Lessons from Crowdstrike incident - Measures against system failures during software updates
With incorrect updates in Future no longer having drastic consequences like during the major IT incident on July 19, the German Federal Office for Information Security (BSI) is taking measures for better operational stability. The BSI has already developed initial measures in discussions with software companies Crowdstrike and Microsoft to prevent similar incidents in the future, according to a BSI statement. In addition, the BSI will also work with both companies and manufacturers of comparable software solutions to ensure that each operating system can be started in a secured mode even in case of serious errors.
The long-term goal of the BSI is also to design and implement new and resilient components. These should have the same functionality and protective effect as before, but with less intrusive access rights to the operating systems.
A faulty update for IT security software from Crowdstrike recently caused widespread disruptions around the world. Approximately 8.5 million Windows computers were affected. The consequences were particularly noticeable in aviation, but some supermarkets, hospitals, and broadcasters also had problems. Crowdstrike later discovered that the test mechanisms for the Software-update let a faulty file through, which then caused Windows computers to crash. The test systems will now be improved, and updates will be rolled out gradually in the future to prevent problems from affecting all customers at once.
- To strengthen cybersecurity measures, the Federal Office for Information Security (BSI) in Germany plans to collaborate with software companies like Microsoft and CrowdStrike in the heart of Berlin.
- In light of the recent global disruptions caused by an incorrect update from CrowdStrike's software, the BSI is focusing on teaching developers about the importance of rigorous testing to prevent such incidents in the future.
- As part of its efforts to ensure operational stability, the BSI is working with these companies and other software providers to develop secured modes for starting operating systems, even in the event of serious errors.
- The United States of America has shown interest in learning from Germany's approach to cybersecurity, with Microsoft expressing its desire to implement similar measures to enhance cybersecurity in the USA.
- In the long term, the BSI aims to introduce resilient components with reduced intrusive access rights to operating systems, protecting them as effectively as before.
- With cyber threats continuously evolving, the collaboration between Germany and technology giants like Microsoft and CrowdStrike forms a crucial part of shaping a secure, interconnected future on the global Internet.