Black Hat Keynote: CrowdStrike Outage Sparks Global Alarm

Lilu Anderson
Photo: Finoracle.net

CrowdStrike Outage: A Global Wake-Up Call

The Incident
The global impact of the failed CrowdStrike update, followed by a Microsoft outage, was a significant wake-up call for cybersecurity leaders in the U.S. and Europe. This incident took center stage at the Black Hat USA 2024 opening keynote in Las Vegas. The failure raised crucial questions about our dependency on single vendors and the potential ramifications for critical systems like elections.

"Sadly, it was an interesting lesson for the bad guys. [They learned] It was one mechanism that started the entire process," said Hans de Vries, COO of the European Union Agency for Cybersecurity, commenting on the CrowdStrike mishandled software update.

Enormous Impact
"The impact was enormous. We have to be prepared for more of these types of cases. From a threat analysis perspective to supply chain attacks and the multifaceted cooperation needed to address these issues, they are really the biggest concerns in the coming years," de Vries added.

Key Takeaways from Cybersecurity Leaders
Joining de Vries on stage were Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and Felicity Oswald OBE, CEO of the UK's National Cyber Security Centre. Easterly warned about the "irresponsible noise" surrounding the CrowdStrike incident but emphasized the critical nature of the outage.

Easterly outlined three key takeaways from the CrowdStrike outage:

  1. Secure Software Design: "It reinforced what [CISA] has been saying about the importance of technology vendors developing, designing, testing, and deploying software that is secure by design," Easterly said.
  2. Critical Software Dependency: She highlighted the crucial role software plays and our dependency on it working properly.
  3. Cyber Resiliency: The incident showed the varied impact on organizations based on their cyber readiness, emphasizing the need for cyber resiliency.

Cyber Readiness and Resiliency
Oswald echoed the need for cyber readiness: "Resiliency is always going to be a buzzword in cybersecurity, and that's my job. But it's also the job of every public sector organization, private sector organization, big and small organizations in our civil society," she said. Oswald compared cybersecurity readiness to basic organizational responsibilities, such as financial accounting and employee health and safety.

Supply Chain Concerns
Easterly also raised concerns about supply chain vulnerabilities: "What went through my mind was 'Oh, this [outage] is exactly what China wants to do,'" she said. She pointed out that Chinese hackers, known as Volt Typhoon, embed themselves in critical infrastructure to launch disruptive or destructive attacks during major conflicts, like a potential Taiwan Strait conflict.

Ensuring Election Integrity
The panel also delved into the implications for election systems. Moderator Christina Cassidy asked about the potential impact on early voting locations. The panelists emphasized cyber resilience as the key to protecting election integrity. Oswald stressed the importance of knowing critical assets and having a plan for potential risks.

Commenting on recent European Union parliamentary elections, de Vries noted that no major cyber incidents were identified, crediting preparation and cooperation with other cyber agencies. "We had an exercise with the European Parliament and European Commission last year to make sure that they all know the process. … This is really important because we know that the threat is much bigger than five years ago."

Share This Article
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.