We want our software to be interconnected. We expect to withdraw money from an ATM in Paris, use our charge card to pay for dinner in Tokyo, and get our boarding pass on our phone in Singapore. It’s all enabled by a technology and network infrastructure that connects computers worldwide. The convenience is unparalleled in human history, but there is a downside.
A faulty software update issued by the security company CrowdStrike has shut down businesses, hospitals, airlines, banks, and institutions around the world. I will leave it to the experts to determine the exact cause and the steps needed to fix it, but we have to ask how it is that the tech industry has created a situation where one person performing one update on one piece of software can effect millions of people around the world? And if it’s so easy to do by mistake, imagine what can our adversaries can do when they try.
From the New York Times, “The fallout, which was immediate and inescapable, highlighted the brittleness of global technology infrastructure. The world has become reliant on Microsoft and a handful of cybersecurity firms like CrowdStrike. So when a single flawed piece of software is released over the internet, it can almost instantly damage countless companies and organizations that depend on the technology as part of everyday business.”
This was just one bit of software that was instantly transmitted around the world, faster than a virus, causing billions of dollars in damages. This software operates at the deep “kernel” level within computers running Microsoft Windows, and has a critical influence over the operation of the computer and its components. It works at this level in order to better be able to detect cyberattacks, but it also means that it has a much bigger impact upon the computer and makes it very difficult to fix.
How could something even be designed to affect so many all at once when it goes awry? And you’d think an update that had such a wide effect would undergo extensive testing before it was released to the world. Didn’t anyone ever think this through when it was designed? Apparently there was a total failure to imagine these apocalyptic scenarios.
But this is not unique, nor is it the first time we’ve seen a failure of imagination in technology that leads to unexpected results. Facebook said they never expected it to be used for nefarious purposes; their intent was simply to bring people together. We know how that’s worked out.
Tech companies don’t put nearly as much effort to plan for their product’s misuse as they do in loading it with features. Perhaps it’s wishful thinking to not plan for and spend what’s needed to prevent these situation, because the more bad scenarios they imagine, the more work is needed to develop countermeasures, which eats into profits. Keeping it out of mind and doing nothing is rewarded with fatter profits.
What’s really scary is we now have AI founders saying much the same about artificial intelligence. They tell us they will be wise and careful about employing iAI technology and we should just trust them. In fact, a group of employees responsible for safety, recently quit Chapt GPT because they had their resources cut. These AI companies are even pushing back at some very basic safety regulations being proposed by our government.
When it comes to hardware, companies have to certify its safety and performance by testing and getting approval from the FCC, UL and other regulatory agencies. We at least can see and touch the product and figure out its risks. Not so with software. It’s too complicated for others to assess its risks. We need to trust the companies.
Software companies generally make huge profits from the sale of software; the cost of goods goes to zero once the development is paid for. And many companies are so large and dominant, there is little competition. As a result, when there’s a failure, they rarely are penalized or suffer any long lasting effects.
What’s the repercussions here? The CEO of CloudFlare makes an apology, they fix the problem, and business proceeds as usual. If CloudStrike had competition, insuring that some percentage of systems would always be running, the world would be better off.