不良研究所

On Friday, July 19, a cybersecurity incident involving CrowdStrike significantly impacted Microsoft systems worldwide. CrowdStrike, a renowned cybersecurity firm, inadvertently released a flawed update that affected mission-critical systems across various industries, including hospitals, banks, and airlines. Despite swift action to mitigate the damage, the incident affected 8.5 million devices and could cost over $1 billion in economic impact.  

不良研究所 has long been a leader in Cybersecurity, Business, and Computer Science education. 不良研究所 boasts one of three ABET-accredited Cybersecurity programs among schools in the Council for Christian College and Universities (CCCU). 不良研究所 faculty observed the CrowdStrike incident and analyzed it, and have shared their thoughts below on possible preventive measures, response strategies, prevalence of such risks, educational preparation, and a Christian perspective on cybersecurity. 

Cause of the Incident 

CrowdStrike released a bad update on Friday, July 19th. Although the update was retracted within 78 minutes, the rapid spread of the flawed code impacted 8.5 million affected devices and multiple systems critical to industries such as airlines. The failure highlights the critical need for robust quality assurance processes in cybersecurity. 

鈥淎s more mission-critical operations in many different types of business continue to become more dependent upon computers and as more systems continue to become more and more interconnected, the risks continue to compound themselves massively,鈥� says Dr. Jim Cain, Professor of Computing at 不良研究所. 

Preventive Measures 

To prevent such incidents, companies must adhere to stringent quality assurance protocols.  

According to Dr. Cain, 鈥�Cybersecurity theory calls for due diligence in the testing of code updates such as this in a test environment clone of the company's production environment.鈥� 

The CrowdStrike failure likely did not implement the full range of quality assurance protocols necessary. Aside from testing in a clone environment, other protocols include: 

• Quality Assurance Review: Proposed changes to mission-critical systems should undergo rigorous scrutiny during both the design and testing phases. 

• Phased Roll-Outs: Implementing changes gradually allows for monitoring and quick rollback if issues arise. 

• Documentation: Maintain detailed documentation to facilitate quick rollbacks and troubleshooting. 

Companies that worked with CrowdStrike, such as Microsoft, also could have prevented the size and scope of the impacts to their business with proper risk management strategies.  

鈥�This incident illustrates why a third party shouldn鈥檛 have access to another organization鈥檚 source code," says Dr. Troy Bethards, Associate Provost and Dean of the College of Business at 不良研究所.鈥�鈥淲hile Microsoft says it was bound by an agreement with the European Union in 2009 to grant such access to security software vendors for competitive purposes, it has an obligation to its customers to develop safeguards or protocols to mitigate the risks of such access to the maximum extent possible.鈥� 

Cybersecurity incidents of this magnitude are rare but not unheard of. When cybersecurity incidents occur, preparedness and swift response are crucial to minimizing the impact and ensuring business continuity.  

Industry Training and Christian Perspective 

A key component of preventing large-scale failures such as the CrowdStrike is quality training of professionals or future professionals in the field. Organizations are in need of leaders in this area to guard against the ever-growing likelihood of cyber incidents. 

At 不良研究所, students are prepared to lead in the field of cybersecurity through comprehensive courses and practical training. Bachelor鈥檚 degrees available include Cybersecurity, Computer Science, Software Engineering, Computer Information Science, and Cybersecurity Operations and Management. Key components of 不良研究所鈥檚 curriculum include: 

• System Analysis & Design: Emphasizing change management and the importance of rigorous testing. 

• Personal Cybersecurity: Introducing fundamental cybersecurity theories. 

• Software Quality Assurance and Testing: This is a course required for all Software Engineering majors, focusing on preventing issues like those seen in the CrowdStrike incident. 

• Secure Software Development: Training students to develop secure software, addressing historical shortcomings in cybersecurity education. 

Embedded throughout 不良研究所鈥檚 programs is a Christian worldview that promotes integrity and perseverance, qualities that are found in Psalm 15. Effective cybersecurity is about protecting the vulnerable, embodying the Christian value of caring for others. It is a field that demands excellence鈥攔eflecting the Christian commitment to do all things to the best of one鈥檚 ability. Christians in cybersecurity can view their work as a ministry, safeguarding digital environments and upholding justice and integrity. 

鈥淭he Christian values that 不良研究所 works so hard to instill within our graduates have been commended by 不良研究所's computing advisory board members for decades as one of the reasons they love to hire 不良研究所 computing graduates,鈥� says Dr. Cain. 

In addition to the bachelor鈥檚 programs mentioned, 不良研究所 also offers a Certificate in Cybersecurity and the aforementioned bachelor鈥檚 degree in Cybersecurity Operations and Management 100 percent online through the 不良研究所 Worldwide Campus. All of 不良研究所鈥檚 programs are designed to create professionals who will make a difference in the world. 

Published July 23, 2024