The Crowdstrike disaster was bound to happen. The cloud is a chokepoint in our interconnected world
Last week, Crowdstrike caused a global tech meltdown due to a botched software rollout. The incident should be seen as a dry run for the next time someone throws a spanner into the cloud and disrupts our globally interconnected tech ecosystem, writes Andy Blackmore.
If you are reading this, the world as we know it has not descended into anarchy and abandon. Then again, perhaps my efforts have been in vain, and my words have simply fallen down the back of the internet, never to be seen again.
Who knows? Yet, if you were one of the many people recently caught in that interface between cyberspace and reality, let’s call it the real world, it must have felt like chaos reigned supreme. People having to use real money in shops – God forbid such inconvenience. I can’t even remember the last time I used cash.
But I’m being flippant; for those trying to attend hospital appointments or blood tests, or even fly off into the sunset, it was no joke. Millions of devices, tens of thousands of people, thousands of businesses, and over a hundred countries – basically the whole globe. So many circles of confusion, linked, regulated, and ordered by computers. A world interconnected and intertwined like the Olympic rings, now unified by one common denominator: the blue screen of death.
Banks, airlines, airports, football clubs, pubs, restaurants, car manufacturers, the NHS, hospitals, GP surgeries, newspapers, butchers, bakers, and perhaps even candlestick makers – all brought to their knees by an endpoint security software update. Such irony. A bit like being beaten up by your own bodyguard.
Chaos theory was brought to life in inglourious technicolour; as they say, “a flap of a butterfly’s wings in the Amazon can cause a tornado in Texas.” However, instead of a butterfly, think Crowdstrike minion or Oompa-Loompa, and rather than a tornado, they caused an IT whirlwind and one almighty cock-up.
Now, it’s one thing to have local machines failing, and boy, did they fail, but what if the whole architecture that underpins them and AI were to go belly up?
Nowadays, the cloud powers the planet and has done so for years, but until today, most people have been living in happy ignorance of the consequences of it going rogue. You may not even have been aware that you have been using it. But you have.
The cloud is like a giant online storage and service centre. Instead of storing files and running programs locally on your computer, you use the internet to access them. Meaning in theory, you can use any device to get your stuff and run applications anytime, anywhere.
It is also a way of levelling up all machines, allowing complex calculations and processes to run remotely, thus performing tasks far beyond the processing power of your local machine.
It is also the powerhouse that drives AI. It relies heavily on the cloud and is consuming its capacity at an exponential rate. It always seems to need more; bigger and faster servers and yet more processing power. Moore’s Law in motion.
The perfect opportunity for businesses wanting to capitalise on the economy of scale. Yet, do you think most who want to exploit this demand build their own massively expensive, power- and water-hungry data centres? No, they rent scalable server space and capacity from others who have.
The cloud is a chokepoint in our interconnected world, for there can be no real redundancy in a virtual monopoly. This reliance concentrates computing power into the hands of the few, creating a single point of failure that can cripple our entire infrastructure – imagine that in the hands of a bad actor – and I don’t mean Benny Hill.
The cloud, for all its convenience, makes us vulnerable. Our dependence on it, rather than providing resilience, exposes us to the risk of widespread disruption. When everything is interconnected and controlled by a handful of systems, a single failure can cascade into a global catastrophe.
If this were a species of wheat with such little biodiversity in its DNA, one with such slight resistance to a single organism or pest, we’d be alarmed – and rightly so.
Yet, we continue to allow our lives to be run by a single system and dogma with little thought for the consequences if things go wrong. Do you think it will get better once AI is embedded in our lives to such an extent that we have forgotten how to think or act for ourselves?
This infrastructure is invisible to the customer, so whether you are Tesco or Walmart and you want to hitch your wagon to the AI gold rush and mine that data, you connect your company’s front-end with the cloud’s back-end. And the customer is none the wiser. The modular AI component Amazon Web Services (AWS) system is partially suited to this, but that approach is universal.
It is designed to be omnipresent. AI is and will be, dominant in all that we do today and more so, tomorrow. People want everything and anything, and they want it either now, or yesterday, whichever is faster. The customer always knows best. And they know how best to exploit that. Convenience is key, yet convenience is also the perpetual enemy of security.
There are so many seemingly disparate brands and businesses at one end, yet so few at the other—one system, one doctrine, one ideology, one methodology.
As it stands, the provision of cloud computing is dominated by just three companies, often referred to as the “big three”: Amazon Web Services (AWS), the largest and most widely adopted cloud platform; Microsoft Azure; and Google Cloud Platform (GCP).
That lack of commercial diversity has always struck me as an accident waiting to happen. So, excuse me if I’m wrong; I’m pretty sure no one has invented infallible computers yet, or a system with 100 per cent serviceability.
So, if you carry all your eggs in one basket and someone takes a tumble, they break, and you end up with an omelette. What happened with the Crowdstrike fiasco was essentially one humongous omelette. Consequently, everyone had to undo that mess and reassemble the eggs.
Now imagine the scene where a lorry on its way to market, loaded to the gunnels with produce, crashes and hundreds of baskets and thousands of eggs are split and smashed – how long would that take to clean up? That’s the scale of the disaster once AI is folded into the mix.
Today, the list of smart devices that use AI runs from toasters to doorbells and everything in between, including locks, fridges, mirrors, pet feeders, coffee machines, washing machines, bulbs, webcams, and sous-vide cookers. That list will only get longer. And while it’s not exactly the plot of “Apocalypse Now,” the thought of that lot going Colonel Kurtz and failing to obey orders would be more comedic than deadly.
Fast-forward to the not-too-distant future, and imagine an electric ambulance refusing to dispatch to an emergency because it can’t perform its start-up diagnostics—or burning beans by a bonfire in the back garden since your smart stove can’t access the serving suggestion—that’s not so funny.
The world plunged into the dark ages, albeit temporarily, because those data prospectors were obsessed with adding AI to everything.
Don’t panic, for those service providers will lecture you about multiple backups, redundancy, and of course, Geo-redundancy – the worldwide distribution of mission-critical components or infrastructures, such as servers, across multiple data centres that reside in different geographic locations spread over many continents.
And I’m sure that had you run the scenario of Crowdstrike’s massive cock-up up their flagpole last week, they would have told you it was both impossible and implausible, and then where to stick it.
Ah, the mendacity of megalomania. Even as the dominos are still falling, we need to be thinking about the next domino. They will say it won’t happen again. Even sooner, they will say it can’t happen again, obviously – it will. Only next time, it will be worse, much, much worse.