‘Computers control everything’: Recent CrowdStrike outage highlights vulnerabilities in tech-dependent world

LAS VEGAS: A recent global outage that grounded flights and caused billions of dollars in damages has highlighted vulnerabilities in a world increasingly controlled by technology, said observers. 
On Jul 19, airlines, media outlets, financial institutions and retailers were thrown into turmoil by one of the biggest tech crashes in recent years. 
In Singapore, more than 100 flights at Changi Airport were delayed, with airlines forced to implement manual check-ins after self-service machines stopped working. Gantry operations at some Housing and Development Board (HDB) car parks were also impacted. 
The outage was triggered by a faulty software update provided by the cybersecurity firm CrowdStrike. 
Microsoft said last week that it would hold a summit in September to discuss steps to improve cybersecurity systems, given that nearly 8.5 million Windows devices were affected. 
Observers told CNA the episode was a stark reminder of the critical role machines play today. 
“Modern societies run on technology,” said Mikko Hypponen, chief research officer at cybersecurity firm WithSecure.
“Modern societies run on computers. Computers control everything. And as we saw, when computers go down, our societies almost stop.”
The global outage has raised fears about potential disruptions from a large-scale cyberattack, said experts, adding that such a scenario is not that far-fetched. 
The United States, for instance, has claimed that Chinese state-sponsored hackers have embedded into critical infrastructure, with the ability to carry out future disruptions. But China has denied the accusations. 
Countries such as the US and Russia also have sophisticated offensive cyber capabilities.
“I think with the full-scale Russian invasion of Ukraine, it’s really made everyone sit up and say: ‘Wait a minute, countries are at war again,’” said Jason Healey, senior fellow at the Australian Strategic Policy Institute. 
“Countries are invading each other for territorial gain again, and maybe states aren’t just going to be stealing information. Maybe they’re going to be doing these large-scale disruptions in a way that we really haven’t seen.”
US officials have called the CrowdStrike incident a “dress rehearsal” for what might happen if critical infrastructure is targeted during a real cyberattack. 
Such large-scale disruptions were a major talking point among representatives from the public and private sectors who gathered at the Black Hat cybersecurity convention in Las Vegas earlier this month. 
At the conference, San Francisco-based cybersecurity firm OpSwat performed a simulation of a nuclear energy facility breach. 
Yiyi Miao, the firm’s chief product officer, said there is a need “to define a strategy to protect and reduce the impact radius when anything like this happens”.
Miao also said companies need to “look into multi-layers of defence strategies, so you’re not relying on a single solution or a single layer of protection”. 
Currently, many organisations are not well prepared to implement contingency plans during tech failures, cybersecurity experts pointed out. 
They believe the solutions involve more robust protection and not less technology.
“We don’t want to go back and live in (the) stone ages,” said WithSecure’s Hypponen. 
“The benefits we get from technology, computers and connectivity are much bigger than the problems they generate. But the problems are very real, and we need to be fighting them.”