CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says

LAS VEGAS — For Cybersecurity and Infrastructure Security Agency Director Jen Easterly the doomed CrowdStrike software update that took global IT systems and networks offline last month holds a “big lesson” for critical infrastructure.

“The CrowdStrike incident was such a terrible incident,” Easterly said Wednesday during a media briefing at Black Hat, but “it was a useful exercise, like a dress rehearsal for what China may want to do to us.”

The outage was not the result of a malicious act, but rather a basic field input error that caused an out-of-bounds memory read. Yet, to Easterly, the widespread chaos it caused offers a clear example of what could occur if China-affiliated attackers make good on its efforts to cause systemic disruption to U.S. critical infrastructure.

When Easterly learned of the outage, around 2 a.m. on July 19: “What was going through my mind was ‘oh, this is exactly what China wants to do.’”

The outage highlighted the need for resilient systems to keep operations running in the wake of an incident or disruptive attack. But, for many of CrowdStrike’s customers, normal operations ground to a halt.

Easterly gave the example of Volt Typhoon, a China state-sponsored threat group which has intruded and embedded in multiple U.S. critical infrastructure sectors to potentially launch disruptive or destructive attacks in the event of a conflict in the Taiwan Strait.

Federal authorities early this year warned that intrusions by the state-sponsored threat group and other China-linked groups are part of an extensive effort to maneuver in preparation for future attacks. The nation’s drinking and wastewater sector has confronted heightened threat activity from state-linked and criminal hackers targeting vulnerable water utilities.

To read the complete article, visit Cybersecurity Dive.