Beyond the CrowdStrike outage: The larger forces at play, and a long-term view on cybersecurity

This episode discusses the implications of a significant CrowdStrike outage, examining its impact on global cybersecurity practices and how it reflects broader technological and geopolitical challenges.

1. The CrowdStrike outage was primarily caused by a problematic content update, reflecting the delicate balance cybersecurity firms must maintain in rapid threat response.
2. Modern cybersecurity challenges are compounded by geopolitical tensions and the accelerated pace of technological developments, including AI.
3. The incident underscores the critical need for robust, agile cybersecurity infrastructures capable of adapting to new threats while minimizing disruptions.
4. Companies must enhance their quality assurance and testing protocols to prevent similar incidents, which can have widespread, disruptive effects.
5. The future of cybersecurity involves a more integrated approach, leveraging AI and other technologies to protect against increasingly sophisticated threats.

1: Introduction and Outage Overview

Todd Bishop introduces the episode and outlines the recent global IT disruptions caused by a CrowdStrike update. Key topics include the initial impact on services and the immediate response. Todd Bishop: "Welcome to GeekWire, where we dissect pivotal moments in tech."

2: Technical Breakdown of the Outage

Eric Moore explains the technical specifics of the CrowdStrike update and its consequences, providing insights into cybersecurity practices and the challenges of protecting large-scale IT environments. Eric Moore: "It's crucial to understand the cascade effect in cybersecurity incidents."

3: Bigger Picture Implications

The discussion shifts to broader cybersecurity issues, including the role of AI and geopolitical factors in shaping security strategies. Eric Moore: "We're seeing a shift in how cybersecurity is managed, largely influenced by external geopolitical and technological forces."

4: Long-term Cybersecurity Strategies

Exploration of long-term strategies for improving cybersecurity frameworks to handle emerging global threats effectively. Eric Moore: "Adapting our approaches is not optional; it's imperative for future security."

1. Regularly update and patch systems to guard against known vulnerabilities.
2. Implement robust testing protocols for any new software updates, especially those critical to system operations.
3. Educate employees about cybersecurity best practices to prevent breaches from internal sources.
4. Engage in continuous monitoring of IT environments to detect and respond to threats swiftly.
5. Collaborate with global cybersecurity communities to stay informed about new threats and defensive techniques.

This week: the aftermath of the CrowdStrike outage, the larger forces at play, the future of cybersecurity, and where the world is headed long-term.

Our guest is Erik Moore, a veteran of the cybersecurity field and program director for the online Master of Science Program in Cybersecurity Leadership at Seattle University's Albers School of Business and Economics.

Moore says cybersecurity companies are facing faster and more complex threats due to factors including AI, and geopolitical and financial forces, requiring quicker responses. Current testing and deployment processes need to be overhauled handle these new challenges effectively. But long-term, he's optimistic about where the field and the world are headed.

People

Eric Moore, Todd Bishop

Companies

CrowdStrike, Microsoft

Books

None

Guest Name(s):

Eric Moore

Content Warnings:

None

Speaker A
It has been an extremely difficult couple of days in the technology world, and really in the world writ large. We are in the midst of a global it outage right now, affecting flights, businesses, banks, healthcare providers, 911 services. A lot of businesses around the world are affected, including Microsoft. A lot of those blue screens of death, right? The problem was not a cyber attack, but rather a bad update from the crowdstrike cybersecurity firm that crippled windows machines around the world.

Speaker D
So what is this company? Crowdstriked? It isn't exactly a household name, and most people have probably never heard of it before the global meltdown yesterday. But the firm is a powerhouse in the cybersecurity industry, using cutting edge technology like AI to monitor and prevent cyberattacks. But there are larger issues at play here.

Speaker A
Our guest on this week's show, Eric Moore of the online Master of science program in cybersecurity leadership at Seattle University, says cybersecurity companies are facing faster and more complex threats due to factors including AI and geopolitical and financial forces requiring quicker responses. Current testing and deployment processes need to be overhauled. But long term, he's optimistic about where the field and the world are headed. Really buying into that cyber society will get us new cures like CRISPR and. Things like that, where people are collaborating.

Speaker E
All over the planet. It will help us protect the environment. As sensors all over the world collaborate and pull things together so that we have active items we can do to solve environmental problems. And it will also help us one. Day, I hope, get to the stars.

But we will not do that without. All of the cyber infrastructure that we've talked about today without living through an incident like the one we just did.

Todd Bishop
Welcome to Geekwire. I'm Geekwire co founder Todd Bishop. We are coming to you from Seattle, where we get to report each day on what's happening around us in business, technology and innovation. What happens here matters everywhere. And every week on this show, we talk about some of the most interesting stories and trends in the news.

This week, there was a big outage at the end of the week that impacted windows computers around the world related to a cybersecurity company called Crowdstrike. I'm on the line now with Eric Moore. He is the program director for the online master of science in cybersecurity leadership at Seattle University's Albers School of Business. Eric, it's great to have you here. Yeah, it's good to be here.

Speaker F
I think there is something big going on in terms of changes that are going on in the world that lead to impacts like this. I don't think it's just the Crowdstrike company, but really glad to be here talking about it. That's great. I was interested in talking to you in part because of some emails that we exchanged where you got into these bigger picture issues that are reflected in what we saw today with Crowdstrike. But before we get there, can you give me a sense for your understanding for what Crowdstrike is?

Todd Bishop
Because I saw this name, I remembered the name of the company, but in some ways, it was like SolarWinds a couple years ago where I was like, oh, yeah, I know about that company. I know they're important, but I don't know exactly what they do. So for the uninitiated out there, what is Crowdstri strike? So I think initially we could have. Said that it was an endpoint detection.

Speaker F
And response software company that would put an agent on computers and allow for a rapid response when they might be subject to an intruder attacking them or malware being deposited and running on them or things like that. You can think of it kind of like Microsoft Defender, which would be your antivirus software, and it would load up. Kind of the same way. But the difference is that this is used in larger enterprises, and that's why. You don't usually see it at home or in small businesses and things like that, because you're paying an extra fee to have a much more immediate response and a much more orchestrated dashboard that.

Speaker E
Can go across huge enterprises to be. Able to respond rapidly, responding to whole groups of machines across the planet. That's why Crowdstrike is a well known. Name, but not necessarily a lot of. People knowing what it's about.

Speaker F
We can think of it as several components. One would be an agent that would be on the computer that would be able to monitor behavior and stop some things that were happening that the local virus protection software may not be able to catch. It also offers the enterprise you're working. With a chance for their professionals to. Go in and see what's happening on that computer and intervene if it's something.

They think should be stopped or if. You need to allow it to progress. Or something like that. It also offers analytical tools for things like cyber forensics to be able to go in and check out what really. Happened with a particular process or virus.

Or bug that might be on a machine. And it offers great dashboards to be. Able to see what's going on. It's not the only company that does. This, but it's one company that's very well known around the world because of its large footprint.

Speaker E
That's why we saw the impact we. Did for this particular software. My understanding is that it often activates at boot up, and you use the word endpoint. And when I think of endpoint, I think of a PC or a phone, but in this case, obviously a PC. And the fact that it loads at boot up and it's looking for these kinds of intrusions or threats that you're talking about right from the very beginning is one of the reasons why people who were trying to install the update and boot their computers back up saw the blue screen of death with this problem that we saw at the end of this week.

That's exactly right. And you have to think that it's. Partly a race condition with the other software that's out there, the malware that. Might be trying to rootkit your system, Crowdstrike, has to make sure that it. Boots before any malware may have a chance to get under it.

Todd Bishop
I initially was under the impression and then was corrected that this was a software update that caused the problem with Windows machines. But in fact CrowdStrike said it was a content update. Can you give me a sense for what that means and what the difference is and how that might play out? Yeah, these two things are kind of ambiguous terms. I mean, any bit of code in.

Speaker F
Some senses, is software, right? So we can know that some process. Or some profile was pushed out into. The crowdstrike agent and that this did come into conflict with the operating system. And so that is what we're talking about.

A particular channel within the push was affected, and there's a particular file that was loaded there that did conflict. And removing that file can make things better. Once you remove the file that it can come up. That sounds kind of easy, right? But think of an enterprise of 40.

Or 100 or, you know, even a larger 100,000 or larger computers that you've. Got to update all at once. And you've also got to remember that there may be other security software writing there that you may have to get through in order to do that update. When you look at what happened today, can you remember something of this nature happening at this scale in the past? Log four J was another incident where.

That happened over a winter holiday. I remember being there with my team. We were scrambling. We had to shut down all our systems and it was a little different because there it didn't shut down automatically. We had to go in and shut.

Speaker E
Down the systems to prevent them from. Being vulnerable until we could get the patches implemented. In a way this is a better incident than log four J would have. Been on Apache style servers. But in those kinds of incidences, we realize it's business disruptive in the security community.

And, man, you really want to avoid. Being business disruptive because cybersecurity is a. Service to empower business. That's what it's all about. So being smooth, being part of the process, being facilitative and supportive and making things resilient without destroying functionality is what.

It should be about. We know that as cybersecurity pivots and as threats pivot, then cybersecurity also has to be really agile and move along. And so disruptions like this can happen to the distribution chain, to the rapid. Testing environment, to make sure that things. Are actually going right into the code.

That the profiles that go through are. Operating correctly, and that it's getting some kind of assessment. Now, the processes that we've used traditionally. For testing and distribution have radically changed with tools like crowdstrike. Just as you were talking before, it's not necessarily a software update in the.

Speaker F
Sense of a patch that we might traditionally think, but it's a way of. Accelerating the response so that as malware. And as perpetrators rapidly adapt and innovate. Then these tools can be applied almost immediately. And that's what we've gone.

You probably remember when software updates were, oh, it's once a month or once. A week, once a day, once an. Hour, once a minute, or within 5 seconds. Right. You want to get something out there really fast now to stop the waves of attack that come across the systems.

And we're seeing this a lot because really, we know that artificial intelligence is. Accelerated malware code development. It's accelerated the ability to analyze vulnerabilities. And a lot of other areas that, but also realize that it's accelerated our. Ability to respond to those things.

Speaker E
And all the major defender organizations are. Now using artificial intelligence as part of their response. So adapting that, embedding it in their systems, will be being next up. We'll explore some of the larger issues behind all of this. I wanted a career in it, but I didn't know where to start.

Speaker H
WGU makes it simple. Their accredited online degree programs cover all kinds of it specialties, and they have valuable industry certifications built in at no extra cost. The payoff? Having those certs back up my degree makes me look even better to future employers. A nonprofit university that includes top industry certs in their programs.

I choose WGU. Learn more at wgu.edu. itsertsincluded.

Todd Bishop
Welcome back. My guest this week is Eric Moore, program director for the online master of Science program in cybersecurity leadership at Seattle University's Albers School of Business and Economics. So all of this raises the question of what could be done to avoid situations like what happened this week with CrowdStrike. So I'm sure that CrowdStrike is reviewing their product in detail and making sure that they're updating their supply chain, their. Quality assurance and their testing, so that when they're pushing out these objects, that they're getting some assurance that they're going.

Speaker E
To be non disruptive and also that. They'Re going to be effective against the threat. And this is an edge that all companies really ride on. Right? They need to push lean in hard.

Speaker F
Enough in order to make sure that they cover their clients from threats, but not lean in so hard that it becomes disruptive. And I think it depends on your application, but I think all of us. Would prefer that companies lean in. Right? You want them to lean in.

It's better to say there was a disruption today and we put the patch out rather than there was a disruption. Today, and a lot of hardware, software, and accounts were lost, and they're being. Sold on the Internet right now. So we would prefer the one we. Had during this incident than we would the other kind.

And I think that leaning in now is more likely for all companies, not just crowdstrike, but all companies in this boat. And the reason is because of this acceleration I was talking about. And it's not just an acceleration because of artificial intelligence. Several things are happening. One, we know that there are more.

Geopolitical tensions, and that leads to more geopolitical cybersecurity activity with nation state adversaries or nation state sponsored adversarial behavior. We know the elections are coming up. So that's a real thing. One other big thing is happening that. I didn't mention earlier in the email.

Speaker E
And that is that we're, as a planet, we're moving to domains of control. And that means that organizations like Microsoft and Crowdstrike are part of a domain of control which we might think of as a us based domain of control, but includes a lot of countries that come in out of that. And that there's a chinese base of control that would involve Huawei and other technologies that they would be producing, and that there's a need to shore up those resources as we add these technologies. And there's also activity that goes across those boundaries. And as you know, coming from Russia right now, there's activity coming out of there as well.

Speaker F
So, I mean, we don't need to go into the details of what's going on that way, but it's important to know that it's not just cybercrime and cyber profit from that crime that is driving this, that there's also a geopolitical. Tension component that drives a lot of these attacks. And all of these companies that are. Cyber defenders are really facing a fairly large arsenal and having to defend aggressively. And so what we saw here is an artifact of that aggressive defense that's likely going to happen more with other companies, too.

Todd Bishop
So if I'm hearing you correctly, they, Crowdstrike in this case, was so eager in many cases, and maybe this is a caricature, but they were so eager to get the fix out for something that they might have been seeing in the cyber threat landscape that it went out too early, before adequate testing or before they were able to put in place things that could roll it back. Am I on the right track there? Yeah. I'm not speaking about what would have. Necessarily happened directly at CrowdStrike, but generally, this is the position that all companies are in right now.

Speaker E
They have to be very aggressive about increasing their distribution, increasing their identification and response to these threats that are going on out there right now. So we would put them in that position. And while their quality assurances that it's. Designed may not have been inadequate for any one moment, as this tension builds. Up, as the need to respond quicker and quicker goes, then they just need to revise it and ensure that quality assurance and make sure that the distribution.

And testing the quality assurance is maintaining. Pace with the development of the incident response programs that they're pushing out as well. Very interesting. How do you do that? I mean, in practice, does that mean more people?

Todd Bishop
Does that mean better technology, different processes? What does that look like when you talk about cleaning it? All of that? Yeah, you're really right on there. So there are, for instance, if you're using artificial intelligence to put out threat.

Speaker E
Identification, then there is some ambiguity in. Whether you would be able to trust that profile and be able to push that out. Is that immune system going to respond. To the host as well and cause some negative effect? That's one thing that may happen.

Speaker F
Other things that might happen are you, you put it out and, but the. Threat is morphing in a way that. You didn't expect, and so then the threat can bypass something you may have put out. So all this is happening in real time. But I think one thing that crowdstrike and other companies do in this space is very effectively also escalate to teams of real cybersecurity research, cybersecurity experts that look at each case manually, but they.

Speaker E
Need to automate as much as possible. Because even with a lot of cybersecurity people in huge security operations centers, you. Still need to have automated response to handle a planet. Right? And that's what we're talking about here.

Speaker F
We're protecting a planet, not just the nation, not just a few companies, but. We'Re talking about the cyber resilience of society itself. And it's really a passion of mine. The idea that we're moving into this. Cyber driven facilitation of our science, our.

Research, our development, our engineering, our politics and our diplomacy, and our civil infrastructure, which is what's critical about this particular incident. I've been working on defending critical infrastructure. For decades and really looking at these ideas of how we ensure that we have a resilient critical infrastructure. And what I'd say today is that. Crowdstrike didn't make me doubt that we're doing good defense of our critical infrastructure in so many ways, but that they're.

Speaker E
Leaning in on where we're needing to go. That's kind of the sense I got. I have not talked to my friends at Crowdstrike. I'll be doing that later today. But I do find that we're, we're really, we are leaning in right now.

Speaker F
And so we're likely to see other artifacts of that pressure come out in our society. An event like this is not good. And it's disruptive, and it hurts lots of people. Hospitals were affected on and on and on. But we should leverage this opportunity to.

Make people more aware that in our political system, as we vote, as we think about writing a letter to a department that handles these kinds of things. Supporting cybersecurity, efforts to increase in resilience is important because a larger portion of. Society, non traditionally, has to be devoted. To this kind of work so that. Science can accelerate, so that engineering and.

Speaker E
Civil services can accelerate the roads. Everything we have is running on these databases now. The repair of the roads, the design of the roads, and you think about the physical things around us, it's really. All cyber dependent now. So letting people know that investing in these kinds of resources and in the.

Continuous development of these kinds of resources is going to be important from now forward. Next up, Microsoft and the long term view.

Todd Bishop
Microsoft was, for better or worse, the public face of this outage in some ways because it did impact Windows. And Microsoft found itself trying to make it clear to folks that this was not a Microsoft outage, even though Microsoft Windows was out, it was caused by this CrowdStrike content update. There was a segment actually on Morning Joe this morning where Joe Scarborough said, this is a sign that Microsoft is too pervasive, too dominant in our society. It's just a little frightening. Willie, this is what happens when you have companies like Microsoft that many people consider to be a monopoly.

Speaker C
If something goes down with Microsoft, with Microsoft software, just about everybody is impacted and just about everything, as far as commerce goes, seems to be shut down. What would you say to somebody who has that perception? I would say that a few years back, years ago, this is just one small example. Russia was running their own operating systems. They have excellent coders and they were.

Speaker E
Designing their own software and producing their own things. And maybe about seven, eight years ago, I went over there and I was kind of shocked. Everybody was using Windows. And if you talk about the domain of control and the fact that our nation is one of the, not one of, but the default leader in this. Type of technology, this desktop technology, puts.

Speaker F
Us in an amazing place on the planet that we've been able to achieve that. If you consider the impact of having control over those technologies around the world really provides and the ability to provide assurance like an umbrella of security across large areas, I think that Microsoft has afforded us that by winning really a global competition in cybersecurity. And they're not the only operating system out there. Apple is really out there. And while Apple and Linux are much smaller groups in that sense, I really don't think that it's Micro.

We should question that Microsoft is powerful. Sure, let competitors come in and compete, let the open market do what it will. But at the same time, Microsoft has been doing an amazing job. If we go back two years ago before defender really got a the support team red teaming it, I think that Microsoft used to say, well, security cybersecurity is really buy some virus software. We don't do that.

But Microsoft bought in early into that process. Windows Defender is still one of the best virus protection softwares out there. And by the way, there are a. Lot of other great ones that have. Also special features that people may need.

Speaker E
So they really did buy into that. And they worked very closely with their partners, including CrowdStrike, to ensure that they provide a really resilient network. In the face of everything I said. About artificial intelligence, about nation state adversarial behavior, about the rise in cybercrime driven. By crypto ransomware and the resale of.

Speaker F
Accounts and private data. I think they're doing an amazing job. To get us into some kind of. New type of stability that we could. Call the new cyber driven society.

And I'm really grateful they're out there doing this good work. But I do think that having diversity. In this area, there are ways of doing it. I just published a paper recently on. This at the Hawaiian Information Systems conference, the Hicks conference this January, on new ways to do this type of resilience.

And so I look forward to seeing more ways like that. And I don't think that Microsoft can stand alone, but it's also important to remember that in order to create this. Critical infrastructure that's been identified by the. Federal government, there are many, many companies. That could have been in this situation, and we could have said the exact same thing.

Speaker E
Why do we rely on them so much? Why are we doing this? These are other companies that help us create a really resilient, a healthy, a. Robust domain of control here in the US. And all those companies underlie the Internet, provide resources for our Internet service providers, and provide a security for the parameters of our domains of control.

Speaker F
And so any one of those companies could also run into trouble, and we might be asking the same questions about them. And indeed, there is churn in the market over time. That's realistic. So that can change. But I think we have an amazing posture in this country for being able to respond to things like this.

And while we will see disruption as. Our society evolves into a techno driven. Society, I'm grateful we've got the teams we do out there making this happen. As we saw, there was a disruption. But rapidly patches come out.

People go to work making those things happen, and we see a recovery there. And I was glad to see that happen. Eric, is there anything else youd want to get across on this overall topic? Big picture, especially when you look at these issues long term. If I consider these issues really long term, okay, ive got to go way out there.

Todd Bishop
All right, thats fine. Yeah. Yeah. I'd say that our society, if people say we want to turn away from technology, we don't like this. Why don't we go back to paper and pencil?

Speaker E
Then the kinds of integration that we. Have in science and engineering and diplomacy and other key areas of our society. Including the deep infrastructure that provides us. With electricity, will not be resilient, will. Fall apart to a certain degree, and society itself will not be as stable.

Speaker F
As we might hope. And that buying into this with our votes, with our support, with, as we answer a poll or as we think about characterizing a company, really buying into. That cyber society will get us new. Cures like CRISPR and things like that. Where people are collaborating all over the.

Planet to produce something like that. Right. It will help us protect the environment. As sensors all over the world collaborate and pull things together so that we have active items we can do to solve environmental problems. And it will also help us one.

Speaker E
Day, I hope, get to the stars that we become a space faring species. And that we go for it. But we will not do that without all of the cyber infrastructure that we've talked about today, without living through an incident like the one we just did. And so I would say let's see that vision and let's continue to move forward. Let's make sure we're supporting ourselves as.

Speaker F
We head that direction. Eric Moore is program director for the online master of science in cybersecurity leadership at Seattle University's Albers School of Business. Eric, thank you very much. This has been great. Yeah, glad to do it.

Speaker E
Thanks. Thanks for the opportunity. Thanks for listening. I'm Geekwire co founder Todd Bishop. We'll be back next week with a new episode of the Geekwire podcast.

Speaker F
Our channel.