The modern structure of big businesses has led to a peculiar situation of offloading IT security onto independent organizations. July saw the largest IT outage in history when one IT security update by Crowdstrike downed 8.5 million systems around the world. The security vulnerability of such a situation exposes critical infrastructure to unnecessary risk from accidents and sabotage. Regulating the power of Big Tech monopolies such as Amazon, Microsoft and Google is long overdue.
Sean Roberts
9 September 2024
On 19 July 2024, a global crisis unfolded as major airlines grappled with severe computer problems, resulting in what is now known as the largest IT outage in history. But it was not only airlines who were shut down: banks, health care providers, telecommunication companies, retailers, TV broadcasters, supermarkets and even billboards in New York City’s Times Square went blue. From one moment to the next entire economies went offline affecting millions of businesses and users around the globe.
The estimated cost of this catastrophe exceeded USD 5.4 Billion, with less than a quarter of it being insured. The ripple effect was felt worldwide, with over 5000 flights being cancelled, forcing countless individuals to rearrange or abandon their travel plans. Delta Air Lines was hit extremely hard, and struggled for almost a week to restore normal operations. They ultimately cancelled more than 7000 flights due to their mismanagement of the situation.
The Blue Screen of Death (BSOD) is a long-standing protection built into Microsoft’s Windows systems. It occurs when something catastrophic has occurred, and the system activates the BSOD to protect itself. On that fateful 19 of July, many people and businesses encountered the BSOD after Crowdstrike, a private cybersecurity technology company based in Austin, Texas, finished a standard security update and, after testing, pushed (installed) it out onto their numerous client systems. Unfortunately, testing failed to catch an error in the update that sent systems into a boot-spiral, where the systems were unable to finish their start-up process and kept restarting until the system decided there was an issue and stopped the spiral with the BSOD.
Shortly after the Crowdstrike update went out and systems started displaying the BSOD, a cursory investigation online would find a quick fix for the problems that any remotely qualified IT professional could have implemented. X (formerly Twitter) had large discussion threads around “#Crowdstrike” that included extensive details and information on the fix. The only problem was that it required a certain level of computer literacy to understand and implement without accidentally bricking (irrecoverably destroying) the whole system.
While this incident has highlighted issues with Crowdstrike’s testing suite, a much bigger and less-talked-about issue lies at the heart of this disaster. The consolidation of power around major conglomerates and businesses creating monopolies. As a by-product of these monopolies, these Big Tech companies have moved towards centralized support and supply while removing redundancies and protections.
With Crowdstrike, businesses offloaded all of their IT security onto one company and do not keep IT professionals on hand to maintain their systems in person, as a cost-saving measure. This incident underscores the need to balance cost-saving measures and risk management. Much like when only one variety of potatoes is grown and a potato disease breaks out. If everything is the same, it all dies together.
BSOD is but one example of the power of Big Tech and the danger of outsourcing vital parts of your economy to single players. Other examples include: China’s dominance in antibiotic production; mass shortages of N95 masks during the pandemic; Europe’s inflation resulting from dependence on Ukraine’s food production and Russia’s energy supply; dependence on Google’s search engine monopoly; the demise of countless businesses on Amazon’s watch; and, Big Tech’s control of content and censorship of political voices.
Yet profits are not the only thing on the line when vital services break down. National security and democracy itself are threatened when nefarious actors target large corporations, political actors or governments through cyberattacks.
The competitive nature of the business world means that it is unlikely for large corporations to implement more safety measures and protections unless it is profitable for them to do. So how can society achieve diversity in critical sectors?
From an economic perspective, BSOD highlights the dangers of market concentration. Economists know that monopolies often lead to inefficiencies by increasing dependence on vulnerable critical systems and infrastructure. The power of Microsoft, Google and Amazon, who together control two-thirds of the global cloud infrastructure market, is a real and present danger. More competition is required to give users options to choose.
When a missed single line of code can disrupt entire countries, bring industries to their knees and endanger the lives and livelihood of millions of people, it is time to press the reset button. Only a regulatory framework provided by the Federal Trade Commission (FTC) or the EU have the potential to curb the power of Big Tech and to protect us all, not only from BSOD.
