Clara Kristanda rants about the CrowdStrike outage, which is elaborated on in the News section of Grapeshot’s Issue 4: FREAK.
On the topic of FREAKS, it seems we’ve let these freakishly giant companies (and when I say “companies” I mean two in this case – Microsoft and CrowdStrike) be so infused into how we operate that when one system update error occurs, world news broadcasters can’t function properly [1], flights are grounded [2], hospital systems are delayed [3], grocery stores have to close shop [4], and police can’t respond properly to incidents [5].
I don’t come from a tech background, but I don’t think you need to come from one to realise that we shouldn’t’ve gotten into this dynamic with business models that are meant to add convenience, not necessity, into our lives. After the event, analysts and the media have been quick to call this the “largest IT outage in history” [6][7][8], although some outlets like the Australian National University have harboured an optimistic approach to this, taking the opinion that “what’s lost in that framing [of catastrophe, dramatism] is that the fix was identified quickly and a patch was pushed out in six hours” [9].
However, in those six hours, clearly not enough people globally were prepared to fall back on an alternative method of operating without Microsoft devices, which speaks both to our current technological illiteracy and how complacent we have been in having our systems, especially our essential public ones, rely upon these megacorporations to run smoothly.
The update error was a benign cause and it only affected two companies, so what happens to our wide-reaching services like public infrastructure if something like a cyber-attack was successful in compromising an organisation like Microsoft? If something more sinister happened, what would that mean for the current way our bureaucracy, data and communication systems are set up?
This outage has shown that at large, we currently do rely on the safety of these giant for-profit businesses for our basic operations, even those third-party companies that don’t directly hold sensitive information or impact the operations of a hospital or an airport, for instance. The average person has always seemed to be at the mercy of their larger structures like their governments and healthcare systems, but do we really need to add billionaire companies to the list?
Anecdotally, during the outage in my place of media work, some of what usually is conducted with the support of Microsoft and CrowdStrike was dealt with simply by going back to “the old way of doing things”; how people worked before the industry’s use of the cloud. This worked because we had people in the company who remember working before things were highly tech-based, but also due to how workers were able to communicate quickly and physically.
I don’t work in a high-tech industry, however, in every single job I’ve had, I’ve only been trained on the latest systems which assume that third parties will operate at 100%, 100% of the time. If that holds the same for people who work in industries where critical operations must rely completely on the latest computers (perhaps hospitals, for instance), what happens when the younger generations like millennials, gen-z’s and gen-alphas continue to be untrained in analogue, or (in this case) “pre-Microsoft” methods of working?
I mean, there was a reason why Brave New World resonated with so many, but whatever, I’m prone to the slippery-slope argument here, so I won’t go further. I understand that without these companies we probably couldn’t do things as efficiently or as en-masse as we can. But I think we’ve already put the frog-in-boiling-water and bumbled down a bit of a slippery slope, because since when did technological convenience become conflated with necessity? We should know how to stay cyber-safe without another company doing it for us, and before then we were supposed to have our sensitive records as physical copies, only uploaded digitally in case the papers were lost or we didn’t have space to hold them. We used to check in to the airport with a real person; we used to pay for our bread with cash handed over to the cashier.
So the headlines weren’t on update patches.
ENDNOTES
[1] Lee, Allan. Can We Avoid a Repeat of Friday’s CrowdStrike Crash Chaos? Special Broadcasting Service, 22 July 2024.
[2] The Guardian. “Delta Faces $500m in Costs from CrowdStrike Global Tech Outage.” The Guardian, 31 July 2024, www.theguardian.com/technology/article/2024/jul/31/delta-cost-revenue-crowdstrike-outage.
[3] Cox, David. “The Global IT Outage Sends Hospitals Reeling.” Wired, 19 July 2024, www.wired.com/story/hospitals-crowdstrike-microsoft-it-outage-meltdown/.
[4] Sutton, Candace. ““Absolute Chaos” at Woolworths as Outage Strikes.” Mail Online, 19 July 2024, www.dailymail.co.uk/news/article-13650411/Microsoft-Crowdstrike-outage-Woolworths-seveneleven.html.
[5] McKenna, Charlie. “Crowdstrike Outage May Be to Blame for Slow Response to Hit-And-Run, Worcester Police Say.” Masslive, Aug. 2024, www.masslive.com/news/2024/08/crowdstrike-outage-may-be-to-blame-for-slow-response-to-hit-and-run-worcester-police-say.html.
[6] Bhattarai, Abha, and Rachel Siegel. “Largest IT Outage in History Expected to Barely Register in the Economy.” Washington Post, 20 July 2024, www.washingtonpost.com/business/2024/07/20/outage-microsoft-economy-business/.
[7] Constantino, Annika Kim, et al. “Microsoft-CrowdStrike Issue Causes “Largest IT Outage in History.”” CNBC, 19 July 2024, www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html.
[8] Swan, David , and Eryk Bagshaw. ““Largest IT Outage in History” Caused by US-Based Cybersecurity Firm.” The Sydney Morning Herald, 19 July 2024, www.smh.com.au/business/companies/microsoft-outage-across-australia-brings-down-major-businesses-20240719-p5jv2w.html.
[9] Weaver, Johanna. “What Can We Learn from the CrowdStrike Global IT Outage?” Australian National University, 2024, reporter.anu.edu.au/all-stories/what-can-we-learn-from-the-crowdstrike-global-it-outage.
Comments