Monthly Archives: July 2024

Cyber security, Economic, Government, Internet, Society, Technology

CrowdStrike: The risk is ours

INTERNET SECURITY

THE bleak lesson from the devastating global computer breakdown on Friday 19 July – which grounded flights, crashed payment systems, crippled NHS surgeries and hospitals, disconnected phone lines, and knocked media outlets off air – could have been even worse. With no end in sight, this malfunctioning has been dubbed the “digital pandemic” and has already incurred colossal costs in time and money.

To those unversed in the intricacies of computer technology, the speed and extent of the disaster are almost incomprehensible. Surely, many will say, computer systems should be designed to avoid crashes on this scale at all costs. We would not accept planes, trains, or automobiles that dysfunction so badly.

But the truth is when it comes to computers, we accept inherent levels of risk that would be utterly intolerable elsewhere. The technology companies’ profits soar and, when things go wrong, we – the digital serfs of this brave new world – must humbly accept the cost and inconvenience that our masters inflict on us.

To appreciate the scale and complexity of the problem, consider this thought experiment.

Imagine if we allowed almost every traffic light in the world to be made by the same manufacturer. Worse, imagine that all of them were made with a remote-controlled switch that turned them to red. And – catastrophically – that a simple error at the manufacturer or one of its suppliers could trigger this switch all over the world.

Traffic would be instantly gridlocked on every continent. To repair these traffic lights, technicians would in many cases have to dismantle them and fiddle around in the works.

That, in crude terms, is the story of CrowdStrike in this computer breakdown and collapse. Most computers in the world use Microsoft – which makes the ubiquitous Windows operating platform, as well as Word, Excel, and the Teams video-calling system. Many Microsoft customers also rely on other software – in this case the Falcon Sensor program provided by the cybersecurity firm CrowdStrike.

Security software protects computers from attack, typically by screening incoming data to ensure that it does not include “malware” – malevolent programs that steal data, freeze computers, or scramble their contents.

To work properly, these programs must operate unhindered on our computers, phones, and tablets. And to protect against new threats, they must update regularly – and automatically. In this current incident, one of the automatic software updates from CrowdStrike contained a simple, devastating error. Automatically installing on computers that run Windows, it crashed affected devices, triggering a page containing Windows’s error message – the so-called “blue screen of death”.

The result: the world suddenly had to switch to cash payments and handwritten boarding passes, while shops were forced to shut, medical appointments cancelled, and aircraft at airports grounded.

It is little comfort that George Kurtz, the co-founder and chief executive of CrowdStrike, says he is “deeply sorry”. Fixing the problem will not just take hours, but days or even weeks. At best, computers will need to be switched on and off again, allowing a new update to install. At worst, affected machines will need hours of specialist attention.

Nor will it be any comfort to furious customers around the world that CrowdStrike’s share price has crashed, knocking £10billion off its £65billion capitalised market value.

It could have been far worse.

This does not appear to have been a cyber-attack by a foreign power. Microsoft systems in countries all over the world, including Russia and China, were affected.

Nor was it the work of cyber-criminals. The faulty update did not scramble our databases, leaving us open to ransom demands from crime gangs in return for a key to recover our information.

Nor – unlike many recent cyber-attacks – did it whisk our most precious private information away to the Chinese Communist Party’s spy services in Beijing.

A far worse – and narrowly avoided – cyber-attack earlier this year could have given our enemies the master key to hundreds of millions of computers around the world, enabling them to wreak deadly havoc. Known in tech circles as the “xy” attack, it involved a little-known but ubiquitous program that compresses data to improve efficiency.

This attack, probably the work of Russian spies, was uncovered and stopped by chance at the last minute. And because in the end the damage was minimal, it attracted almost no public attention.

That was a near-miss. Far worse was the SolarWinds attack, exposed in 2021. Hackers – almost certainly Russian – bugged an update issued by Microsoft for a widely used program. The targets were Western (chiefly American) defence and other government networks. The cyber raid also exposed data from the U.S. Treasury, Justice, and Commerce departments, and thousands of Wall Street’s top companies.

The internet has become the central nervous system of our civilisation. Yet it was never designed or intended for this. It was built to promote academic cooperation and technological innovation, not global security. It is wide open to abuse by pranksters, fraudsters, and rogue states.

A handful of operating systems and software that updates remotely and automatically create a sitting target.

We would hardly accept such a concentration of risk in other walks of life, especially if we had no control over the decision-makers in such systems, and almost no redress if they made mistakes. With most other products and services, you can sue the provider if there’s a malfunction – and gain additional compensation for any damage caused. Not computers.

Unlike other parts of our technological universe, computers, phones, and software are not sold with proper guarantees. The manufacturers can shrug at their products’ shortcomings.

Buried in the terms and conditions are clauses that exempt the manufacturer from almost all liabilities.

One might well ask how on earth we got to such a parlous state of affairs.

One reason is greed: tech giants like their profits. They lobby hard for their privileged status, just as they do for the right to sell our attention to online advertisers – and to resist demands for proper age verification on social media platforms like TikTok.

But a deeper reason is that we have been naïve and complacent in our headlong embrace of new but untrusted technology. We have prized innovation and convenience ahead of security.

These risks, we were told, were the price of admission to the brave new world of computer wizardry. Maybe. But we are paying heavily for it.

In the case of this cyber meltdown, the culprit was carelessness. But suppose the perpetrator had been some rogue regime, perhaps distracting us at a moment of geopolitical tension?

Imagine that this outage had stopped the trains running, frozen all cash machines and, for that matter, turned all our traffic lights to red – or worse, green.

We would have nobody to blame but ourselves.

Standard
Britain, Economic, Government, Politics, Society

Sir Keir Starmer and the UK Labour Party

BRITAIN

FOR the first time in 14 years, and following an accurate exit poll, we have a Labour government. As protocol states, Sir Keir Starmer travelled to Buckingham Palace for an audience with King Charles III. In that historic setting, the Monarch invited Sir Keir to formally become the 58th Prime Minister of the United Kingdom and to form a Government.

The people of the UK have spoken, and Labour has convincingly won the election by a healthy majority.

There are many others, of course, who will be disappointed. But it is important to remember that our democracy can only function if the losers of a free and fair election graciously accept the result. As they have.

There is little doubt Sir Keir has turned his party around since becoming its leader.

Previously, it was slipping towards irrelevance under Jeremy Corbyn. Sir Keir set about expunging its Marxist policies and MPs, and has tackled the scourge of anti-Semitism with some success.

Transforming Labour into the party it is today has surely tested his mettle. Yet it is now that the hard work really needs to begin.

However, other than saying he puts “country first, party second” and wants “change”, Sir Keir has left voters with little clue about what he intends to do in power or how he would tackle the country’s many problems.

Wealth creation is his priority, but we know he will saddle business with a slew of new rules and obligations, while driving rich foreigners overseas by abolishing non-dom tax status.

Relying, as he does, on faster economic growth to pay for better public services is welcome. But what will fuel such a miraculous turnaround?

Of course, creating a stable political environment can help. Trade union reforms put forward by Angela Raynor, however, and a plan by Labour to give workers more rights, would likely inhibit that progress.

As a result, the party will inevitably need to raise money to fund its “agenda for change”.

Since it has pledged not to borrow more and will not slash public spending, the answer is likely to be taxing businesses, pensions, property, and inheritance. The politics of envy may soon surface.

Despite Sir Keir’s insistence that Labour can be trusted with defence, he has refused to commit to boost our dangerously depleted military to 2.5% of GDP. And that raises questions of whether the UK will be in a position to continue helping Ukraine in its war with Russia.

On soaring levels of immigration, which is putting intolerable strain on public services and social cohesion, and Sir Keir saying he will scrap the Rwanda scheme for illegal immigrants, Labour has offered no fresh thinking.

Other questions are multiplying. Given the need for energy security in a volatile world, is Sir Keir really going to ban new drilling licences for North Sea oil and gas? And what of Labour’s dogmatic target to decarbonise electricity by 2030? Quite clearly, that would risk the lights going out.

And will Sir Keir defend the ancient freedoms of the press? That’s essential in holding the powerful to account in a free and democratic society like the UK.

The millions of voters that have given him the landslide victory, Sir Keir must use it for the good of the whole nation – not just Left-wing interest groups.

For the Conservative Party, a disaster at the ballot box never seen before in its history, must lead to a period of reflection.

Over the years, the Conservatives have boasted of being a broad church, encompassing a wide range of views. Today, the congregation seems to have no unifying creed at all. This schism will continue with members moving to the far-right Reform UK Party led by Nigel Farage unless solutions can be found in stabilising traditional Conservative values and principles within the party.

Standard