ACM US Technology Policy Council Releases Statement on CrowdStrike Incident
August 20, 2024
ACM's US Technology Policy Committee (USTPC) has released a “Statement on Mass Cybersecurity Incidents Likely to Recur.” On July 18, 2024, CrowdStrike, a US-based cybersecurity technology company, released a sensor configuration update which caused a global outage affecting an estimated 8.5 million computers. Several critical infrastructure sectors including airlines, 911 emergency systems, banks, government agencies, healthcare, and hospitals around the world were impacted.
It is crucial that the details concerning how this error occurred be thoroughly and publicly investigated so that system operators, and technologists and policymakers as well, can draw from this incident the lessons needed to strengthen our cyberinfrastructure, improve incident response programs and remediation processes, develop protocols for automatic software updates, improve international coordination and cooperation, and develop claims processes for such incidents.
The global nature of the outage also highlights the need for improved international cooperation and coordination. Legislators and regulators in countries with affected operations will surely be examining how best to protect their companies and citizens from similar outages going forward.