CrowdStrike recently became the very “single point of failure” its executive had warned against just weeks before a catastrophic software update that brought down computers running Microsoft Windows around the world, crippling everything from airlines to banks in the process.
PCMag reports that on July 19, 2024, the cybersecurity world witnessed an ironic turn of events when CrowdStrike, a prominent player in the industry, found itself at the epicenter of a global computer crash. This incident came just weeks after one of its top executives had cautioned against the dangers of relying on a single provider for critical IT functions.
Drew Bagley, CrowdStrike VP and counsel for privacy and cyber policy, spoke at a Washington Post “Securing Cyberspace” event in June, where he emphasized the risks associated with organizations depending too heavily on a single vendor for their IT needs. His words, intended as a warning, now seem eerily prophetic in light of recent events.
During his talk, Bagley stressed the importance of resilient digital architecture and secure software deployment. He cautioned, “We must develop code in a secure manner and verify its progeny. However, it is critical too that we deploy software in a resilient manner, one that reduces rather than increases risk in our digital ecosystems.”
The crux of Bagley’s argument centered on the concept of a “single point of failure.” He painted a scenario where an organization’s entire IT stack — including operating system, cloud services, productivity tools, email, chat, collaboration platforms, video conferencing, browser, identity management, and even security — could all be provided by a single vendor. In such a case, Bagley warned, “the building materials, the supply chain, and even the building inspector are all the same.”
At the time, industry observers interpreted Bagley’s comments as a thinly veiled critique of Microsoft, referencing the Cyber Safety Review Board’s critical assessment of the tech giant’s security culture. This followed compromises of government email systems by China-backed hackers in the previous summer.
However, the events of July 19 shifted the focus dramatically onto CrowdStrike itself. A botched update to the company’s Falcon software caused Windows PCs worldwide to crash, leaving many computers stuck in a boot loop. The recovery process proved to be time-consuming and labor-intensive, with Microsoft suggesting that affected systems might need to be rebooted up to 15 times in succession.
This incident transformed CrowdStrike into a perfect example of the very risks Bagley had cautioned against. The company’s software update became the “single point of failure” for numerous organizations, demonstrating how even a security provider can inadvertently become a vulnerability in the systems it’s meant to protect.
As organizations grappled with the fallout from the CrowdStrike update, Bagley’s closing remarks from his June speech became even more significant: “We can no longer tolerate solutions or architectures that risk crumbling from a single point of failure.”
Read more at PCMag here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.