CrowdStrike: Massive, Unknown Firms Secretly Control Lives

The world is saturated by services and products provided by companies that have a "secret grip" on the way we live. In 1951, the French-born American industrial designer Raymond Loewy described a typical day "of the average guy" from the moment he wakes up until he goes to bed. The point being that the average guy's life was saturated with designed products.

Author

  • John Bryson

    Professor of Enterprise and Competitiveness, University of Birmingham

In 2024, the average person may be woken by an alarm on a smartphone, and benefit from hot water that is controlled by smart heating controls - also linked to a smartphone and the internet. There might be a delivery tracked via the internet and a ring on a doorbell also linked to the internet. Online banking links them to an array of financial services.

Our lives are increasingly dependent on being able to access what I have termed the "cyber-energy-production plexus". This "plexus" is basically an interwoven combination of elements that form a structure or a system. Regulating our modern lives, it needs to be "on" every second of the day.

It has formed around the multiple connections between telecommunications, energy, and manufacturing and service systems. It exposes everyone to unknown risks, including the sudden failure of the plexus and all the services coupled to it.

On July 19 2024, part of this plexus failed when the faulty CrowdStrike software update caused an outage, and the outcome was a minor digital pandemic across the world as the computer systems of whole industries came to a halt.

Consumers and producers began to appreciate how dependent they had become on interlinked technologies. The next digital pandemic could bring down the complete plexus for a few hours or even days.

Hidden grip

Perhaps unsurprisingly, the internet is at the centre of this plexus. There are more than 1,000 companies like CrowdStrike, whose actions can negatively impact on its functioning.

This of course includes the obvious names - Microsoft, Alphabet (Google, Google Cloud), Amazon, and Meta (Facebook). There are also less well-known companies like Cloudflare, which provides cloud cybersecurity services and domain name system services. Any disruption to Cloudflare results in problems accessing the cloud and disruption to the internet.

Then there are companies like Lumen Technologies, the US telecoms company that plays a critical role in global network connections. Lumen Technologies operates a tier one network. Tier one networks are the "motorways of the internet" as they provide high-capacity critical global links.

There are around 14 tier one networks. Any disruption of them would result in the fragmentation of the internet into smaller isolated networks that would be disconnected from one another. Without the tier one networks, tier two networks would be left to provide service support - and these operate only regionally or nationally.

The list also includes companies like Swift, which facilitates cross-border payments. More than 11,000 financial institutions are connected to Swift, and this company plays a central role in the global financial ecosystem.

Any disruption to Swift could spark chaos, with problems transferring money around the world or some financial institutions experiencing duplication of payment transfers.

Then there are telecommunications companies, such as Verizon, Rogers or BT. Both Verizon (2019) and Rogers (2022) have been involved in localised internet outages of short duration. Rogers, the Canadian telecommunications company, updated its network in 2022 and the outcome was a one-day outage that impacted on the country's critical infrastructure - debit payments, banking services and even hospitals and emergency service calls.

The plexus is configured around satellites and around 1.5 million kilometres of submarine fibre-optic cables that connect continents but which people are largely unaware of. Something like a natural disaster could damage these cables at any time, causing a catastrophic failure.

And there is a symbiotic relationship between the plexus and energy generation. Power failure could be a result of a fault with the plexus, which itself cannot operate without power.

The complexity of the plexus means that it is vulnerable to human error, as appears to have been the case in the CrowdStrike event. Then there are equipment failures and maintenance issues. Bad weather can also impact its operation, causing localised outages.

On top of all this it could be vulnerable to various types of cyberattacks, such as malware or border gateway protocol hijacking. In addition, tier one network cables are critical global infrastructure and can be damaged accidentally or targeted by terrorists or hostile military forces.

For people, companies and governments the key is to have contingencies in place to be prepared for failures and outages. But most of us are unprepared.

Any long-term disruption to the plexus would make everyday living exceedingly difficult, with the potential for looting and disturbances if, for example, internet-connected alarms were hit.

In the most severe cases - thankfully not seen in the CrowdStrike incident but tragically present in the case of internet outages in Sudan when emergency food supplies were disrupted - plexus failures can even cause death.

All this suggests that while there are undeniable advantages from the evolution of the cyber-energy-production-plexus, there remain a great many known and unknown risks.

The Conversation

John Bryson does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

/Courtesy of The Conversation. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).