Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, said that today’s CrowdStrike outage – one of the largest IT outages in history – highlights the need for a tough look at digital resilience capabilities.
The widespread outages – affecting Federal government agencies, airlines, banks, hospitals, and other essential sectors worldwide – were caused by a defective update to CrowdStrike’s Falcon security software that the cyber firm pushed to Windows operating systems early Friday morning.
Speaking at the Aspen Security summit in Colorado, Neuberger said her morning started with a 4 a.m. call from the White House Situation Room to brief her on the matter. Neuberger also said she made calls to CrowdStrike CEO George Kurtz and her counterparts around the world to offer the U.S. government’s help.
“I think it highlights both the degree to which our economies, our national security are now digital and interconnected in a fundamental way,” Neuberger said.
“At this point, we believe that it is an IT-related patch, an issue with that patch, I think [CrowdStrike is] determining what went on there, but it does highlight the need for us when we are such a digitally connected country and global economy … to ensure that we have the resilience,” she added.
Due to the patch issue, thousands of Windows machines worldwide experienced the “Blue Screen of Death” – which caused PCs and servers to enter a recovery boot loop, preventing them from starting properly. Impacted services included Microsoft Teams and Microsoft 365 admin center.
However, CrowdStrike’s Kurtz said just before 6 a.m. EST that the “issue has been identified, isolated, and a fix has been deployed.”
Neuberger said that it’s vital to move “rapidly” in today’s digital world so that individuals can have confidence in the digital systems that we all rely on in our day-to-day lives.
“The irony of this morning is that a major international cybersecurity company was impacted,” Neuberger said. “So, we need to really think about our digital resilience – not just in the systems we run, but in the globally connected security systems, the risks of consolidation, how we deal with that consolidation, and how we ensure that if an incident does occur, it can be contained and we can recover quickly.”
“So, there’s work to be done to build that resilience because frankly, in a physical world, impact could be contained far more narrowly – both in routine impact as well as on the geography of the battlefield. In a digital world, because of that connectivity and the speed, we need resilience to be at the same speed,” she stressed.
“Digital systems have brought so much beauty to human life … But with that importance comes security, so people can trust those systems,” she concluded.
