The current CrowdStrike IT outage served as a costume rehearsal for a possible cyber-attack on important infrastructure that might probably be orchestrated by a nation-state like China.
The CrowdStrike IT outage was a helpful train in what might occur if China have been to behave in a disruptive method in opposition to important techniques.
“It’s actually about constructing resilience into our networks and our techniques in order that we will stand up to vital disruptions and at the very least drive down the restoration time to have the ability to present providers,” Jen Easterly, director of the US Cybersecurity and Infrastructure Safety Company (CISA) stated throughout a briefing at Black Hat USA 2024.
“I believed the CrowdStrike outage was a helpful train, like a costume rehearsal, for what China might need to do. If one thing like that occurs once more, we now have to have the ability to reply and recuperate very quickly in a world the place the content material replace is just not reversed.”
The Volt Storm Precedent
In Might, CISA issued an replace in regards to the imminent risk posed by Folks’s Republic of China (PRC) state-sponsored cyber actors often called Volt Storm. The advisory confirmed that Volt Storm has been actively infiltrating networks of US important infrastructure organizations.
This infiltration is just not for espionage, knowledge theft or IP theft, however in an effort to launch a disruptive assault within the even of a serious battle within the Taiwan Strait.
The UK’s Nationwide Cybersecurity Centre (NCSC) has additionally issued stark warnings about potential Volt Storm, which may lay the groundwork for disruptive or damaging cyber-attacks.
Since issuing such statements, CISA is now seeking to discern if this has pushed the Volt Storm actors into a spot the place they can not discover them anymore, or altering their techniques and methods.
“I don’t suppose we now have seen any materials adjustments but,” Easterly stated.
CISA Classes Realized from the CrowdStrike Outage
Through the international IT outage on July 19, brought on by a content material replace to CrowdStrike Falcon sensor resulting in Microsoft Home windows Working Methods outages, CISA labored with CrowdStrike to offer mitigation steerage to these affected.
In coping with the problem, Easterly described three learnings from the CrowdStrike incident.
“As a neighborhood, we have been fairly effectively related when it comes to having a turnkey course of to succeed in out to each the expertise corporations and the important infrastructure in a short time,” she stated.
“Second, it strengthened what we’ve been saying in regards to the significance for expertise distributors to design, develop, check and deploy software program that’s safe by design. We noticed that cyber distributors will not be immune from points round software program high quality,” Easterly defined.
“The massive lesson although… is the resilience, what was going by way of my thoughts was that that is precisely what China needs to do however with out rolling again the replace,” she stated.
For NCSC’s CEO, Felicity Oswald, the CrowdStrike incident highlighted the necessity for organizations to construct resilience in at each stage.
Oswald additionally stated NCSC performed a important function in clarifying that the CrowdStrike outage was not a malicious risk in addition to guaranteeing that the brand new authorities, which got here into workplace in July, was capable of present companies with the knowledge they wanted to cope with the incident.
