Security & Risk Management

Protecting Critical Infrastructure: Lessons from the CrowdStrike Outage

Get into the details of the CrowdStrike incident, its impact on critical infrastructure, and the importance of investing in operational and cybersecurity measures.

On July 19, 2024, the global technology landscape was rocked by a major incident involving CrowdStrike, a leading U.S. cybersecurity firm. A flawed update to their security software set off a chain of failures, affecting an estimated 8.5 million Microsoft Windows computers. This resulted in the most extensive outage ever recorded in the history of information technology, with repercussions felt worldwide.

This unprecedented event disrupted daily life, businesses, and governments globally, raising significant concerns about the vulnerabilities of critical infrastructure companies. 

In this article, we unpack the specifics of the CrowdStrike incident, providing an in-depth look at how it unfolded and its far-reaching consequences. We’ll explore how this unprecedented outage impacted critical infrastructure, disrupted everyday life, and exposed serious vulnerabilities. Most importantly, we highlight actionable insights and strategies to fortify your own cybersecurity measures, ensuring you're better prepared to safeguard your operations against similar threats.

What is Critical Infrastructure?

Critical infrastructure encompasses the essential assets, systems, and networks—both physical and virtual—that are so crucial to a nation's stability that their incapacitation or destruction would have a debilitating impact on national security, economic security, public health, or safety.

Critical infrastructure is typically categorized into three main elements:

  1. Physical Infrastructure: This includes tangible assets such as power plants, water treatment facilities, transportation systems (like roads, bridges, and railways), healthcare facilities, and government buildings. These physical components are vital for the day-to-day functioning of society.
  2. Cyber Infrastructure: This consists of the information technology systems and networks that support the operation of physical infrastructure. This includes telecommunications networks, data centers, and other IT systems that ensure critical services' smooth operation and management.
  3. Human Infrastructure: This element involves the personnel and organizational structures that operate and manage physical and cyber infrastructure. Skilled professionals in sectors like healthcare, emergency services, and public administration are essential for maintaining the resilience and security of critical infrastructure.

Examples of critical infrastructure sectors include energy, water, transportation, healthcare, financial services, telecommunications, and government facilities. The interconnected nature of these sectors means that a disruption in one can have cascading effects on others, highlighting the importance of robust and resilient critical infrastructure to a nation's overall security and well-being.

Understanding the Risk Landscape of Critical Infrastructure Companies

Critical infrastructure companies, such as those in the energy, water, transportation, and healthcare sectors, are particularly vulnerable to both operational and cybersecurity risks.

These sectors rely heavily on interconnected systems and industrial control systems (ICS) that, if disrupted, can lead to severe operational failures and potential cyberattacks.

The interdependence of these systems makes them susceptible to cascading failures from seemingly isolated incidents.

Types of Operational and Cybersecurity Failures

The CrowdStrike incident highlights the potential for widespread operational failures due to software issues and the cybersecurity risks they entail. Common sources of risk include:

  • Faulty Updates: As seen with CrowdStrike, software updates can inadvertently introduce bugs that disrupt critical systems.
  • System Misconfigurations: Incorrect settings can expose vulnerabilities or cause systems to malfunction.
  • Human Errors: Mistakes by employees or contractors can lead to significant security breaches or operational failures.
  • Cyberattacks: Malicious actors can exploit vulnerabilities in systems, leading to data breaches, service disruptions, or even physical damage to infrastructure.

Both operational and cybersecurity failures can have far-reaching consequences, affecting immediate operations and the broader ecosystem reliant on these services. 

Operational failures, like CrowdStrike's faulty update, demonstrate how technical glitches can disrupt essential services. 

However, cyberattacks, which can exploit these vulnerabilities, pose an even greater threat. Cybercriminals can leverage operational weaknesses to launch attacks with devastating impacts on infrastructure and data integrity.

Why is Protecting Critical Infrastructure Important?

Protecting critical infrastructure is vital for a nation's well-being as it forms the backbone of daily life, economic stability, and national security. Ensuring the security of infrastructure means maintaining the continuous operation of essential services like power grids, communication networks, transportation, and healthcare, all of which are crucial for the functioning of modern society and the safety of citizens.

As demonstrated by the recent CrowdStrike outage and the SolarWinds attacks, disruptions to critical infrastructure can have far-reaching consequences. Natural disasters, cyberattacks, or terrorism can lead to cascading failures, crippling the economy, jeopardizing public health, and potentially causing widespread chaos and unrest.

Protecting critical infrastructure is an investment in a nation's present and future, ensuring its prosperity, security, and the well-being of its people. By safeguarding these essential systems, we can prevent disruptions that threaten the fabric of our society and maintain a stable, secure environment for all.

Lessons from the CrowdStrike Outage

On July 19, at 04:09 UTC, CrowdStrike distributed a faulty configuration update for its Falcon sensor software running on Windows PCs and servers. This update caused machines to either enter a boot loop or boot recovery mode. 

Within hours, Windows virtual machines on the Microsoft Azure cloud platform and Google Compute Engine began rebooting and crashing. The issue primarily affected systems running Windows 10 and Windows 11, while macOS and Linux systems remained unaffected.

The immediate impact was profound, with widespread service disruptions affecting airlines, banks, hospitals, manufacturing, stock markets, and more. Governmental services, including emergency services and websites, were heavily impacted, and the worldwide financial damage is estimated to be at least $10 billion. 

Despite a swift fix being released, the necessity of manual intervention meant outages lingered for days, compounding the disruption.

What Critical Infrastructure Companies Can Learn from the CrowdStrike Outage

Operational Disruptions

Operational failures and cyberattacks can lead to significant disruptions. For instance, a faulty power grid control system software update could result in widespread blackouts, affecting millions of people and critical services. 

Similarly, a cyberattack on a healthcare system can cripple hospital operations, delay treatments, and endanger lives.

The CrowdStrike incident serves as a stark reminder of how interconnected and interdependent our systems are. A single update error can cascade through various sectors, amplifying the disruption.

Critical infrastructure companies must recognize that both operational errors and cyberattacks can have equally debilitating effects.

Economic Consequences

The financial implications of operational failures and cyberattacks are profound. Recovery costs can run into millions of dollars, including expenses related to system restoration, legal fees, and penalties for non-compliance with operational and cybersecurity standards.

Furthermore, companies may suffer long-term economic damage due to loss of customer trust and potential lawsuits from affected parties.

The $10 billion estimated financial damage from the CrowdStrike incident underscores the high stakes involved. For critical infrastructure companies, the economic fallout of such incidents can be catastrophic, affecting not only their bottom line but also their reputation and customer loyalty.

Data Security and Privacy

Operational failures and cyber breaches pose severe risks to the integrity and availability of critical data. Critical infrastructure companies handle vast amounts of data, from operational details to customer information. 

A failure or breach can lead to data loss, corruption, unavailability, and exploitation by malicious actors, significantly impacting the organization's ability to function and maintain stakeholder trust.

Data integrity and availability are cornerstones of operational efficiency and cybersecurity. While the CrowdStrike incident was primarily an operational failure, it highlights the potential for data-related consequences. 

Protecting data from both operational mishaps and cyber threats is essential for maintaining trust and ensuring continuity.

Preventive Measures and Best Practices to Protect Critical Infrastructure

Strengthening Operational and Cybersecurity Posture

Critical infrastructure companies must adopt a proactive approach to operational and cybersecurity resilience to mitigate the risk of operational failures and cyberattacks. 

This includes regular system assessments, continuous monitoring, rigorous testing of updates in controlled environments before deployment, and implementing advanced security technologies like multi-factor authentication and encryption.

Regular system assessments can identify potential vulnerabilities before they become critical issues. Continuous monitoring ensures that any anomalies are detected and addressed promptly. 

As demonstrated by the CrowdStrike incident, rigorous testing of updates is crucial for preventing widespread disruptions.

Adopting Industry Standards

Adhering to established operational and cybersecurity frameworks and standards, such as the NIST Cybersecurity Framework, ISO 27001 for Information Security Management, and ISO 22301 for Business Continuity Management, is crucial for building a resilient operational and security posture. 

These frameworks provide comprehensive guidelines for managing operational and cybersecurity risks and ensuring continuity of services.

Industry standards offer a roadmap for organizations to follow, ensuring they are equipped to handle operational and cybersecurity challenges. Compliance with these standards demonstrates a commitment to maintaining high levels of security and operational efficiency.

Collaborative Efforts

Collaboration between private companies, government agencies, and technology providers is crucial for enhancing operational and cybersecurity resilience. Information-sharing platforms enable organizations to exchange insights, threat intelligence, and best practices, fostering a proactive defense stance. Public-private partnerships facilitate coordinated responses to both operational failures and cyber threats, improving overall resilience across sectors.

By collaborating, organizations can pool resources, share critical information, and develop more effective strategies to prevent and mitigate incidents. 

This collective defense approach enhances preparedness, speeds up response times, and minimizes the impact of disruptions. Joint training exercises, shared cybersecurity frameworks, and real-time communication channels are just a few examples of how collaboration can strengthen the security posture of critical infrastructure.

Who is Responsible for Protecting Critical Infrastructure?

Protecting critical infrastructure is a shared responsibility involving multiple stakeholders. Owners and operators of critical infrastructure hold primary responsibility for securing their assets. However, the government provides essential support through national strategies, regulations, and resource allocation.

In the United States, federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) lead efforts to manage risk, investigate threats, and coordinate a cohesive national response. State and local governments adapt federal guidance to their specific contexts, ensuring a comprehensive approach to potential disruptions.

The collaborative effort extends beyond government agencies to include private industry, academia, and individual citizens. Public-private partnerships, information-sharing platforms like Information Sharing and Analysis Centers (ISACs), and the vigilance of individuals reporting suspicious activity are all critical components of a robust security posture. Ultimately, safeguarding critical infrastructure demands a united front, leveraging the strengths of each stakeholder to ensure a resilient and secure future.

Conclusion

The recent CrowdStrike incident is a powerful reminder of the ever-present risks in the technology and cybersecurity landscape. 

For critical infrastructure companies, the potential impact of operational failures and cyberattacks can be catastrophic, affecting operations, finances, and data integrity. 

By adopting a proactive and collaborative approach to operational and cybersecurity resilience, adhering to industry standards, and learning from incidents like the CrowdStrike update failure, these companies can better protect themselves and ensure the continuity of essential services. 

Critical infrastructure companies must assess their operational and cybersecurity strategies, implement necessary improvements, and stay vigilant against the evolving risk landscape now.

The interconnectedness of our systems means that an operational failure in one area can quickly escalate into a more significant crisis with widespread implications. 

The CrowdStrike incident underscores the importance of robust operational and cybersecurity measures to safeguard critical infrastructure and maintain trust and reliability in the services that underpin modern society.

David Muniz
Cybersecurity Specialist at senhasegura

David is a Cybersecurity Specialist at senhasegura, bringing over 15 years of experience across Brazil and Europe. Since joining senhasegura in 2017, he has been involved in managing Analyst Relations and assisting companies of all sizes and industries in navigating the complexities of cybersecurity, especially those related to Privileged Access Management (PAM).

Full Bio and articles

Request a Demo or Meeting

Discover the power of Identity Security and see how it can enhance your organization's security and cyber resilience.

Schedule a demo or a meeting with our experts today.
70% lower Total Cost of Ownership (TCO) compared to competitors.
90% higher Time to Value (TTV) with a quick 7-minute deployment.
The Only PAM solution available on the market that covers the entire privileged access lifecycle.