ATLANTA — The impact of this software update is not just an inconvenience. It's an opportunity to learn about the wide reach a handful of companies can have on the world’s ability to function.
Most Americans were sleeping while the CrowdStrike chaos unfolded. So it's easy to forget that people in other parts of the world were wide awake as that faulty software update began loading on their computers.
The blue screen of death, as it was referred to when Microsoft products stopped working, slowed border crossings out of Canada, took some TV stations off the air, and impacted hospital services, banks, and transportation.
“Systems were going down. People couldn’t do what they normally do,” said Jared Haviland, information security officer with Critical Path Security.
Haviland says that’s the risk of having so many government agencies and big businesses relying on the same services.
“It creates what you can call a single point of failure, where everything goes bad because of one small part of it,” Haviland explained.
CrowdStrike is an S&P500 company with a massive reach. According to its website, half of the Fortune 500 companies and 43 out of 50 U.S. states use its service to prevent bad guys from doing bad things.
“(It’s) a testament to a company who had a service and product that is widely needed,” said Georgia State University Professor Anthony Lemieux, who has conducted research on terrorism, radicalization and the role of propaganda.
Lemieux stresses all indications are this event was a mistake, not a nefarious act, but says the impacts on companies and the public show the potential for problems if that power gets into the wrong hands.
“We see what a well-placed insider could potentially do and the effects that it could potentially have,” explained Lemieux. “So it's not just the sort of hackers and external state and substate actors that we have to be concerned with.”
Whether it's hackers or human error, both Lemieux and Haviland say it is up to organizations to run the drills and build systems that can function even when the technologies they rely on do not.
Haviland says he encourages governments and large businesses to diversify their vendors when possible, so when supply chain disruptions occur, even technical ones, not every aspect is impacted.
Drills also help employees understand the function of each system and how to accomplish the same tasks manually if necessary.
“I mean, this is a fairly unprecedented territory we’re in,” said Lemieux.