boot On Thursday A routine software update that had a ripple effect for days afterward caused record freezes in many parts of the world. Cybersecurity vendor CrowdStrike, deployed on Microsoft systems, installed an update that analysts said likely compromised quality. testresult, Estimated 8.5 million Computers have become perhaps the biggest cyber event in history.
Affected were Microsoft-based systems vital to the online operations of banks, hospitals, police forces, major airlines, television networks and government agencies, canceling flights and surgeries, closing courts and government offices and creating new vulnerabilities for hacking. Federal Government.
The government shutdown has highlighted Americans' collective cybervulnerability and how our reliance on trillion-dollar technology companies could put national security at risk.
Technology providers who support the infrastructure on which the public and private sectors depend have a responsibility to keep us safe and secure. In 2023, the Director of the Federal Cybersecurity and Infrastructure Security Agency will Jen Easterly They proposed holding technology companies that sold vulnerable products accountable, which, had such accountability measures been implemented, may have prevented CrowdStrike's global outage.
The rapid concentration of power in tech companies poses challenges for government and society. Companies that have reached unprecedented size and valuations of trillions of dollars control the digital infrastructure that people rely on at least as much as the mail or trash collection. Tech companies now operate or help operate communications, commerce, and other services with more agility than federal agencies. But they also operate with less regulation and public oversight, and are for-profit.
The market dominance of the technology sector More than 10% of the U.S. economy. in 2024Microsoft has $211.91 billionOther tech giants are even bigger Numbers: Amazon $574.78 billion, Apple $383.28 billion, Alphabet (Google) $307.39 billion. (Meta Platforms (formerly Facebook) reported $134.9 billion.)
Most of these profits go to lobbying and paying fines for safety and antitrust violations, rather than investing in cybersecurity and other improvements that would mitigate consumer harm. In 2023, tech giants will make at least $10 million Each of them is focusing on lobbying activities. $3 billion fine The company has reached a settlement after facing lawsuits from the Department of Justice and the Federal Trade Commission for violating European digital antitrust laws. Meanwhile, the economic impact of poor software quality in the U.S. in 2022 is estimated to be at least $2.41 trillionAccording to the Information and Software Quality Consortium.
Software-related failures can be avoided in several ways. Diversifying your technology contractors and options strengthens resilience and reduces risk. In contrast, if everyone relies on just a few providers, even a single failure can have a significant impact. CrowdStrike, one of the largest cybersecurity companies in the United States, is an example of this problem. Half of the Fortune 500 Treat businesses as customers.
Equally important is cybersecurity redundancy: multi-layered security measures and backup systems that ensure continued protection and functionality even if one layer fails or is compromised. Building such redundancy may require an initial cost for a business, but it is an investment that helps maintain trust between the business and its customers. Javad Abed“The cybersecurity expert and assistant professor of business at Johns Hopkins University told USA Today:
Approximately two-thirds of reported software vulnerabilities in commonly used programming languages result from memory-related security flaws, such as incorrect allocation or freeing of memory space that could allow unauthorized access or execution of malicious code. Earlier this year, The White House — which is remarkable given how often the government lags behind on technology issues. — Urged The spread of “memory safety” Programming languages such as RustLanguages like C, Go, Python, and Java protect against certain types of bugs related to how they use memory. But Microsoft and other big tech companies continue to rely on C/C++, along with other languages, because they're fast and are used to develop firmware, the programs that are embedded into hardware memory to help devices work. It's worth sacrificing some convenience to avoid catastrophic security flaws.
Finally, U.S. regulations need to be updated in line with Easterly's recommendations to increase accountability for tech companies. U.S. antitrust law should focus not only on pricing and competition, but also on the enforcement of regulations and the enforcement of antitrust laws. Avoiding economic damage Covers data privacy and security. Safe by design It shifts the onus onto vendors to deliver secure products from the get-go. In the European Union, regulators are prioritizing cyber resilience. Digital Operation Resistance ActThe law, which will come into effect in 2025, aims to establish strict requirements to enable the financial sector to deal with information and technology threats.
Only by demanding the highest standards from our technology providers can we continue to enjoy the advancements of an interconnected world without fear of avoidable (and possibly life-threatening) disruptions.
Heidi Bogosian is an attorney and upcoming book author. ““Cyber Citizenship: Saving Democracy Through Digital Literacy”
