CrowdStrike Outage Puts Spotlight on Cyber Resiliency, Continuous Assessments
Cybersecurity experts say comprehensive strategies protect against vulnerabilities amid system interruptions and outages.

The CrowdStrike and Microsoft outage that impacted systems across government agencies Friday highlights the importance of building cyber resiliency and continuous assessments to prevent future incidents.
“We’re past the point where we can handle triage as a strategy. [Attacks and outages are] our new normal, unfortunately,” said Gentry Lane, CEO of Nemesis Global and former team member at NATO’s Science and Technology Organization. “We need a better comprehensive strategy that includes both civilian and government.”
A flaw in CrowdStrike’s system caused Microsoft software across government and industry to malfunction, which grounded flights and paused health care operations. Although the outage did not stem from an attack, it highlighted the vulnerabilities in endpoint systems and the significant disruptions that can occur when systems fail.
CrowdStrike and Microsoft have since issued a software fix, and CrowdStrike CEO George Kurtz wrote on X that the firm was “fully mobilized to ensure the security and stability of CrowdStrike customers,” including government and industry.
Lane noted that millions of systems were still vulnerable to cyberattacks because of the security flaw.
“These computers are still online. They’re crashed, but they’re still online and they are totally vulnerable” to future attacks, she said. “We just announced to our adversaries where we’re vulnerable. I’m sure Russia and China are working hard right now.”
Federal Responses to the CrowdStrike Outage
CrowdStrike provides endpoint detection and response technology for civilian networks through a Cybersecurity and Infrastructure Security Agency (CISA) program initiated in 2021. CISA Director Jen Easterly posted on X that the agency was working aggressively with CrowdStrike and various partners to assess impacts and support remediation.
Several agencies, including the General Services Administration’s Login.gov, issued statements on the outage. The Federal Aviation Administration reported that while its systems were not affected, it collaborated with major airline carriers experiencing issues. The Federal Communications Commission noted that some 911 systems crashed, but communities were bringing them back online by Friday afternoon. The Social Security Administration closed offices nationwide due to the outage, but assured that many systems and online services remained operational.
Federal Cybersecurity in Focus
Comprehensive assessments like memory forensics can provide agencies with a clearer understanding of vulnerabilities during an attack.
“It’s tedious and time consuming and expensive. You only run it after you know that a computer is compromised,” Lane said. “[Agencies] should run memory forensics every day, a couple times a day at scale.”
The Defense Department unveiled a continuous monitoring system this year called the Cyber Operational Readiness Assessment (CORA) to better protect DOD networks.
“This cyber domain demands agility,” said Charles Wille, deputy director for readiness and security inspections at Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN). “Things change very quickly. The adversary turns on a dime so we need to turn on a dime. We need to be able to change that assessment criteria not in months, but in days or weeks.”
Lane noted that an outage like Friday’s can give opportunity to cyber adversaries for organizations without such protections in place.
“I fear it’s going to look like people putting their heads in the sand. Just patching this or just fixing this? It’s not a patch, it’s triage,” she said. “It’s putting a Band-Aid on a shark wound. The real problem is how many people got in today, tomorrow or however long it takes to fix all the endpoints. That’s what scares me.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
How Will the Trump Administration Handle Quantum Policy?
Tech leaders are calling on the new administration to revisit quantum efforts as the president develops new visions for technology.
6m read -
New DHS Secretary Sets Sights on Cybersecurity
Kristi Noem plans to utilize "cutting-edge" technologies to combat emerging cybersecurity threats and support the agency's workforce.
5m read -
AFCEA West: How the Marine Corps is Securing the Future Battlefield
USMC is focusing on technology, training and the individual warfighters to keep pace with adversaries.
11m watch -
AFCEA West: Advancing Navy’s Cloud, Zero Trust for Future Defense
The service’s tech chief highlighted how its cybersecurity, Flank Speed and future cloud efforts are going.
11m watch