By John Geracitano
On July 18th, a software patch from cybersecurity firm CrowdStrike tore through Microsoft operating systems, exposing the fragility of our technological networks. This incident didn’t just crash Windows computers; it required manual fixes for each machine, costing an incalculable amount of money and work hours. While shorter in duration, the fallout from this event mirrors the chaos of the COVID-19 pandemic, highlighting two crucial similarities: both events exposed our tenuous global interconnectedness, and both served as breeding grounds for cultivating false narratives and disinformation campaigns.
By examining the impacts and responses to these events, leaders in any organization can better understand how to strengthen their systems and combat misinformation in times of turmoil. The chief lessons learned from these cautionary tales are the peril of single points of failure in an organization and the speed at which falsehoods can travel.
—
The pandemic and the CrowdStrike incident illustrate the dire consequences of centralizing critical functions and the cascading failures resulting from a single disruption point. The interconnected nature of our global systems, whether technological, medical, or supply chain-related means that a problem in one area can quickly escalate and spread, impacting millions.
During the pandemic, we learned how perilous it is to entrust critical systems and commodities to a handful of companies or individuals. The CrowdStrike mishap, while easier to rectify than a global health crisis, serves as a stark reminder that the world is often one misstep away from another catastrophic disruption. This incident illuminated the deepening distrust in official reporting and authoritative sources that has grown over recent years. However, it also underscores the importance of adaptability and resilience in the face of such global crises, empowering us to be better prepared for the future.
The supply chain crisis at major U.S. shipping ports at the pandemic’s outset illustrates a still thriving single point of failure. Medical supplies and toilet paper shortages rippled nationwide, driven by three lightly regulated shipping alliances controlling over 80% of global trade, as well as controlling port operations. These alliances favored giants like Amazon and Walmart, often chartering entire cargo vessels for themselves, which squeezed small-to-medium businesses, jeopardizing their survival. Similarly, the tech industry offers limited options for companies that need their information systems to be available, secure, and interoperate with external entities. Large corporations can better absorb the financial impacts of the CrowdStrike incident, having the IT resources to recover more swiftly than those smaller in size. Both examples highlight the risk of complacent reliance on the few, but also serve as a call to action for proactive measures to prevent future disruptions.
Furthermore, consider the 2022 baby formula shortage, where contamination at a single Michigan plant supplying 20% of the country’s formula led to widespread scarcity. This issue, like the supply-chain crisis, had been festering for years, exacerbated by government policies and profit-driven motives. Employees at the plant likely knew of the risk, just as CrowdStrike staff may have known the patch was not fully tested. In both cases, the actions (or inactions) of a few had far-reaching consequences.
The pandemic revealed numerous lessons about systemic failures, and the CrowdStrike debacle will undoubtedly offer more. While we may now have more PPE stockpiles and built-in redundancies in our information systems, a residual result is the erosion of societal trust. Disinformation, political divisiveness, and distrust in institutions like the CDC and FDA have surged. Likewise, within hours of the CrowdStrike CEO’s admission of fault, conspiracy theories flooded social media, falsely claiming it was a global cyber attack heralding World War III, among others. This underscores the growing preference for sensational falsehoods over factual explanations and highlights the critical importance of transparent communication from trusted entities.
So, what now?
The CrowdStrike incident was preventable, but similar events will inevitably occur again. What immediate measures can you implement to mitigate such risks? The time to act is now, not when the next crisis is already upon us.
Instead of merely feeling prepared for the next crisis, we must act on the lessons learned. Use these cautionary tales to identify single points of failure in your organization. A brief brainstorming session with cross-functional stakeholders can quickly uncover risks and pave the way for improvement. By proactively addressing these vulnerabilities, we can better safeguard against future disruptions, giving us a sense of control in an unpredictable world.
Moreover, we must foster a culture of continuous improvement and vigilance. Organizations should regularly review and update their risk management strategies, ensuring they are robust enough to handle emerging threats. Investing in training and development to build depth and redundancies across all areas is crucial. Additionally, encouraging open communication, where concerns can be raised without fear of retribution, can help identify and address problems before they escalate. Get ahead of the rumor mill and routinely message the facts as they become known to stave off false narratives.
Ultimately, the key to resilience lies in our ability to learn from past mistakes and adapt accordingly. By taking a proactive approach and implementing the lessons from both the pandemic and the CrowdStrike incident, we can build more redundant systems, restore trust in our institutions, and better prepare for future challenges.
John Geracitano is a U.S. Army Signal officer currently serving as a doctoral student at the University of North Carolina at Chapel Hill. Formerly an Armor officer, John’s most recent positions include Deputy G6, Brigade S6, and Task Force Operations Officer.
