CrowdStrike Outage Puts Spotlight on Cyber Resiliency, Continuous Assessments

The CrowdStrike and Microsoft outage that impacted systems across government agencies Friday highlights the importance of building cyber resiliency and continuous assessments to prevent future incidents.

“We’re past the point where we can handle triage as a strategy. [Attacks and outages are] our new normal, unfortunately,” said Gentry Lane, CEO of Nemesis Global and former team member at NATO’s Science and Technology Organization. “We need a better comprehensive strategy that includes both civilian and government.”

A flaw in CrowdStrike’s system caused Microsoft software across government and industry to malfunction, which grounded flights and paused health care operations. Although the outage did not stem from an attack, it highlighted the vulnerabilities in endpoint systems and the significant disruptions that can occur when systems fail.

CrowdStrike and Microsoft have since issued a software fix, and CrowdStrike CEO George Kurtz wrote on X that the firm was “fully mobilized to ensure the security and stability of CrowdStrike customers,” including government and industry.

Lane noted that millions of systems were still vulnerable to cyberattacks because of the security flaw.

“These computers are still online. They’re crashed, but they’re still online and they are totally vulnerable” to future attacks, she said. “We just announced to our adversaries where we’re vulnerable. I’m sure Russia and China are working hard right now.”

Federal Responses to the CrowdStrike Outage

CrowdStrike provides endpoint detection and response technology for civilian networks through a Cybersecurity and Infrastructure Security Agency (CISA) program initiated in 2021. CISA Director Jen Easterly posted on X that the agency was working aggressively with CrowdStrike and various partners to assess impacts and support remediation.

Several agencies, including the General Services Administration’s Login.gov, issued statements on the outage. The Federal Aviation Administration reported that while its systems were not affected, it collaborated with major airline carriers experiencing issues. The Federal Communications Commission noted that some 911 systems crashed, but communities were bringing them back online by Friday afternoon. The Social Security Administration closed offices nationwide due to the outage, but assured that many systems and online services remained operational.

Federal Cybersecurity in Focus

Comprehensive assessments like memory forensics can provide agencies with a clearer understanding of vulnerabilities during an attack.

“It’s tedious and time consuming and expensive. You only run it after you know that a computer is compromised,” Lane said. “[Agencies] should run memory forensics every day, a couple times a day at scale.”

The Defense Department unveiled a continuous monitoring system this year called the Cyber Operational Readiness Assessment (CORA) to better protect DOD networks.

“This cyber domain demands agility,” said Charles Wille, deputy director for readiness and security inspections at Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN). “Things change very quickly. The adversary turns on a dime so we need to turn on a dime. We need to be able to change that assessment criteria not in months, but in days or weeks.”

Lane noted that an outage like Friday’s can give opportunity to cyber adversaries for organizations without such protections in place.

“I fear it’s going to look like people putting their heads in the sand. Just patching this or just fixing this? It’s not a patch, it’s triage,” she said. “It’s putting a Band-Aid on a shark wound. The real problem is how many people got in today, tomorrow or however long it takes to fix all the endpoints. That’s what scares me.”