sign up log in
Want to go ad-free? Find out how, here.

CrowdStrike: the massive companies you’ve never heard of with a hidden grip on our lives

Technology / analysis
CrowdStrike: the massive companies you’ve never heard of with a hidden grip on our lives
No one ever wants to see the blue screen of death. Sakuoka/Shutterstock
No one ever wants to see the blue screen of death. Sakuoka/Shutterstock

The world is saturated by services and products provided by companies that have a “secret grip” on the way we live. In 1951, the French-born American industrial designer Raymond Loewy described a typical day “of the average guy” from the moment he wakes up until he goes to bed. The point being that the average guy’s life was saturated with designed products.

In 2024, the average person may be woken by an alarm on a smartphone, and benefit from hot water that is controlled by smart heating controls – also linked to a smartphone and the internet. There might be a delivery tracked via the internet and a ring on a doorbell also linked to the internet. Online banking links them to an array of financial services.

Our lives are increasingly dependent on being able to access what I have termed the “cyber-energy-production plexus”. This “plexus” is basically an interwoven combination of elements that form a structure or a system. Regulating our modern lives, it needs to be “on” every second of the day.

It has formed around the multiple connections between telecommunications, energy, and manufacturing and service systems. It exposes everyone to unknown risks, including the sudden failure of the plexus and all the services coupled to it.

On July 19 2024, part of this plexus failed when the faulty CrowdStrike software update caused an outage, and the outcome was a minor digital pandemic across the world as the computer systems of whole industries came to a halt.

Consumers and producers began to appreciate how dependent they had become on interlinked technologies. The next digital pandemic could bring down the complete plexus for a few hours or even days.

Hidden grip

Perhaps unsurprisingly, the internet is at the centre of this plexus. There are more than 1,000 companies like CrowdStrike, whose actions can negatively impact on its functioning.

This of course includes the obvious names – Microsoft, Alphabet (Google, Google Cloud), Amazon, and Meta (Facebook). There are also less well-known companies like Cloudflare, which provides cloud cybersecurity services and domain name system services. Any disruption to Cloudflare results in problems accessing the cloud and disruption to the internet.

Then there are companies like Lumen Technologies, the US telecoms company that plays a critical role in global network connections. Lumen Technologies operates a tier one network. Tier one networks are the “motorways of the internet” as they provide high-capacity critical global links.

There are around 14 tier one networks. Any disruption of them would result in the fragmentation of the internet into smaller isolated networks that would be disconnected from one another. Without the tier one networks, tier two networks would be left to provide service support – and these operate only regionally or nationally.

The list also includes companies like Swift, which facilitates cross-border payments. More than 11,000 financial institutions are connected to Swift, and this company plays a central role in the global financial ecosystem.

Any disruption to Swift could spark chaos, with problems transferring money around the world or some financial institutions experiencing duplication of payment transfers.

Then there are telecommunications companies, such as Verizon, Rogers or BT. Both Verizon (2019) and Rogers (2022) have been involved in localised internet outages of short duration. Rogers, the Canadian telecommunications company, updated its network in 2022 and the outcome was a one-day outage that impacted on the country’s critical infrastructure – debit payments, banking services and even hospitals and emergency service calls.

The plexus is configured around satellites and around 1.5 million kilometres of submarine fibre-optic cables that connect continents but which people are largely unaware of. Something like a natural disaster could damage these cables at any time, causing a catastrophic failure.

And there is a symbiotic relationship between the plexus and energy generation. Power failure could be a result of a fault with the plexus, which itself cannot operate without power.

The complexity of the plexus means that it is vulnerable to human error, as appears to have been the case in the CrowdStrike event. Then there are equipment failures and maintenance issues. Bad weather can also impact its operation, causing localised outages.

On top of all this it could be vulnerable to various types of cyberattacks, such as malware or border gateway protocol hijacking. In addition, tier one network cables are critical global infrastructure and can be damaged accidentally or targeted by terrorists or hostile military forces.

For people, companies and governments the key is to have contingencies in place to be prepared for failures and outages. But most of us are unprepared.

Any long-term disruption to the plexus would make everyday living exceedingly difficult, with the potential for looting and disturbances if, for example, internet-connected alarms were hit.

In the most severe cases – thankfully not seen in the CrowdStrike incident but tragically present in the case of internet outages in Sudan when emergency food supplies were disrupted – plexus failures can even cause death.

All this suggests that while there are undeniable advantages from the evolution of the cyber-energy-production-plexus, there remain a great many known and unknown risks.The Conversation


John Bryson, Professor of Enterprise and Competitiveness, University of Birmingham.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.

3 Comments

The most crucial part of the internet is DNS (Domain Name System)  - without DNS the internet as a whole will not work (especially websites). While CrowdStrike provide services to some of the internet users, DNS is far more important and ubiquitous. A few years ago there was an update to DNS which knocked Sweden off the internet for a day or so. Even if corrected immediately the way DNS works means that it can take some time (hours or days) for the faulty update to be flushed from the entire system. 

https://www.darkreading.com/cybersecurity-analytics/dns-error-causes-sw…

The CrowdStrike issue with Windows based systems was not the first time CrowdStrike have borked an update - apparently they did something similar to Linux based systems previously. 

For the geeky here is an explanation of the cause of the outage from a former Microsoft developer. 

https://www.youtube.com/watch?v=wAzEJxOo1ts

 

Up
1

Most folk just assume that 'experts' are in control, and know what they're doing. It is the only way to navigate life in a complex society. 

But there is nobody in overall control. Nobody. Which means we get patches in single siloes. Bandaids but no surgeon. 

And the whole System was predicated on GROWTH - which is leaving us. As it was always going to. One of the things we will triage - and abandon - is complexity. And very few are contemplating the level at which we can maintain - but it doesn't include 4-lane highways to wherever.... Or the 'net, more than likely.

 

Up
0

Yet the powers that be are increasingly pushing us into accepting this ruling of our lives by unaccountable behemoths whom ordinary people have no way to hold to account - digital cash anyone? What about a "vaccine" pass?  The alternative being to not be able to engage in the world as a "normal" human or access basic human needs like housing.  And increasingly our information and data is held by said behemoths at exponential rates.  This year alone I have had no choice but to undertake several AMLs - my digital ID & biometric data now sitting in multiple multinational databases.

Up
0