web analytics

Federal Agencies Scramble to Fix Massive Software Outage – Source: www.databreachtoday.com

federal-agencies-scramble-to-fix-massive-software-outage-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Business Continuity Management / Disaster Recovery
,
Governance & Risk Management
,
Government

CrowdStrike Outage Rekindles Concerns Over Federal Cybersecurity Contingency Plans

Chris Riotta (@chrisriotta) •
July 19, 2024    

Federal Agencies Scramble to Fix Massive Software Outage
The outage delayed passengers at major airlines worldwide. The Federal Aviation Administration helped airlines temporarily halt flights in the U.S. over safety concerns. (Image: Shutterstock)

Federal agencies rushed to provide information technology support to airlines, banks and other major institutions Friday amid one of the largest reported software outages in global history affecting Windows PCs.

See Also: OnDemand: Sick of Ever-changing Healthcare Regulations?

Federal officials from the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency and the Federal Aviation Administration confirmed in separate statements to Information Security Media Group that they have been working with the private sector to resolve a faulty software update released by the Texas-based cybersecurity firm CrowdStrike. The outage began around 6:00 p.m. U.S. Eastern Time on Thursday, according to CrowdStrike, a cybersecurity firm widely used by government agencies and Fortune 500 companies to protect cloud-based systems.

A DHS spokesperson said in a statement to Information Security Media Group that the department and CISA “are working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages.”

The outages forced U.S. airlines to ground as many as 2,500 flights within, into or out of the country by Friday afternoon, according to tracking data from FlightAware.com. A spokesperson for the FAA told ISMG the agency was “closely monitoring a technical issue impacting IT systems at U.S. airlines” and added that “several airlines have requested FAA assistance with ground stops for their fleets until the issue is resolved.”

Emergency services in some parts of the country were also severely affected, and reports say dispatchers in some cities were forced to take notes by hand as false fire alarms were set off in the middle of the night in cities such as San Francisco.

Several federal agencies – including the departments of Justice and Health and Human Services – also confirmed that operations were affected by the incident, which Microsoft and CrowdStrike said was the result of a single defect found in a content update for CrowdStrike Falcon software on Windows. Experts told ISMG that although the outage was not the result of a cyberattack, it once again raises concerns about government agencies relying too heavily on a limited number of technology providers, such as Microsoft, to secure federal systems.

The recent outages “have the potential to halt critical operations such as public health systems, emergency services and administrative functions that rely on stable IT infrastructure,” said Lisa Plaggemier, executive director of the National Cybersecurity Alliance.

Plaggemier told ISMG the incident underscores the need for regular updates, robust contingency plans and “diversifying reliance on single software providers to prevent widespread outages.”

CrowdStrike released a temporary workaround for the faulty update Friday morning while it continues to prepare a more comprehensive fix for the “blue screen of death” that began appearing on Microsoft systems worldwide (see: Banks and Airlines Disrupted as Mass Outage Hits Windows PCs).

A White House official told pool reporters President Joe Biden had been briefed on the system disruptions by Friday afternoon, and the Social Security Administration announced it had closed its offices due to the “global IT outage.” Federal employees across various agencies, including the Department of Homeland Security, also reported having issues with accessing desktop computers throughout the day.

The full extent of the outages remains unclear. NASA and the Federal Trade Commission have reported experiencing some level of impact, while the Energy Department managed to restore its website – which apparently experienced technical issues throughout the outages – by late Friday morning.

Experts say CrowdStrike will face probing questions from its investors and customers about how the software flaw led to the global disruption (see: CrowdStrike, Microsoft Outage Uncovers Big Resiliency Issues).

Original Post url: https://www.databreachtoday.com/federal-agencies-scramble-to-fix-massive-software-outage-a-25814

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate