Security

Diversity: The Forgotten Security Principle

The July 19 update caused significant IT system crashes. Introducing diversity in technology solutions could reduce future disruptions.

Kent Inge Fagerland Simonsen

Kent Inge Fagerland Simonsen

Kent Inge has been working with Software Engineering since 2005. In that time, he has contributed to numerous projects and systems. He has also published several academic and a couple of opinion pieces on various topics in Software Engineering. He is currently interested in, and working on, how to make the developer community emphasize the "greenness" in software products more.

On July 19, 2024 Crowstrike issued an update for its IDS system for the Windows operating system. This fateful update happened to cause crashes of IT systems that relied on the Windows/Crowdstrike combination with such dire consequences as closing entire airports hampering health care and ending up costing potentially billions of USDs.

A common theme among those affected by this outage was, with 20/20 hindsight, was a reliance on one particular combination of technologies. Windows and crowdstrike are, presumably, both fine technologies chosen by the largest organizations on the planet. However, they are not the only combination of OS and IDS capable of operating, even in high stakes environments.

This talk will discuss how the outcome of the July 19 event and similar events causing mass outages could have been less disruptive by introducing a measure of diversity in the technical solutions. We will also discuss ways to create diverse solutions while minimizing the additional cost.