About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (July 23, 2024)

handle is hein.crs/goveqbe0001 and id is 1 raw text is: The July 19th Global IT Outages July 23, 2024 On July 19, 2024, cybersecurity firm CrowdStrike pushed an update to its software that caused some devices running the Windows operating system to crash. The day before, there was a separate outage of Microsoft Azure cloud services. The widespread adoption of both Microsoft products and CrowdStrike's cybersecurity services led to global disruptions to industries like aviation, emergency services, financial services, health care, and retail. This CRS Insight discusses these events, their impacts, and potential considerations for Congress. Event CrowdStrike runs an endpoint detection and response platform-Falcon. Falcon includes an application on the host device (e.g., a computer) along with cloud services to detect potentially anomalous activity on the device, analyze activity on it for threats, and report suspicious events to information technology (IT) administrators. It also automates certain mitigation activities for the potential risk. On July 19, CrowdStrike issued an update to host devices with a Falcon sensor. The update included a defective file for Windows machines that caused receiving systems to display an error screen and lock users out of their devices. Microsoft estimates that this event affected 8.5 million systems, which is less than 1% of total Windows machines. Linux and Mac hosts were not affected. Separately, on July 18, 2024, Microsoft experienced a disruptive incident with its Azure cloud services. In this event, virtual machines (VM) became inaccessible to cloud subscribers because of an error in the way Microsoft allows access to those machines as well as an infrastructure failure. Corporate customers who rely on Azure were unable to access their services hosted on Azure in the Central United States region during this event, which lasted about a half-day. As the software development lifecycle evolved, companies moved to a continuous update delivery model and built distribution channels right into their services-removing friction in updating their products, but also expediting adverse effects when there are issues with those updates (like with the SolarWinds incident). In both instances, administrators were able to rapidly diagnose the issues and push corrections out to affected systems. For the CrowdStrike incident, most customers were able to reboot their devices and have a safe update pulled to their systems and automatically install to restore operations. Some users had Congressional Research Service https://crsreports.congress.gov IN12392 CRS INSIGHT Prepared for Members and Committees of Congress

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most