A recent software update from CrowdStrike caused unexpected disruptions in Las Vegas, shutting down various networks across the city. The incident, which impacted millions of Windows machines globally, highlighted vulnerabilities in digital security measures and prompted local officials to reassess their infrastructure resilience strategies.
The event mirrors similar instances in the past where faulty updates led to widespread disruptions. For instance, last year, a mishap involving a major antivirus software resulted in numerous systems crashing worldwide. This recurring issue underscores the ongoing challenges in ensuring the reliability of critical software updates and the importance of robust contingency plans.
Unforeseen Outage
When CrowdStrike deployed a problematic security update, Las Vegas’s Chief Information Officer Michael Sherwood observed unexpected network failures citywide. According to Sherwood, the initial half-hour was particularly confusing, as it was unclear whether the issue was due to malicious activity or a technical error.
“We started seeing what everybody else saw — machines dropping off, going into a blue screen mode,” Sherwood mentioned during an interview at the Black Hat hacker conference. “I’d say for the first half hour, we didn’t have an indication what the problem was.”
Widespread Impact
The faulty driver in the CrowdStrike update led to significant disruptions: planes were grounded, TV stations went silent, and essential services like banks and supermarkets experienced outages. While Las Vegas faced issues, it did not suffer as severely as other regions. Local reports highlighted silent slot machines in casinos and frustrated passengers at Harry Reid International Airport. Speculations even emerged about the Sphere being impacted, though these were false.
“We learned a lot. We learned our plans worked,” Sherwood said. “We learned a little more about the logistics, and how we’re going to plan out for the future.”
Future Precautions
Sherwood emphasized the importance of balancing software risks, whether through extensive testing of updates or prompt patching to prevent potential breaches. He noted that systems were back up within “eight to ten hours,” thanks to existing safeguards and backup vendors. The city aims to further diversify its systems and adopt a “layered approach” to enhance resilience. Technologies like AI and machine learning are increasingly being used for real-time decision-making to bolster security.
“What if that wasn’t available?” he said. “How much harder would it have been to recover from an event like this?”
In light of these challenges, the Biden administration has advised critical infrastructure operators to assume the likelihood of cyberattacks and strengthen their resilience. National security officials have also warned about potential threats from Beijing targeting critical infrastructures to disrupt supply chains or military movements.
