of the great writers of all time, open his famous “Tale of Two Cities.” Written in such poor compliance with the rules of grammar and punctuation, done entirely in passive voice, that the opening line/sentence/paragraph would give most high school English teachers apoplexy if turned in by a student. Yet it has survived the test of time and thrived as one of the most quoted pieces of English literature.

No, we did not use that introduction to take a shot at Dickens. No, we did not use it to set up a discussion about how you can succeed even while violating all the rules. To paraphrase a line from Shakespeare’s Julius Caesar, we have come neither to bury Dickens nor to praise him. We have simply chosen to quote him, as this line creates a perfect lead into this article. Like those who shared Dicken’s England, we live in the best of times. We live in the worst of times. We live in an age of both wisdom and foolishness, an age of epoch belief and incredulity. We live in the age of technology.

We have taught about the duality of technology for many years. While technology continues to advance at mind-numbing speed, that duality in its nature remains and likely will for a long time.

Technology makes things better for us. Technology makes things easier for us. Technology allows us to know more, do more, have more, and enjoy life more. Conversely, technology has put us all at increasingly greater risk of harm. The more advanced technology gets, the more advantages we glean from it. The further technology advances, the more dangerous it becomes to us.

The same technology that makes our lives easier makes it easier for the bad guys to get our confidential information, steal our identities, invade our assets, interfere with our businesses, and disrupt our daily lives. We know that. We accept that as a given, but the problem does not stop there.

As technology advances, we grow increasingly dependent upon it. To protect against the actions of the bad guys from the Dark Side of the Web, a whole new industry of cybersecurity has evolved. We warn each other about the threats, we adopt hardware and software solutions to address the threats, and a war has broken out between the cybersecurity forces and the bad guys. We, the consumers, find ourselves caught in the middle of this war and take casualties daily.

As often happens in a war, sometimes a side suffers casualties from friendly fire. That’s a tough way to go. It’s bad enough to go down from an enemy attack. Down is down, though, and friendly fire can do just as much damage as enemy fire, perhaps more so as we rarely anticipate it, while we know the enemy will attack at every opportunity.

Recently, we got taken down badly by friendly fire. It stalled our transportation systems; it shut down our ability to conduct many businesses; it threw many of our financial institutions into a state of turmoil and disorder; it interfered with medical treatment. Had this happened due to a cyberattack it would have meant security systems we considered safe had failed. This was different. Yes, they failed, but they did not fail to keep out the bad guys. Nevertheless, the failure put us out of commission.

Likely, you heard about the CrowdStrike disaster. It made the front pages of those newspapers still in print and got top billing on many newscasts. Interesting question. How many of you have ever heard of CrowdStrike before last week? The majority of people never heard of the company, yet it impacts most of us. A major player in the Cybersecurity industry, CrowdStrike develops and sells software to block hacks and hackers. Many of the Fortune 500 companies use it to help protect their data. Many other companies also employ it in their cybersecurity toolbelt. Among the companies that use it you will find financial institutions, airlines, healthcare organizations, insurance companies, energy companies, and many other businesses.

CrowdStrike operates differently than many other cybersecurity firms because it relies on cloud technology to distribute and manage its software. CrowdStrike’s software scans systems for threats. To do that it requires very comprehensive access to clients’ operating systems. 

On July 19, 2024, CrowdStrike issued an update to its Falcon program. For whatever reason, that update caused a major hiccup in the operation of computers using the Windows Operating System. According to information published by Statista in February 2024:

“Microsoft's Windows was the dominant desktop operating system (OS) worldwide as of February 2024, with a market share of around 72 percent. Apple’s Mac operating system has gained market share over the years, growing to command around a fifth of the market. Linux and Google's Chrome OS have retained small but stable market shares in recent years.”

The problem only affected computers running Windows. The next time it might affect other systems and not Windows, Windows, or all systems. Time will tell.

The mechanics of what went wrong have importance for other purposes and to those who need to solve the problem and prevent a recurrence. The significance of what happened, however, concerns us all. The update triggered a reaction within the Windows operating system that prevented computers from rebooting. When a computer started the process, it ended with the infamous blue screen of death. As the computers could not boot up, they could not run their programs, and the global reaction resulted in financial institutions not having the ability to conduct transactions; airlines losing the ability to have planes take off and land safely, resulting in a large number of flight delays and cancelations; local governments, healthcare systems, and many businesses could not function.

CNBC reported that:

“Airlines, hospitals and financial services firms were among the many businesses affected.

American Airlines, which describes itself as the world’s largest, said a technology issue was affecting “multiple carriers” including American, while the Dutch arm of Air France-KLM said it had been “forced to suspend most” of its operations.

In Great Britain, the Royal Surrey hospital declared a “critical incident” and had to temporarily suspend radiography treatment. The National Health Service in England, meanwhile, said it was experiencing disruptions in the majority of doctors’ practices.

Banks and financial companies around the world have reported issues, with German insurance giant Allianz saying it was “experiencing a major outage that is impacting employees’ ability to log into their computers. It impacts multiple companies besides Allianz.”

NBCUniversal is also being affected by the CrowdStrike outage.”

As the problem prevents the computers from rebooting, the correction cannot come from a remote download, as did the update. That would make repair and restoration too easy. Instead, it will take much longer, as it will require manual local intervention to bring the computers back online so they can receive a corrected update. We do not know how long that process will take. We do not yet know the economic, business, or social consequences of the breakdown. We may not know those answers for some time.

More importantly, we don’t know if this catastrophe will repeat itself again or, if so, when. Security software must receive regular updates to address new threats and maintain effectiveness. Each update runs the risk of a problem like this occurring. Fortunately, we have not seen such a disaster before, and hopefully, we will not see another for a very long time, but we cannot be sure. While it makes sense that some computers may have conflicting software that interacts badly with an update and causes a problem, we would expect that to occur rarely and idiosyncratically. 

We expect that before introducing a systemic update of this nature, somebody actually tested it to see if it worked. We do not have access to all the data and will not point fingers at anyone, but for a failure this massive to occur, apparently, someone missed the boat regarding pre-release testing of this update. We hope that CrowdStrike and other companies pay heed to the problems we experienced and take a more vigilant approach to rigorous pre-release testing before putting an update online.

The lesson for the rest of us: Sometimes, it does not make a damned bit of difference if you do everything right regarding technology. Someone else’s screw-up can still take you down. Friendly fire.

The situation has the potential to compound the casualties, as the bad guys will try to take advantage of this disability and disruption. To protect yourself, be hypervigilant about your own security. Exercise extreme caution about any contact purporting to come from CrowdStrike or from a “technical support” service seeking to help you recover from the CrowdStrike disaster.

Technology remains a double-edged sword, and we will continue to live in the shadow of its duality. It is the best of times; it is the worst of times…

    Author