The latest CrowdStrike IT outage served as a gown rehearsal for a possible cyber-attack on essential infrastructure that would probably be orchestrated by a nation-state like China.
The CrowdStrike IT outage was a helpful train in what could occur if China had been to behave in a disruptive method in opposition to essential programs.
“It’s actually about constructing resilience into our networks and our programs in order that we are able to stand up to important disruptions and no less than drive down the restoration time to have the ability to present providers,” Jen Easterly, director of the US Cybersecurity and Infrastructure Safety Company (CISA) mentioned throughout a briefing at Black Hat USA 2024.
“I assumed the CrowdStrike outage was a helpful train, like a gown rehearsal, for what China could need to do. If one thing like that occurs once more, we’ve got to have the ability to reply and get well very quickly in a world the place the content material replace will not be reversed.”
The Volt Hurricane Precedent
In Could, CISA issued an update in regards to the imminent risk posed by Folks’s Republic of China (PRC) state-sponsored cyber actors often called Volt Hurricane. The advisory confirmed that Volt Hurricane has been actively infiltrating networks of US essential infrastructure organizations.
This infiltration will not be for espionage, knowledge theft or IP theft, however in an effort to launch a disruptive assault within the even of a serious battle within the Taiwan Strait.
The UK’s Nationwide Cybersecurity Centre (NCSC) has additionally issued stark warnings about potential Volt Hurricane, which might lay the groundwork for disruptive or damaging cyber-attacks.
Since issuing such statements, CISA is now seeking to discern if this has pushed the Volt Hurricane actors into a spot the place they can not discover them anymore, or altering their techniques and methods.
“I don’t suppose we’ve got seen any materials adjustments but,” Easterly mentioned.
CISA Classes Realized from the CrowdStrike Outage
Throughout the world IT outage on July 19, attributable to a content material replace to CrowdStrike Falcon sensor resulting in Microsoft Home windows Working Programs outages, CISA labored with CrowdStrike to supply mitigation steerage to these affected.
In coping with the problem, Easterly described three learnings from the CrowdStrike incident.
“As a group, we had been fairly properly linked when it comes to having a turnkey course of to achieve out to each the expertise firms and the essential infrastructure in a short time,” she mentioned.
“Second, it strengthened what we’ve been saying in regards to the significance for expertise distributors to design, develop, take a look at and deploy software program that’s safe by design. We noticed that cyber distributors aren’t immune from points round software program high quality,” Easterly defined.
“The massive lesson although… is the resilience, what was going by my thoughts was that that is precisely what China desires to do however with out rolling again the replace,” she mentioned.
For NCSC’s CEO, Felicity Oswald, the CrowdStrike incident highlighted the necessity for organizations to construct resilience in at each stage.
Oswald additionally mentioned NCSC performed a essential position in clarifying that the CrowdStrike outage was not a malicious risk in addition to guaranteeing that the brand new authorities, which got here into workplace in July, was capable of present companies with the knowledge they wanted to cope with the incident.
