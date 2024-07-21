An automatic software update created global chaos and has raised questions about digital security, write TERRY MURDEN and BILL MAGEE

For the millions of over-wrought tourists, hospital patients and bank customers among those disrupted by what has been described as a “digital pandemic,” the weekend IT outage has been a stark reminder of how vulnerable we have all become to a world of computer connectivity.

Crowdstrike, the Texas-based cybersecurity specialist, ran an update on 18 July which affected Windows operating systems and in the process knocked out computer systems around the world.

Adding to calls for stronger defences to avoid another massive outage, there are now warnings that those controlling the future of the internet are pulling in different directions and adding to concerns about the security of systems and individual data.

Tesla and X CEO Elon Musk described the outage as the “biggest IT fail ever” with more than 3,000 flights cancelled worldwide, stock markets unable to issue company statements, UK broadcasters including Sky News and some BBC programmes taken off air, and consumers prevented from using electronic payments systems for simple things like coffee and taxis.

Meta’s platforms such as Facebook, Instagram, and WhatsApp were down for extended periods, leading to an estimated economic loss of over $160m (£123.8m) per hour, according to Adam Garcia, a finance expert at New York-based financial services company, The Stock Dork.

Microsoft was forced to issue recommendations to users that included rebooting up to 15 times. The crisis cascaded down to sole traders and owners of small firms who were left worrying that unless it was fixed quickly, the loss of a day’s trade could become a lot worse.

A belated apology from Crowdstrike, which admitted responsibility for the glitch, may have eased immediate tensions, but it has shown how digital transformation and cybersecurity is riddled with complexities and challenges that is testing those within the industry and the legislators trying to maintain order.

Muttukrishnan Rajarajan, Professor of Security Engineering and Director of the Institute for Cyber Security at the University of London, explained: “This is the challenge of digital transformation and far too much dependency on third party vendors for business-critical applications.

“As the cyber threats are evolving at a rapid phase these companies are also under a lot of pressure to upgrade their systems. However, they have limited resources to scale at the level they need to manage such upgrades carefully as there are lot of interdependencies in the supply chain and this is a classic example of the cascading impact a simple upgrade can cause to multiple business sectors and in this case some critical infrastructure providers.

“Hopefully, the new Cyber Security and Resilience bill… will enforce more controls in place to improve the infrastructure resilience and avoid such future issues at a larger scale to the critical IT infrastructures of major industries.”

Professor Feng Li, associate dean of research and Innovation at Bayes Business School, added: “CrowdStrike is a big name in cybersecurity, worth around $80 billion, and they lead the market in “endpoint protection”, which basically means running security software or antivirus on Windows machines. Businesses rely on CrowdStrike to keep their Windows clients secure.

“This reflects poorly on both Windows and CrowdStrike, and it is shocking this could happen with Microsoft OS (Operating System) in 2024. What’s especially surprising is that CrowdStrike didn’t carry out staged rollouts of this update – usually, you’d roll out to a small percent first, then a bigger group, and so on until everyone got it. That way, any problems can be spotted, and things can be paused or rolled back before it causes massive damages.

“It is surprising that lessons from the past haven’t been learned and that this could happen today, at such a massive scale around the world. It’s not just CrowdStrike’s fault. Although it is sensible to give an antivirus company privileges to update their systems, a robust OS shouldn’t let things like this happen.

Dustin Sachs, chief technologist at CyberRisk Alliance, said the outage should make organisations change their approach to testing resilience even for something as seemingly normal as an automatic update.

It was intended to enhance security, but “inadvertently caused systems to fail, highlighting potential flaws in the update process,” he told the SC Media website.

“The incident underscores the importance of rigorous testing before deploying updates. “We can’t just install an update when it comes out. There must be some level of testing.”

In the meantime, our digital way of life will continue to be caught in the cross-fire of what amounts to a global battle over the future direction of the Internet. In one digital corner are online purists headed by World Wide Web creator Sir Tim-Berners-Lee who is pressing for more discipline and security on the net.



In the other are the free-for-all-advocates led by the likes of Facebook owner Meta and Musk’s Tesla trumpeting a metaverse-led social and entertainment playground.



For the past decade Sir Tim has been working with Massachusetts Institute of Technology (MIT) on a new web infrastructure called “SOLID” – SOcial Linked Data – a decentralisation project aimed at radically changing the way web applications work.



The aim is to achieve true data ownership for all with Web3 described as the next evolutionary stage of the net. This would mean levelling out (not a phrase I like) a haphazard, uneven and unsafe distribution of data ownership.



However, this directly clashes with those behind the nascent metaverse aiming to wrest control of key – highly lucrative – parts of the net using various techniques headed up by artificial intelligence, augmented reality and virtual reality AR to manage, exploit and harvest our identities.



This has been labelled the “Metaverse Economy”, promising monetisation unequalled to date. Forecasts put this as much as £10 trillion by 2030. Such commercial pressures come with them tremendous cost to our online privacy and with it growing ethical threats.

