By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    Hamas says last living American hostage in Gaza will be released in truce efforts – National
    Hamas says last living American hostage in Gaza will be released in truce efforts – National
    May 12, 2025
    At long last, South Seattle celebrates a ‘crown jewel’ high school
    At long last, South Seattle celebrates a ‘crown jewel’ high school
    May 12, 2025
    Trump reportedly is set to accept a jet from Qatar’s ruling family for possible use as Air Force One
    Trump reportedly is set to accept a jet from Qatar’s ruling family for possible use as Air Force One
    May 11, 2025
    US-China talks resume as Trump hails ‘total reset’ in trade relations
    US-China talks resume as Trump hails ‘total reset’ in trade relations
    May 11, 2025
    UK plans to end ‘failed experiment’ in immigration
    UK plans to end ‘failed experiment’ in immigration
    May 11, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    White House claims ‘substantial progress’ on China trade deal
    White House claims ‘substantial progress’ on China trade deal
    May 12, 2025
    XRP, Dogecoin surges as Bitcoin Pepe launch nears
    XRP, Dogecoin surges as Bitcoin Pepe launch nears
    May 12, 2025
    Pepe price jumps 40% on Bitcoin rally
    Pepe price jumps 40% on Bitcoin rally
    May 12, 2025
    Crypto Weekly Roundup: Ethereum Pectra Upgrade Goes Live, Meta Mulls Stablecoins, & More
    Crypto Weekly Roundup: Ethereum Pectra Upgrade Goes Live, Meta Mulls Stablecoins, & More
    May 11, 2025
    Analyst Tips Ethereum To Rival Bitcoin In The Long Run
    Analyst Tips Ethereum To Rival Bitcoin In The Long Run
    May 11, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: ‘Blackswans’ take flight: the legal ramifications of the CrowdStrike incident  
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > ‘Blackswans’ take flight: the legal ramifications of the CrowdStrike incident  
‘Blackswans’ take flight: the legal ramifications of the CrowdStrike incident  
Technology

‘Blackswans’ take flight: the legal ramifications of the CrowdStrike incident  

Published August 15, 2024
Share
8 Min Read
SHARE

Contents
Was CrowdStrike a ‘Black Swan’ event?Risk of single points of failureCould Microsoft have rejected the update?Predictable failures 

Public admission of failure takes courage. In trying to limit reputational damage to his cybersecurity company, CrowdStrike president Michael Sentonas certainly demonstrated chutzpah by accepting an award for the Most Epic Fail at the recent Pwnie Awards awards. The tactic seems to have worked: Sentonas was cheered by those attending the DEF CON event for publicly owning his company’s mistakes. 

“Definitely not the award to be proud of receiving,” Sentonas told delegates in his acceptance speech. “I think the team was surprised when I said straight away that I’d come and get it because we got this horribly wrong. We’ve said that a number of different times and it’s super important to own it when you do things well. It’s super important to own it when you do things horribly wrong, which we did in this case.”    

But beyond this astute PR move, the legacy of the CrowdStrike incident is deadly serious. On 19 July, the world experienced one of the biggest ever IT outages when a faulty software update to Crowdstrike’s vulnerability scanner, Falcon Sensor, led 8.5 million systems running Microsoft Windows to crash. Globally, IT infrastructure malfunctioned, creating havoc and financial loss for individuals and organisations.

The most serious such event since the NotPetya cyberattack in 2022, its impact was enormous: the faulty update caused global computer outages that disrupted air travel, banking, broadcasting, hotels, hospitals and other vital services. Insured losses are estimated to be more than $10 billion; actual losses may be far greater with the absence of cover affecting thousands of SME businesses. 

Central to determining where liability rests will be the question of foreseeability. Numerous individuals would have known that this software was critical for interconnected and dependent organisations worldwide, and that they would be seriously affected by a faulty update. It is therefore self-evident that vendors should have adequate procedures in place for updating software, which include how each update is developed and tested before it is distributed to users.

Was CrowdStrike a ‘Black Swan’ event?

So, was this a Black Swan event – unpredictable beyond what could reasonably be expected? Such events are usually characterised by their rarity, the severity of their impact, and the general perception that they were obvious in hindsight.

Opinion is divided on whether events like CrowdStrike are, in fact, becoming more common, and therefore more predictable. Certainly, innovators who experiment in a haphazard fashion are more likely to increase the incidence of such events, making them less unpredictable. Restrictions may stifle creativity, but innovators who fail to take adequate precautionary steps to prevent predictable events may also face serious legal consequences. 

Debate will rage about what testing processes should be mandatory for those launching cybersecurity updates, especially when issuing these updates at speed is necessary to protect against new cyber threats. When explaining the potential vulnerability of different systems, IT industry commentators invariably point out that such updates may need to be launched multiple times a day. 

Similarly, other interdependent systems may also be updated multiple times a day with devices receiving updates in a different order or timescale. Commentators argue that the real world cannot deliver a perfect test environment, and if updates go wrong, third and fourth-party exposure can be expected alongside potential supply chain fallout. From a lawyer’s perspective, this ‘guinea pig’ approach to technology creates a nightmare scenario of potential class actions. 

Risk of single points of failure

Risks are further amplified by any technology that has a prominent or dominant market share. Here, potential single points of failure can result in systemic events that ultimately produce simultaneous claims from a very large number of claimants: one deficient small cog can bring global IT infrastructure to a halt.

 Such a single point of failure can have an extraordinarily wide impact with potentially catastrophic cumulative losses. From a legal perspective, questions arise about mitigating the risks of a single point of failure in a complex, global IT supply chain, and whether these risks are adequately assessed.

Issues of agency and delegation also arise. The represented security of a system when interfacing may not only block freeze the system, but also open it up to attack. In scope and scale, the net effect of the CrowdStrike outage was equivalent to an attack on a global supply chain by a malicious actor.

Perhaps the issues faced as a result of NotPetya and other malicious cyber-attacks simply foreshadow the impact that future cyber events might deliver. 

Could Microsoft have rejected the update?

It is also important to consider the link between CrowdStrike and Microsoft. In particular, there is the question of whether Microsoft’s operating system was capable of rejecting the update, and reverting to a previous version. If it could, why did that not happen? 

 Although it is unclear as to precisely how the MS system could revert to the previous version in order to achieve this outcome, AI experts constantly remind us that the system can be compared to a super brain that calibrates itself in order to resolve problems. If that is true, is the super brain still engaged or are we listening to the wrong AI experts?

In a recent blog, industry commentators refer to Microsoft’s comments on the challenge of third-party vendors pushing out updates which operate in the low-level operating system. They suggest that changes could be made so that third-party applications operate higher in the operating system, easing the management challenge of such issues: for example, the ability to reject updates which cause blue screens and the need to roll back to the previous version.

Predictable failures 

Across the IT sector, some argue that disaster could have been averted by more rigorous testing of security updates and the staggering of update releases to smaller groups or upgrade ‘rings’. From a legal perspective, it is impossible to ignore the fact that everything seems too predictable, especially given the endless discussions over many years about the dreaded blue screens.    

Given the complexity, novelty (and predictability) of industry practices, together with the scale of attendant risks (including legal rights and obligations), the IT sector must give full consideration to its responsibilities in preventing further catastrophic losses resulting from systemic failure and cybersecurity risks.

 Hermès Marangos is a Partner at Signature Litigation

 

#Blackswans #flight #legal #ramifications #CrowdStrike #incident

TAGGED:BlackswansCrowdStrikeflightIncidentlegalramifications
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article 5 Things to Know Before the Stock Market Opens 5 Things to Know Before the Stock Market Opens
Next Article Candy laced with ‘potentially lethal’ dose of meth given out by New Zealand charity – National Candy laced with ‘potentially lethal’ dose of meth given out by New Zealand charity – National
- Advertisement -

Latest Post

Hamas says last living American hostage in Gaza will be released in truce efforts – National
Hamas says last living American hostage in Gaza will be released in truce efforts – National
World News
White House claims ‘substantial progress’ on China trade deal
White House claims ‘substantial progress’ on China trade deal
Cryptocurrency
At long last, South Seattle celebrates a ‘crown jewel’ high school
At long last, South Seattle celebrates a ‘crown jewel’ high school
World News
XRP, Dogecoin surges as Bitcoin Pepe launch nears
XRP, Dogecoin surges as Bitcoin Pepe launch nears
Cryptocurrency
Pepe price jumps 40% on Bitcoin rally
Pepe price jumps 40% on Bitcoin rally
Cryptocurrency
Trump reportedly is set to accept a jet from Qatar’s ruling family for possible use as Air Force One
Trump reportedly is set to accept a jet from Qatar’s ruling family for possible use as Air Force One
World News
- Advertisement -

You Might Also Like

Transformers One’s First Clip is Very Pretty and Very Silly
Technology

Transformers One’s First Clip is Very Pretty and Very Silly

July 15, 2024
Zepto hits B valuation as quick commerce heats up in India
Technology

Zepto hits $5B valuation as quick commerce heats up in India

August 14, 2024
NHS must embrace robotics and AI to be fit for future, surgeons warn | Science & Tech News
Technology

NHS must embrace robotics and AI to be fit for future, surgeons warn | Science & Tech News

August 6, 2023
Layoffs by the numbers: Tracking companies laying off workers
Technology

Layoffs by the numbers: Tracking companies laying off workers

July 29, 2023

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?