On a seemingly ordinary day, a critical incident unfolded at CrowdStrike, a well-known cybersecurity company. The incident was traced back to a programmer’s error, leading to a significant outage. This event underscores the importance of robust coding practices and highlights the potential benefits of outsourcing security, even for companies with considerable internal resources.
The Technical Breakdown
The root cause of the CrowdStrike outage can be attributed to a series of programming missteps in C++:
Programmer Error
A developer at CrowdStrike made a mistake while writing code in C++. This error set off a chain reaction that culminated in a system crash.
Null Pointer Creation
In the code, a pointer variable (Obj* obj) was intended to point to a specific object in memory containing crucial data. However, due to the error, the pointer remained null, meaning it didn’t point to any valid memory location.
Missing Null Check
The code then attempted to use this null pointer (obj) to access information within the object it was supposed to represent. Normally, programmers would include a check to ensure the pointer is not null before using it (e.g., if (obj == NULL) { … }). In this case, such a check was missing.
Attempting to Access “Nothing”
Because the pointer was null, it essentially pointed to “nothing” in memory. When the code tried to access member variables of the object (like obj->a or obj->b), it attempted to read data from an invalid memory address calculated based on the null pointer value (e.g., 0x0 + 4). The stack dump revealed an attempt to access 0x9c, an invalid memory region. This miscalculation was a direct result of the missing null check.
Memory Access Violation
As the program tried to access unauthorized memory, Windows recognized this as a potential security threat. To protect the system, Windows crashed the program entirely, resulting in the infamous Blue Screen of Death (BSOD) and causing an outage.
Why Outsource Security?
Despite CrowdStrike’s substantial internal resources and expertise, this incident demonstrates that even leading cybersecurity firms can fall victim to programming errors with severe consequences. Here are some compelling reasons why companies, regardless of their size and expertise, should consider outsourcing security:
1. Specialized Expertise
Outsourcing security provides access to specialists who focus exclusively on identifying and mitigating security threats. These experts are often more attuned to the latest vulnerabilities and attack vectors than in-house teams, whose attention might be divided across various projects.
2. Enhanced Focus
By outsourcing security, internal teams can concentrate on core business functions and product development without being sidetracked by security concerns. This focus can lead to higher productivity and innovation within the company.
3. Scalability and Flexibility
Outsourced security services can scale with the company’s needs, providing the necessary resources to handle varying threat levels. This flexibility ensures that the company’s security posture can adapt to changing circumstances without requiring substantial internal adjustments.
4. Cost Efficiency
While it might seem counterintuitive, outsourcing security can be more cost-effective than maintaining a large, specialized internal team. Outsourcing providers can leverage economies of scale to offer competitive pricing while delivering high-quality services.
5. 24/7 Monitoring and Response
Outsourced security firms often provide round-the-clock monitoring and incident response. This continuous vigilance ensures that threats are identified and mitigated promptly, reducing the risk of significant disruptions.
6. Objective Perspective
External security providers bring an unbiased perspective to the company’s security practices. They can identify and address vulnerabilities that internal teams might overlook due to familiarity or internal politics.
Conclusion
The CrowdStrike outage serves as a stark reminder of the potential consequences of programming errors and the critical importance of rigorous coding practices. It also highlights the value of outsourcing security to specialized firms. Outsourcing security is not a sign of weakness but a strategic decision to bolster a company’s defenses against an ever-evolving threat landscape. In an era where cyber threats are increasingly sophisticated, partnering with specialized security providers is a prudent move to ensure robust and resilient protection.
