On July 19, many Windows enterprise users opened their computers as usual, only to be greeted by a silent “blue screen.” No matter how often they restarted, they couldn’t access their programs. Subsequently, blue screens began appearing globally, like a digital plague, quickly spreading worldwide.
In the end, about 8.5 million computer systems crashed, impacting major economies around the world. Global finance, transportation, aviation, healthcare, retail, industrial production, and even the operations of the Paris Olympics were severely affected, with economic losses difficult to quantify. According to one expert, it was the largest IT failure in history.
Cybersecurity Firm Caused Cybersecurity Incident
Within hours of the Microsoft’s ‘Blue Screen of Death, videos of groundings, shutdowns, and production stoppages dominated social media headlines. The cause of the incident was traced to a U.S.-based cybersecurity firm, CrowdStrike, which had made an error in a routine software update sent to Microsoft’s Windows users. This error caused Windows systems with CrowdStrike software loaded to crash. In short, it was a cybersecurity incident caused by a cybersecurity company.
CrowdStrike, founded in 2011 and headquartered in California, is one of the most important cybersecurity companies in the United States. The company’s primary business is providing online security solutions, with its flagship product being the Falcon security software platform. Falcon provides complementary security for Windows systems and uses artificial intelligence technology to prevent cybersecurity risks. Thanks to its technological strengths and close ties with the U.S. government, CrowdStrike has grown rapidly over the past decade. It now serves 271 Fortune 500 companies and provides cybersecurity solutions to the U.S. federal government and many U.S. state governments, making it a leader in the global cybersecurity industry.
With its strong political and business ties, CrowdStrike has become a widely adopted cybersecurity provider for U.S. allies and important enterprises. Due to its close relationship with the U.S. government, CrowdStrike hasn’t had attempts to expand into the Chinese market. Instead, it often makes unfounded attacks and accusations against China’s cybersecurity policies. This strategic choice to exclude China has inadvertently made China the least affected major global economy in this cybersecurity incident.
Low Fault Tolerance In The Digital Society
After the complete recovery from this cybersecurity incident, public opinion has become increasingly concerned about the fragility of human society in the smart era. A simple update error by a single enterprise can shut down numerous critical sectors, with negative impacts spreading across oceans and around the globe.
This outcome reaffirms two fundamental characteristics of the social system in the smart era.
The first is connectivity. The world is now deeply interconnected through various forms of digital technology, creating a new economic and political field of operation where geographical borders no longer serve as firewalls against security problems and crises. Consequently, every serious cybersecurity incident becomes a global problem.
The second is monopoly. A few key players hold significant influence in the field of cybersecurity. In digital technology, after a period of intense competition, there often emerges a ‘winner-takes-all’ scenario. In this incident, two core players were involved. The Microsoft Windows system has long been a near-monopoly globally.
CrowdStrike, while not as well-known in the C-suite, has effectively eliminated its competitors within the U.S. and its allies, becoming a major supplier in the cybersecurity field. Although the digital ecosystem appears diverse, there are very few cybersecurity vendors to choose from, and a single error by a key player can have systemic repercussions.
When the characteristics of connectivity and monopoly converge, we see a system with low fault tolerance and a serious lack of resilience. Once a problem occurs, it affects the entire system. The incident, though controllable, served as a chilling preview of potential crises. If a mere update error can have such an impact, what kind of harm could be done if key players in the digital space intentionally launched attacks? Ensuring effective cybersecurity in this highly interconnected and monopolized digital age, which currently lacks resilience, will be a significant challenge affecting the future development of the world.
Unlike most traditional security crises, cybersecurity incidents often occur without warning. It’s not until serious consequences arise that their severity becomes evident, which is why cybersecurity is no small matter.
If the incident is regarded as a test, we need to pay close attention to the key nodes in the digital industry chain. Strengthening security monitoring and early warning systems for key network enterprises is essential.
Continuously improving the cybersecurity capabilities of these enterprises and preparing for various possible cybersecurity incidents is also crucial. Additionally, it is necessary to further enhance the construction of the cybersecurity system.
This involves decentralizing dependence on a single supplier and promoting the development of the domestic cybersecurity industry to ensure that the main links in the supply chain are independent and controllable. By doing so, we can firmly grasp the key to network security in our own hands.
Source: KQED, Connectria, PCMag, BBC, CrowdStrike
