A routine software update caused a record-breaking power outage in much of the world, the consequences of which were felt for days afterwards.
CrowdStrike, a cybersecurity provider deployed by Microsoft systems, installed an update on July 18 that analysts say likely skipped quality tests. The result disabled a estimated 8.5 million Computers in perhaps the most important cyber event in history.
Microsoft systems critical to the net operations of banks, hospitals, police forces, major airlines, television networks and government agencies were affected. Flights and operations were cancelled, courts and government offices were closed and latest hacker vulnerabilities were introduced, including for federal agencies.
The shutdown has highlighted Americans' collective vulnerability in cyberspace: Our dependence on trillion-dollar technology corporations could endanger national security.
Market dominance
The technology vendors that support the infrastructure that the private and non-private sectors depend on bear the responsibility for shielding our security. In 2023, U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly proposed holding technology corporations chargeable for selling vulnerable products. Such liability measures could have prevented the worldwide outage of CrowdStrike.
The rapid concentration of power in tech corporations is posing challenges for presidency and society. Companies reaching unprecedented sizes and trillions of dollars in value control the digital infrastructure that folks rely upon at the very least as much because the post office and garbage collection. Tech corporations now operate or help operate communications, commerce and other services more flexibly than federal agencies do. But in addition they accomplish that with less regulation and public scrutiny – and a profit motive.
The technology sector's market dominance accounts for greater than 10% of the US economy. In 2024, Microsoft reported revenue of $211.91 billion. Other tech giants recorded even higher numbers: Amazon $574.78 billion, Apple $383.28 billion, and Alphabet (Google) $307.39 billion. (Meta Platforms, formerly Facebook, recorded $134.90 billion.)
Some of those profits go toward lobbying and paying penalties for security and antitrust violations, quite than investing in cybersecurity and other improvements that would scale back harm to consumers. In 2023, the tech giants each spent at the very least $10 million on lobbying while receiving greater than $3 billion in fines and settlements for violating European digital antitrust laws and facing lawsuits from the Department of Justice and the Federal Trade Commission.
Meanwhile, the financial impact of poor software quality within the U.S. was at the very least $2.41 trillion in 2022, in response to the Consortium for Information & Software Quality.
Reducing risks
There are several ways to avoid software-related outages. Diversifying your technology vendors and options builds resilience and reduces risk. If everyone relies on just just a few vendors, each outage has huge consequences. CrowdStrike, certainly one of the most important cybersecurity corporations within the country, is an example of this problem; it counts greater than half of the Fortune 500 corporations amongst its customers.
Equally vital is redundancy in cybersecurity – multiple layers of security measures and backup systems that ensure continuous protection and functionality even when one layer fails or is compromised. Although creating these redundancies may cost corporations more initially, they’re investments in maintaining trust between corporations and their customers, Javad Abed, a cybersecurity expert and assistant professor of business administration at Johns Hopkins University, told USA Today.
About two-thirds of reported software vulnerabilities in commonly used programming languages are resulting from security flaws related to memory, reminiscent of incorrect allocation or release of memory locations, which may allow unauthorized access or the execution of malicious code.
Earlier this 12 months, given how often the federal government lags behind on technical issues, the White House pushed for widespread adoption of “memory-safe” programming languages reminiscent of Rust, Go, Python, and Java, which protect against certain sorts of bugs related to memory usage. Yet Microsoft and other major technology corporations proceed to depend on C/C++ and other languages because they’re fast and are used to develop firmware, programs embedded in hardware memory to assist devices operate. It's price sacrificing some convenience to avoid devastating security flaws.
Nationwide standards designed to make sure software is secure by design would shift the onus on vendors to deliver secure products from the beginning. We may look to the European Union, where regulators are prioritizing cyber resilience through the Digital Operational Resilience Act, which is able to take effect in 2025. It is designed to set strict requirements to make sure the financial sector can withstand information and technology threats.
Only by demanding the very best standards from technology providers can we proceed to learn from the advances of a connected world without fear of avoidable – and potentially life-threatening – disruptions.
image credit : www.mercurynews.com