The recent CrowdStrike IT outage served as a dress rehearsal for a potential cyber-attack on critical infrastructure that could potentially be orchestrated by a nation-state like China.
The CrowdStrike IT outage was a useful exercise in what may happen if China were to act in a disruptive manner against critical systems.
“It’s really about building resilience into our networks and our systems so that we can withstand significant disruptions and at least drive down the recovery time to be able to provide services,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA) said during a briefing at Black Hat USA 2024.
“I thought the CrowdStrike outage was a useful exercise, like a dress rehearsal, for what China may want to do. If something like that happens again, we have to be able to respond and recover very rapidly in a world where the content update is not reversed.”
The Volt Typhoon Precedent
In May, CISA issued an update about the imminent threat posed by People’s Republic of China (PRC) state-sponsored cyber actors known as Volt Typhoon. The advisory confirmed that Volt Typhoon has been actively infiltrating networks of US critical infrastructure organizations.
This infiltration is not for espionage, data theft or IP theft, but in order to launch a disruptive attack in the even of a major conflict in the Taiwan Strait.
The UK’s National Cybersecurity Centre (NCSC) has also issued stark warnings about potential Volt Typhoon, which could lay the groundwork for disruptive or destructive cyber-attacks.
Since issuing such statements, CISA is now looking to discern if this has driven the Volt Typhoon actors into a place where they cannot find them anymore, or changing their tactics and techniques.
“I don’t think we have seen any material changes yet,” Easterly said.
CISA Lessons Learned from the CrowdStrike Outage
During the global IT outage on July 19, caused by a content update to CrowdStrike Falcon sensor leading to Microsoft Windows Operating Systems outages, CISA worked with CrowdStrike to provide mitigation guidance to those affected.
In dealing with the issue, Easterly described three learnings from the CrowdStrike incident.
“As a community, we were pretty well connected in terms of having a turnkey process to reach out to both the technology companies and the critical infrastructure very quickly,” she said.
“Second, it reinforced what we’ve been saying about the importance for technology vendors to design, develop, test and deploy software that is secure by design. We saw that cyber vendors are not immune from issues around software quality,” Easterly explained.
“The big lesson though… is the resilience, what was going through my mind was that this is exactly what China wants to do but without rolling back the update,” she said.
For NCSC’s CEO, Felicity Oswald, the CrowdStrike incident highlighted the need for organizations to build resilience in at every stage.
Oswald also said NCSC played a critical role in clarifying that the CrowdStrike outage was not a malicious threat as well as ensuring that the new government, which came into office in July, was able to provide businesses with the information they needed to deal with the incident.