smartnuts … the world on the cabaret-style dissecting table

Against better knowledge

A

How CrowdStrike customers wihtin critical sectors ignore the obvious and follow the herd instinct of an industry …

I’m just wondering why (at least in Germany) the faulty1 CrowdStrike update caused a whole series of critical infrastructures to fail. How do I have to picture the purchasing process of Crowdstrike customers?

Purchaser to IT-manager:

‘But it says here in paragraph 8.6 of the terms and conditions2: “The offerings and Crowdstrike tools are not fault-tolerant and are not designed or intended for use in a hazardous environment that requires fail-safe performance or operation. Neither the offers nor the Crowdstrike tools are intended for use in aircraft navigation, nuclear facilities, communication systems, weapon systems, direct or indirect life-support systems, air traffic control or other applications or installations where failure could result in death, serious bodily injury or property damage.”

IT-manager to purchaser:

’Oh come on – it’s in there everywhere. I’ll take the risk.’

Perhaps this event will finally sharpen the sense of the responsible risk management functions for the criticality of explicit or incidentally declared risk acceptance.

  1. Short and concise explanation of the technical background for the flawed nature of the CrowdStrike agent from my former colleague Pieter Danhieux: Link to LinkedIn ↩︎
  2. https://www.crowdstrike.com/terms-conditions/ ↩︎

About the author

Michael Bunzel

Michael (Mike) Bunzel (aka maschasan) is a lawyer and engineer currently living in Germany. He has been working in the field of Cybersecurity and related laws and regulations for over 25 years now.

Mike took on various roles and functions in the context of Information Security, Cybersecurity, and SCADA/Shopfloor Security at a German car manufacturer in southern Germany for more than fifteen years now - currently in the R&D resort, with focus on E/E-systems in the context of automotive cybersecurity.

Mike has worked with global organizations across dozens of countries, cultures and languages, well-travelled in EMEIA, APAC and the Americas.

All articles in this blog do NOT reflect the opinion of his employer, but are all an expression of his personal view of things.

By Michael Bunzel
smartnuts … the world on the cabaret-style dissecting table

Get in touch

Tags