By 
13-08-2024
Paloma Perez
East and South Asia Researcher,
Global Human Rights Defence.
On July 19th, 2024, the American cybersecurity company CrowdStrike issued a flawed update to its Falcon Sensor software, leading to the crash of around 8.5 million Microsoft Windows systems. This incident, now regarded as the largest outage in IT history, has caused significant disruptions across multiple sectors, including government, healthcare, finance, and corporate environments (Milmo et al., 2024). On July 30th, 2024, another major outage affected Microsoft Azure, the cloud platform supporting numerous services, along with Microsoft 365. According to initial investigations by Microsoft, the outage resulted from a cyberattack and an inadequacy in the defensive mechanisms meant to counter such attacks (Da Silva, 2024).
This incident exposes significant flaws in the U.S. cybersecurity framework, despite the involvement of key agencies such as the Cybersecurity and Infrastructure Security Agency. CISA is tasked with safeguarding the nation’s critical infrastructure and coordinating security efforts across various sectors (CISA, 2024). However, companies like CrowdStrike, a leading name in cybersecurity, are also trusted to protect critical digital infrastructure. The outage underscores the significant reliance on private sector solutions for national cybersecurity, highlighting the risks associated with such dependence, as evidenced by the failure of CrowdStrike’s Falcon Sensor software. Moreover, this incident illustrates how failures within private companies can lead to widespread and severe consequences, raising questions about the robustness of oversight and quality control mechanisms in place (Boghosian, 2024).
This digital outage may seriously affect human rights, particularly access to essential services. Healthcare providers can’t access patient records, potentially endangering lives, while financial institutions face operational halts, disrupting economic stability. Government services are also impaired, preventing citizens from obtaining vital resources like social security and public assistance. The right to privacy is also at risk, as compromised systems may expose sensitive personal data, leading to identity theft and financial fraud (Ryng et al., 2022). This incident underscores the need for robust cybersecurity measures to protect these fundamental rights.
Given the severity of this type of digital outage, there is an urgent need for robust federal cybersecurity legislation. This incident underscores the necessity for pushing reforms to enhance regulatory oversight and strengthen protections for the digital infrastructure crucial to our modern society.
Sources and further reading:
Boghosian, H. (2024). The CrowdStrike outage shows our dependence on Big Tech overlords. Los Angeles Times. https://www.latimes.com/opinion/story/2024-07-23/crowdstrike-outage-microsoft-tech-security> accessed 1 August 2024.
CISA (2024). Widespread IT outage due to CrowdStrike Update. Cybersecurity and Infrastructure Security Agency CISA. <https://www.cisa.gov/news-events/alerts/2024/07/19/widespread-it-outage-due-crowdstrike-update> accessed 1 August 2024.
Da Silva, G. F. &. J. (2024). Microsoft apologises after thousands report new outage. <https://www.bbc.com/news/articles/c903e793w74o> accessed 1 August 2024
Milmo, D., Kollewe, J., Quinn, B., Ibrahim, M., & Taylor, J. (2024). Slow recovery from IT outage begins as experts warn of future risks. The Guardian. <https://www.theguardian.com/australia-news/article/2024/jul/19/microsoft-windows-pcs-outage-blue-screen-of-death> accessed 1 August 2024.
Ryng, J., Guicherd, G., Saman, J. A., Choudhury, P., & Kellett, A. (2022). Internet shutdowns. The RUSI Journal, 167(4–5), 50–63.
Comments