top of page
Search

CrowdStrike's System Crash: A Wake-Up Call for Firms' DORA Projects

A recent system crash experienced by CrowdStrike's Falcon sensor, as detailed in their technical root cause analysis, serves as a stark reminder of the complexities involved in managing ICT risks and the critical importance of robust operational resilience, particularly in light of the upcoming implementation of the EU's Digital Operational Resilience Act (DORA).


ree

The Incident


The crash, triggered by a content update, was caused by a convergence of factors, including a mismatch in input parameters, a latent out-of-bounds read issue, and insufficient testing. This incident underscores the potential for even seemingly minor updates to have cascading effects on system stability.


Implications for DORA Projects


This incident provides several critical takeaways for firms as they navigate their DORA implementation projects:


  1. Third-Party ICT Risk Management: The incident emphasises the critical need for thorough due diligence when relying on external vendors for critical ICT services. Firms should assess vendors' software development, quality assurance processes, and incident response capabilities.

  2. Contractual Obligations: DORA mandates specific contractual provisions to ensure ICT service providers meet high security and resilience standards. Firms must review and update their contracts accordingly.

  3. Operational Resilience Testing: Comprehensive testing, including scenario and penetration testing, is essential to identify and address vulnerabilities before they impact operations. Collaboration with ICT providers is crucial in this regard.

  4. Incident Response and Communication: Timely incident reporting and communication are mandated under DORA. Firms should establish clear communication channels with their ICT service providers and ensure they have robust incident response plans.

  5. Ongoing Monitoring: Continuous monitoring of ICT service providers' performance and security posture is critical to maintaining operational resilience.


Additional Insights from the CrowdStrike Report


Beyond DORA compliance, the technical details of the CrowdStrike incident provide further insights for firms:


  • Robust Testing & Validation: Thoroughly test all new features and updates, covering edge cases and potential interactions.

  • Staged Rollouts: Adopt a phased deployment approach to minimise the impact of potential issues.

  • Enhanced Monitoring & Telemetry: Implement robust monitoring and telemetry to detect and address anomalies quickly.

  • Customer Control: Provide customers with options to control updates and access detailed information.

  • Independent Reviews: Consider independent reviews of critical systems and processes to identify vulnerabilities.


Conclusion


The CrowdStrike incident underscores the importance of vigilance and proactivity in managing ICT risks. As firms prepare for DORA compliance, they must prioritise robust testing, thorough due diligence, clear contractual obligations, and ongoing monitoring of their ICT service providers. By learning from such incidents and implementing necessary safeguards, firms can confidently enhance their operational resilience and navigate the complexities of the digital landscape.


 
 

Sign up to be notified about the latest updates of what we think

The posts listed on the 'What we think' webpages are our interpretation of regulatory developments we have been reading about. They should not be considered legal, regulatory or other advice. Contact us if you want to understand the impact of public policy, regulation and governance changes for you.

bottom of page