Initial indications have ascribed the outages to the malfunctioning of updates to the Falcon sensor that US cybersecurity company CrowdStrike provides to various Microsoft systems, including Azure, Microsoft 365 and Windows, for wider cybersecurity coverage as part of a partnership. CrowdStrike provides advanced endpoint (computers, servers, mobile devices) security for Microsoft environments, and helps organisations meet compliance requirements in Microsoft ecosystems.
The Falcon sensor is lightweight, with minimal impact on system performance, and collects telemetry data about activities and events occurring on the endpoint, including process executions, network connections and file system changes. It analyses this data real-time to detect potential threats or suspicious activities. It uses behavioural analysis to identify potential threats, rather than relying solely on signature-based detection.
Both Microsoft and CrowdStrike have assured that these outages are not due to cyberattacks, and systems would be restored soon. However, the scale and impact of this ‘blue nightmare’ – till date, the largest cyber outage – has sent concerns across businesses, governments and the tech community. It has renewed calls for better security and stability measures for digital technology systems.
The scale of Friday’s BSOD ‘glitch’ has raised the need for greater cooperation on critical infrastructure protection that’s heavily interdependent on digital systems. In an increasingly interconnected world, critical infrastructure relies heavily on software and cloud-based systems.
While these technologies offer numerous benefits, they also introduce significant cybersecurity vulnerabilities that can have far-reaching consequences when system failures happen, or when exploited. Common types of system vulnerabilities include buffer overflows, SQL (structured query language) injection and cross-site scripting. These often arise from programming errors, outdated systems or insufficient security testing. In critical infrastructure, software vulnerabilities can lead to system compromises, data breaches or even physical damage to equipment.Likewise, cloud computing introduces its own set of vulnerabilities. These include misconfigured access controls, insecure APIs (application programming interface) and data breaches due to shared infrastructure. The distributed nature of cloud systems can make it challenging to maintain consistent security across all components.Additionally, reliance on third-party providers introduces risks related to data sovereignty and supply-chain attacks. Even software updates and patch management carry their own degree of risks. In the current incident, these possibilities seem more credible.
Clearly, the tactical focus is on technical mitigation strategies that would be a combination of:
- Finding points of vulnerability and the right patching.
- Conducting regular security audits and penetration testing.
- Implementing robust access controls and encryption.
- Ensuring defined best practices and employee training on cybersecurity best practices.
- Adopting zero-trust security models.
- Collaboration between public and private sectors to share threat intelligence.
These actions often go on a continual basis for organisations. Many countries have a regulatory or government agency to mandate and assess regular security audit reports. Cybersecurity being a very dynamic activity, round-the-clock security services and managing vulnerabilities are undertaken by large corporations.
But the technical solutions can’t only address these risks. Many of these risks have escalated over the years as both countries and rogue elements often backed by states have made many efforts to exploit vulnerabilities. They engage in ransomware pursuits as well as attacks on critical infrastructures.
A significant aspect of recent geopolitical pursuits is usage of digital technologies for disruptions and debilitation by giving it a force-multiplier punch. Thus, the need for wider global cooperation on critical infrastructure protection is prudent. Efforts towards implementation have been very casual so far.
In its July 2021 report, the UN Group of Governmental Experts (GGE) on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security had recommended measures for critical infrastructure protection. There hasn’t been much progress due to its non-binding nature.
Many countries are hesitant to adopt international standards that might limit their autonomy in managing their critical infrastructure, or in conducting cyber operations. Likewise, different countries have varying priorities and approaches to cybersecurity, making it difficult to reach consensus on implementation. Countries are also reluctant to share sensitive information about their critical infrastructure vulnerabilities or capabilities.
Then there are wider concerns around AI and its regulation that have overshadowed efforts for cybersecurity cooperation, which is seen more as bilateral activity. While AI-induced cyber vulnerabilities are being flagged, there hasn’t been a more detailed approach to AI and cybersecurity cooperation discussed in global engagements.
Friday’s outage clearly serves as a wake-up call for closer engagement on addressing cyber vulnerabilities. As our reliance on software and cloud systems in critical infrastructure grows, so does the importance of addressing cybersecurity vulnerabilities. The potential impact of successful attacks on these systems underscores the need for ongoing vigilance, investment in security measures, and a proactive approach to identifying and mitigating risks.