The Big Picture
In July 2024, a software update from the cybersecurity firm CrowdStrike caused Microsoft Windows operating systems to crash—resulting in potentially one of the largest IT outages in history. The outage disrupted critical infrastructure operations by grounding commercial flights and interrupting critical hospital care, among other impacts.
CrowdStrike’s investigation of the incident found that a faulty security update caused widespread system failures, affecting millions of Windows systems. Although the CrowdStrike crash was caused by human error and not a cyberattack, it highlights similar vulnerabilities we saw during the SolarWinds attack in 2019. In that event, instead of attacking systems directly, malicious actors targeted system support software. That software, SolarWinds Orion, was widely used by federal agencies to monitor network activity and manage network devices. This allowed the threat actor to breach several federal networks. Cyber incidents at federal agencies and the nation’s critical infrastructure sectors, such as transportation and healthcare, are growing in number, impact, and sophistication. Federal entities, such as the Cybersecurity and Infrastructure Security Agency (CISA), lead efforts to coordinate national cyber policy and critical infrastructure cybersecurity.
No comments:
Post a Comment