On Friday, July 19, a cybersecurity incident involving CrowdStrike significantly impacted
Microsoft systems worldwide. CrowdStrike, a renowned cybersecurity firm, inadvertently
released a flawed update that affected mission-critical systems across various industries,
including hospitals, banks, and airlines. Despite swift action to mitigate the damage,
the incident affected 8.5 million devices and could cost over $1 billion in economic
impact.
Southwest Baptist University has long been a leader in Cybersecurity, Business, and Computer Science education. SBU boasts one of three ABET-accredited Cybersecurity programs among schools in the Council for Christian College and Universities (CCCU). SBU faculty observed the CrowdStrike incident and analyzed it, and have shared their thoughts below on possible preventive measures, response strategies, prevalence of such risks, educational preparation, and a Christian perspective on cybersecurity.
Cause of the Incident
CrowdStrike released a bad update on Friday, July 19th. Although the update was retracted within 78 minutes, the rapid spread of the flawed code impacted 8.5 million affected devices and multiple systems critical to industries such as airlines. The failure highlights the critical need for robust quality assurance processes in cybersecurity.
“As more mission-critical operations in many different types of business continue to become more dependent upon computers and as more systems continue to become more and more interconnected, the risks continue to compound themselves massively,” says Dr. Jim Cain, Professor of Computing at SBU.
Preventive Measures
To prevent such incidents, companies must adhere to stringent quality assurance protocols.
According to Dr. Cain, “Cybersecurity theory calls for due diligence in the testing of code updates such as this in a test environment clone of the company's production environment.”
The CrowdStrike failure likely did not implement the full range of quality assurance protocols necessary. Aside from testing in a clone environment, other protocols include:
- Quality Assurance Review: Proposed changes to mission-critical systems should undergo rigorous scrutiny during both the design and testing phases.
- Phased Roll-Outs: Implementing changes gradually allows for monitoring and quick rollback if issues arise.
- Documentation: Maintain detailed documentation to facilitate quick rollbacks and troubleshooting.
Companies that worked with CrowdStrike, such as Microsoft, also could have prevented the size and scope of the impacts to their business with proper risk management strategies.
“This incident illustrates why a third party shouldn’t have access to another organization’s source code," says Dr. Troy Bethards, Associate Provost and Dean of the College of Business at SBU. “While Microsoft says it was bound by an agreement with the European Union in 2009 to grant such access to security software vendors for competitive purposes, it has an obligation to its customers to develop safeguards or protocols to mitigate the risks of such access to the maximum extent possible.”
Cybersecurity incidents of this magnitude are rare but not unheard of. When cybersecurity incidents occur, preparedness and swift response are crucial to minimizing the impact and ensuring business continuity.
Industry Training and Christian Perspective
A key component of preventing large-scale failures such as the CrowdStrike is quality training of professionals or future professionals in the field. Organizations are in need of leaders in this area to guard against the ever-growing likelihood of cyber incidents.
At SBU, students are prepared to lead in the field of cybersecurity through comprehensive courses and practical training. Bachelor’s degrees available include Cybersecurity, Computer Science, Software Engineering, Computer Information Science, and Cybersecurity Operations and Management. Key components of SBU’s curriculum include:
- System Analysis & Design: Emphasizing change management and the importance of rigorous testing.
- Personal Cybersecurity: Introducing fundamental cybersecurity theories.
- Software Quality Assurance and Testing: This is a course required for all Software Engineering majors, focusing on preventing issues like those seen in the CrowdStrike incident.
- Secure Software Development: Training students to develop secure software, addressing historical shortcomings in cybersecurity education.
Embedded throughout SBU’s programs is a Christian worldview that promotes integrity and perseverance, qualities that are found in Psalm 15. Effective cybersecurity is about protecting the vulnerable, embodying the Christian value of caring for others. It is a field that demands excellence—reflecting the Christian commitment to do all things to the best of one’s ability. Christians in cybersecurity can view their work as a ministry, safeguarding digital environments and upholding justice and integrity.
“The Christian values that SBU works so hard to instill within our graduates have been commended by SBU's computing advisory board members for decades as one of the reasons they love to hire SBU computing graduates,” says Dr. Cain.
In addition to the bachelor’s programs mentioned, SBU also offers a Certificate in Cybersecurity and the aforementioned bachelor’s degree in Cybersecurity Operations and Management 100 percent online through the SBU Worldwide Campus. All of SBU’s programs are designed to create professionals who will make a difference in the world.
Published July 23, 2024