Experts at Loughborough University have reacted to the IT outage that affected 8.5 million computer users last week.
Due to its effect across the world, the IT outage could potentially be the worst in history.
The glitch came from a security company called CrowdStrike, which sent a corrupted software update to its large number of customers.
Andrew Peck, a cyber resilience PhD researcher at Loughborough University, commented: “Waking up to discover that chunks of the digital infrastructure we rely on are not functional is a seemingly increasing feature of the cyber-physical infrastructure that modern economies and societies depend on.
“Companies that still don’t have these strategies in place will be watching the relative success of their rivals today and realising that this has to become part of what they do.”
A ‘critical gap’ in cyber infrastructure
The recent IT outage highlights a critical gap: while experienced users can implement the workaround, expecting millions to do so is impractical.
Professor Oli Buckley, a cybersecurity professor, explained: “The real challenge lies in deploying the workaround across all affected systems – a non-trivial task demanding coordinated efforts so a proper patch can be put in place.
“This an Endpoint Detection and Response Platform, and has had the knock on impact of affecting those running Microsoft software. As we are incredibly reliant on Microsoft products this is causing such widespread issues.”
He added: “This is a complex bit of software that can update the way a system behaves to try and keep them safe from attack.”
Can we prevent another IT outage?
The repercussions of this event highlight the important work needed at government and policy levels.
“I expect UK Government ministers and their advisers that are about to start drafting the Cyber Security and Resilience Bill – announced in the King’s speech – to be watching this incident closely to work out what mandatory frameworks and measures they want to make part of UK law going forward to insulate the economy and society from shocks like this,” Andrew said.
“It’s important to note that this incident doesn’t appear to be malicious, and I’d expect to see the Bill account for that with requirements for governance, oversight and checks within our digital supply chains in the same way that legislation around GDPR defines and places responsibility on data controllers and processors.”
