Business Continuity Management / Disaster Recovery , CrowdStrike Outage Updates , Governance & Risk Management
How the CrowdStrike Outage Fuels Indian Tech Nationalism
The Make in India Movement Would Love to Blame Big Tech, But Is That Really Fair?The global IT outage caused by a faulty CrowdStrike update to its antivirus software has sparked fierce debate on social media. Some say CrowdStrike didn't do enough testing and red-teaming exercises. Others say the outage is a great example of why organizations need a solid business continuity plan. Some cybersecurity vendors have seized the opportunity to promote their products.
See Also: How to Unlock the Power of Zero Trust Network Access Through a Life Cycle Approach
Many have used the July 19 outage to point to the power and interconnectedness of big tech and the risks associated with it. In India, the outage stoked Indian distrust of Western tech companies, a debate over Indian tech nationalism and a broader movement that is gaining traction with Make in India - the government's push for local solutions.
Bhavish Aggarwal, co-founder and CEO of Ola Cabs, an Indian ride-sharing company, compared the outage to a major cyberattack that could affect data stored outside of India. He called for the government to "recognize the risk of our data residing globally and bring more stringent data localization norms and action to address these risks."
Full disclosure: Aggarwal's company has an AI platform called Krutrim will compete with global technology majors in building energy-efficient data centers and offer cloud services for the development of artificial intelligence. He is also a staunch critic of Microsoft.
The main problem with Aggarwal's complaint is that the location of data had no impact during the CrowdStrike outage. Banks in India are mandated by the Reserve Bank of India to store data locally. Did this make them immune from this IT outage? In a statement on Friday, the RBI said 10 Indian banks and NBFCs experienced minor disruptions.
One thing is for sure: The outage got the nation's attention. It disrupted businesses, government agencies, airlines and millions of citizens. The IT outage affected 8.5 million devices globally. As many as 2 million devices were affected in India. That works out to an average of 200 devices per company, affecting about 10,000 companies in India.
Many seized the opportunity to promote Indian products - a movement highlighted by the government in its budget announced on Tuesday. To support local companies and products, the government is changing customs duties in the 2024-2025 budget to boost the Make in India initiative, which aims to encourage the production and consumption of Indian goods, helping local businesses grow and reducing dependence on foreign products.
One of the high-profile areas of global competition centers on artificial intelligence technology. The government is investing huge sums of money and resources into developing AI applications and infrastructure in India so that it can ultimately compete with Silicon Valley.
The focus on local products also should include the cybersecurity sector, according to Arsh Maniar, founder and CEO of Yahya, a computer and network security firm. "India needs to come up with specialized cybersecurity solutions and have to lead in that too. And there is hardly any Indian-made cybersecurity firm in India. So on the same belief, we have started Yahya, which visions to provide security for all."
Some Indian leaders have long fought to reduce foreign dominance. Speaking about the need for India to build its own tech platforms, Aggarwal said earlier this year, "I'm not against global tech companies. But as an Indian citizen, I feel concerned that my life will be governed by Western big-tech monopolies and we will be culturally subsumed."
Let's Be Fair About This
While the arguments for supporting Indian companies and products are valid, is it fair to blame CrowdStrike for all the issues related to big tech? Most say the CrowdStrike outage was a big mistake, but a security researcher in India requesting anonymity said such an incident could happen to anyone without fool-proof, "automated" release tests.
He said collaboration with big tech and "working closely with OS makers like Microsoft to develop automated and remote management solutions for such issues can enhance recovery efficiency" are needed to prevent a future IT crisis. Rather than pushing Silicon Valley away, India needs to establish stronger partnerships that "can lead to better integration and faster resolution of compatibility problems."
To CrowdStrike's credit, the company immediately admitted the problem, pushed out a fix and promised to be transparent about how it happened. This week, the company detailed the testing failure and promised to introduce a number of software resiliency and testing improvements, implement a staggered deployment strategy and gave customers "greater control" over updates.
So, what are the lessons learned for India?
The outage highlighted the importance of having a good incident response plan for a bad vendor update. It also underscored the risk of potential supply chain attacks by malicious groups - and the need for rigorous security practices, comprehensive quality assurance and more vigilance across the supply chain.
But it's not a rallying cry for Indian tech nationalism. Global IT systems are inherently interconnected with tech firms around the world. It's time to focus on working with big tech to solve these risks. The blame game and the product pitches can wait.