Latest Trending
Last Updated, Jul 25, 2024, 11:06 PM
The CrowdStrike outage shows the danger of depending on Big Tech overlords

[ad_1]

Heidi Boghosian

Starting on Thursday of last week with ripple effects for days afterward, a routine software update caused a record-breaking freeze across much of the world.

CrowdStrike, a cybersecurity vendor deployed by Microsoft systems, installed an update that analysts say probably skipped quality testing. The result disabled an estimated 8.5 million computers in perhaps the largest cyber event in history.

Affected were Microsoft-powered systems critical to the online operations of banks, hospitals, police forces, major airlines, TV stations, and government agencies. Flights and surgeries were canceled, courts and government offices shut down, and new hacking vulnerabilities introduced, including for federal agencies.

The shutdown brought Americans’ collective cyber vulnerability into sharp focus: Our reliance on trillion-dollar tech overlords may imperil national security.

The tech providers that support infrastructure relied upon by the public and private sectors bear a responsibility to protect our safety and security. In 2023, federal Cybersecurity and Infrastructure Security Agency Director Jen Easterly proposed holding tech companies liable for selling vulnerable products. With such liability measures in place, CrowdStrike’s global outage might have been avoided.

The rapid consolidation of power in tech companies poses challenges to the government and society. Companies reaching unprecedented sizes and valuations in the trillions control digital infrastructure that people depend on at least as much as the mail and trash pickup. Tech companies now run or help run communications, commerce, and other services more nimbly than do federal agencies. But they also do it with less regulation and public oversight — as well as a profit motive.

The tech sector’s market dominance accounts for more than 10% of the U.S. economy. In 2024, Microsoft reported revenues of $211.91 billion. Other tech behemoths posted even larger figures: Amazon $574.78 billion, Apple $383.28 billion and Alphabet (Google) $307.39 billion. (Meta Platforms, formerly Facebook, posted $134.90 billion.)

A chunk of these profits goes toward lobbying and paying penalties for safety and antitrust violations, rather than investing in cybersecurity and other improvements that would reduce consumer harms. In 2023, tech giants spent at least $10 million each on lobbying while also receiving more than $3 billion in fines and settlements for breaking European digital antitrust laws and facing lawsuits by the Department of Justice and the Federal Trade Commission. 

Meanwhile, in 2022, the financial impact of poor software quality in the U.S. amounted to at least $2.41 trillion, according to the Consortium for Information & Software Quality.

Software-caused outages can be avoided in a few ways. Diversifying tech contractors and options strengthens resilience and mitigates risks. By contrast, if everyone relies on just a couple of providers, any single breakdown carries huge consequences. CrowdStrike, one of the nation’s largest cybersecurity firms, exemplifies this issue; it counts more than half of the Fortune 500 companies as customers.

Equally important is cybersecurity redundancy — multiple layers of security measures and backup systems that ensure continuous protection and functionality, even if one layer fails or is compromised. Although creating these redundancies may cost companies more in the beginning, they are investments in maintaining trust between businesses and their customers, as Javad Abed, a cybersecurity expert and assistant professor in business at Johns Hopkins University, told USA Today.

Around two-thirds of software vulnerabilities reported in commonly used programming languages stem from memory-related security flaws, such as the misallocation or freeing up of memory spaces that can enable unauthorized access or the execution of malicious code.

Earlier this year, the White House — notably, given how often the government lags on tech issues — urged the widespread adoption of “memory safe” programming languages such as Rust, Go, Python, and Java, which protect against certain kinds of bugs related to how memory is used. Yet Microsoft and other big tech companies continue to rely on C/C++ alongside other languages because those are fast and used in developing firmware, programs embedded in hardware memory to help devices operate. It is worth sacrificing some convenience to avoid devastating security lapses.

Finally, in line with Easterly’s recommendation to increase liability for tech companies, U.S. regulations need an update. Our antitrust laws should move away from focusing solely on pricing and avoiding economic harm to encompass data privacy protection and security.

Federal standards to ensure that software is secure by design would shift responsibility to vendors to provide safe products from the outset. We can also look to the European Union, where regulators are prioritizing cyber resilience through the Digital Operational Resilience Act, effective in 2025, meant to establish strict requirements to make sure the financial sector can handle information and technology threats.

Only by holding technology providers to the highest standards can we continue to enjoy the advances of an interconnected world without fear of avoidable — and possibly life-threatening — disruption.

Heidi Boghosian is an attorney and author of the forthcoming book “Cyber Citizens: Saving Democracy Through Digital Literacy.”

[ad_2]

Source link

24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com

Latest Post

Large part of Lynn Woods remains closed

Last Updated,Nov 30, 2024

Swampscott water tests lead-free – Itemlive

Last Updated,Nov 29, 2024

Mother needs help providing the Christmas experience

Last Updated,Nov 29, 2024

A cheerful fundraiser for Saugus team

Last Updated,Nov 29, 2024

Carl Daniel Reiter – The Suffolk Times

Last Updated,Nov 29, 2024

Joan Ann (Woessner) Polywoda – The Suffolk Times

Last Updated,Nov 29, 2024

Thomas L. Lewick – The Suffolk Times

Last Updated,Nov 29, 2024

Jeanette Howard – The Suffolk Times

Last Updated,Nov 29, 2024

Nina Mazzaferro – The Suffolk Times

Last Updated,Nov 29, 2024

Lynn mayor announces re-election bid

Last Updated,Nov 29, 2024

BARRETT: They ate plenty – Itemlive

Last Updated,Nov 29, 2024

Brooke Moloney, the Minutewoman – Itemlive

Last Updated,Nov 29, 2024