Image source.

by Brian Shilhavy
Editor, Health Impact News

As the full effects of the Microsoft glitch that took down so many businesses and government agencies this past Friday are still being evaluated, the vulnerability of a software system run by a cybersecurity firm is presenting new information to hackers and exposing just how unprepared the U.S. Government is to protect our country against cyber attacks that are a real threat to national security.

After the CrowdStrike failed software update that infected 8.1 million devices with cascading effects spreading to millions, if not billions, of other devices and computer systems, the threat of a Cyber Pandemic is now very real.

And the main reason that the U.S. Government is powerless to stop something like a Cyber Pandemic is not because of a lack of technology or computer resources, since the U.S. is home to the largest technology companies in the world, but it is due to a lack of human resources: Cybersecurity professionals.

In 2021 CNN published an article with the title: Wanted: Millions of cybersecurity pros. Salary: Whatever you want

The article highlighted the increasing cyber attacks in the U.S. and the lack of cybersecurity experts to prevent these attacks.

A series of major digital security breaches over the past year are serving as a wake-up call to Corporate America about the need to invest in cybersecurity.

Friday brought yet another reminder of the risk of cyberattacks, when Microsoft (MSFT) said the hackers behind the 2020 Solar Winds breach launched a new attack on more than 150 government agencies, think tanks and other organizations globally.

But perhaps the most striking recent example is the Colonial Pipeline ransomware attack, which forced the company to shut down the pipeline temporarily — resulting in gas shortages and price spikes in multiple states over several days. The debacle cost Colonial at least $4.4 million, the amount its CEO admitted to paying the hackers.

In the weeks before the attack, the company had posted a job listing for a cybersecurity manager.

“As far as I know, this is the first cybersecurity incident that has led to a measurable economic impact on the American population,” said Jonathan Reiber, senior director for cybersecurity and policy at AttackIQ and the chief strategy officer for cyber policy under the Obama administration’s secretary of defense.

The takeaway from such security breaches, according to experts, is that it’s high time for companies to start investing in robust controls and, in particular, adding cybersecurity professionals to their teams.

The only hitch: There’s a massive, longstanding labor shortage in the cybersecurity industry.

“It’s a talent war,” said Bryan Orme, principal at GuidePoint Security. “There’s a shortage of supply and increased demand.”

Experts have been tracking the cybersecurity labor shortage for at least a decade — and now, a new surge in companies looking to hire following recent attacks could exacerbate the problem.

In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers, according to a 2020 survey by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs. (Full article.)

Fast forward to today in 2024, and the situation has only become worse.

A few weeks ago (June, 2024), members of Congress raised concerns over the shortage of cybersecurity professionals, which has now grown to a half million open jobs that cannot be filled.

Lawmakers Raise Concerns Over Cybersecurity Workforce Shortage

Members of Congress are sounding the alarm on the shortage of cybersecurity and IT workers across the United States, with lawmakers noting that there are over 500,000 open cyber positions.

During a House Homeland Security Committee hearing on June 26, Rep. Andrew Garbarino, R-N.Y., on behalf of the absent Chairman Mark E. Green, R-Tenn., underscored the bipartisan concern about the need to address the cybersecurity workforce gap.

“Experts predict that by the end of 2024, a cyberattack will strike every 13 seconds. That’s 6,822 attacks a day, or about 2 million by the end of the year,” stated Rep. Green in his opening statement.

“It is alarming, then, that our nation is suffering from such a massive cyber workforce gap. We currently need at least 500,000 cyber professionals if we hope to protect and defend our way of life,” added Rep. Green. “Now, that’s not just any 500,000 people – we need 500,000 skilled, talented cyber workers dedicated to contending with the threats of today while preparing for the threats of tomorrow.” (Full article.)

Earlier this month, on July 1, 2024, the House Committee on Homeland Security held two hearings to address America’s cybersecurity vulnerabilities.

WASHINGTON, D.C. –– Last week, the House Committee on Homeland Security held two hearings to address America’s cybersecurity vulnerabilities and examine potential solutions for the estimated two million cyberattacks the nation could face this year alone.

On Wednesday, the Committee held a hearing with government witnesses to examine the nation’s cybersecurity workforce shortage of 500,000 vacancies and help the United States maintain an edge in the cyber domain.

On Thursday, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) led a hearing to examine the United States’ critical infrastructure vulnerabilities and the role that cyber insurance can play in planning, response, and recovery efforts. (Source.)

On Thursday last week, the day before the Microsoft glitch, a top cybersecurity official at the State Department actually stated that he believed AI could help fill the gap of all those 500,000 unfilled cybersecurity job openings.

Computer’s policing themselves without human intervention?

State Dept. Paying Down Cyber Skills Debt With AI

A top cybersecurity official at the State Department said Tuesday that the agency is leveraging artificial intelligence (AI) to “buy back time” for the cyber workforce.

During a Federal News Network webinar titled “Paying down the cyber skills debt,” State Department Deputy Assistant Director for Cyber Threat and Investigations Ray Romano explained that the workforce is using AI broader than large language models (LLMs) to help increase efficiency.

“We truly believe that artificial intelligence can be an aide to our cyber workforce,” Romano said. “We look at it a little bit broader than just [LLMs]. That’s absolutely part of the conversation. But we are actually looking towards getting to automation.”

“We’re looking at anything that we can to buy back time for our employees. Our analysts, our SOC analysts, our threat intelligence analysts, our threat hunters, they just have too much work and there are just things that are not getting done,” he said. “We’re looking at all of our high-fidelity alerts, but our mediums and our lows aren’t getting as much love as maybe they should.”

Romano emphasized that AI can help the cyber workforce at the State Department automate some of its workflows, but that “we’re not there yet.”

“We’re in the in the crawl stage of crawl, walk, and run,” he said. (Full article.)

Of course then the very next day, one of the top cybersecurity firms in the U.S. took down millions of computers worldwide, by simply publishing a software update.

Government officials are none too happy with Microsoft this week.

David DiMolfetta, a cybersecurity reporter for Nextgov/FCW probably echoes the sentiments of many in D.C. today with his article published earlier today.

How the CrowdStrike outage carved out new opportunities for hackers

Former U.S. officials and security practitioners are wondering how a defective CrowdStrike patch for Windows systems fell through the cracks and created more cascading security risks.

In the wake of a scathing U.S. government report that faulted Microsoft for having a security culture that let Chinese hackers access the inboxes of top federal officials last year, CrowdStrike used the findings as leverage to promote its own cybersecurity services as safer alternatives.

“Considering Microsoft? It’s your adversaries’ favorite target,” says a web page advertising its offerings that garnered attention in the days following the release of the report from the Department of Homeland Security’s Cyber Safety Review Board. “Microsoft’s security products can’t even protect Microsoft. How can they protect you?” it adds.

The bold claims seemingly backfired when a faulty patch rolled out by CrowdStrike early Friday morning inadvertently crippled Microsoft-run devices around the world. The outages, which are still being remedied, hit as many as 8.5 million computers, Microsoft said in a Saturday blog post.

Compared to last year’s Chinese email hack — which targeted select federal government Microsoft Exchange inboxes — Friday’s outages were wider-ranging, more impactful and had real-time consequences that experts say have laid groundwork for future hacking schemes and scarred CrowdStrike’s reputation as a star player in the eyes of federal regulators.

“[The incident] demonstrates that even gold standard cybersecurity solutions in the market need to be cautious about how they frame what they’re capable of doing, based on the fact that, on any given day, something could go terribly wrong,” said Chris Cummiskey, a former DHS official who also served as chief information security officer for the State of Arizona.

“Every company I talked to was affected in some way.”

The recovery process will vary at each company, he said, estimating that a full, back-to-normal reset could take weeks or months. Some organizations’ IT staff will have to manually reboot machines one-by-one, sometimes through a single USB drive, the consultant said.

In some cases, companies will have to deal with an extra obstacle enabled by BitLocker — a Windows security tool that encrypts volumes of systems’ data to protect against unauthorized access — that’s stopping IT admins from lowering into their computers’ operating systems to extirpate the faulty update.

“It’s a ‘break glass, go fix everything’ scenario,” he said. “Every company I talked to was affected in some way.”

Hacker’s haven

The outage has already created secondary hacking opportunities being leveraged by cybercriminals. CrowdStrike and the Cybersecurity and Infrastructure Security Agency in DHS warned in a Saturday blog that hackers targeting Latin American customers are being sent sham messages with a folder dubbed “crowdstrike-hotfix.zip” that claims to clear out the contents that enabled the outages.

In reality, the code, if executed, lets hackers infiltrate a victim’s machine by secretly injecting malicious code into the core functions of Windows applications. This allows them to stealthily infect the machine with malware that can be used to sabotage the targeted computer.

But the scale may be greater than just those phishing scams, said Silas Cutler, an independent security researcher who spent seven years on CrowdStrike’s threat intelligence team.

When the feds come knocking

The incident soon prompted a statement from CISA Director Jen Easterly, who called the outages a “serious mistake” in a LinkedIn blog that also applauded CrowdStrike and its CEO George Kurtz for being “transparent, responsive, and professional” with the agency.

CISA itself was impacted, according to an analyst who spoke to Nextgov/FCW on the condition of anonymity because they were not permitted to provide updates on the internal status of the agency’s systems.

Several other federal entities said they were affected, including the Social Security Administration, Treasury Department, Customs & Border Protection and the GSA-managed Login platform used to verify government employees when they log into their workstations, which is often susceptible to outages at upstream providers. President Joe Biden was also briefed, the White House said.

The full extent of the outage’s impact on federal government operations is still not known. Crowdstrike is in wide use across federal agencies and it is a key vendor on the governmentwide Continuous Diagnostics and Mitigation cybersecurity support services contract. The company has also secured contracts with the Justice Department and State Department, according to GovTribe, a federal market intelligence platform owned by Nextgov/FCW parent company GovExec.

A senior administration official said Friday the White House has been convening agencies to assess impacts to the U.S. government’s operations and entities around the country. (Full article.)

Here are some more reports that have been published regarding the fallout from the Microsoft glitch, which the media is vastly under-reporting.

Neuberger: CrowdStrike Outage Highlights Need for Digital Resilience

Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, said that today’s CrowdStrike outage – one of the largest IT outages in history – highlights the need for a tough look at digital resilience capabilities.

The widespread outages – affecting Federal government agencies, airlines, banks, hospitals, and other essential sectors worldwide – were caused by a defective update to CrowdStrike’s Falcon security software that the cyber firm pushed to Windows operating systems early Friday morning.

Speaking at the Aspen Security summit in Colorado, Neuberger said her morning started with a 4 a.m. call from the White House Situation Room to brief her on the matter. Neuberger also said she made calls to CrowdStrike CEO George Kurtz and her counterparts around the world to offer the U.S. government’s help.

“I think it highlights both the degree to which our economies, our national security are now digital and interconnected in a fundamental way,” Neuberger said. (Full article.)

Big Tech Consolidation Amplified the CrowdStrike Outage

On Friday, an update to a cybersecurity program took down Microsoft systems across the globe. Microsoft has resisted efforts to regulate a root cause of this chaos: the concentration of digital infrastructure in the hands of a few tech giants.

A little more than a year before Microsoft’s systems crashed on Friday, creating global chaos in the banking, airline, and emergency service industries, the company pushed back against regulators investigating the risks of a handful of cloud services companies controlling the world’s technological infrastructure, according to documents we reviewed.

“Regulators should carefully avoid any intervention that might disturb the competitive offerings that have promoted the explosive innovation and growth attributable to the cloud,” the company wrote in response to the Federal Trade Commission’s 2023 review of cloud computing companies’ security practices and interoperability protocols.

The agency questioned whether these companies “invest sufficient resources in research and development” of systems upon which the economy and government rely.

Microsoft is blaming this week’s global cloud outages on an update from CrowdStrike, a cybersecurity firm whose software protects against hacks. The debacle comes two days after federal agencies released new guidance sounding additional alarms that Big Tech’s consolidation of cloud services could put consumers at serious risk.

It also comes one day after Microsoft’s cloud services experienced a separate outage in certain parts of the United States. (Full article.)

I think Big Tech is now finally starting to realize that there are certain problems that cannot be fixed by simply spending more money and “scaling” everything.

And one thing that cannot be “scaled”, is human intelligence from actual human beings.

Much of the human work force died or became disabled due to COVID-19 experimental “vaccines” in 2021-2022, and now it appears we do not have enough trained human laborers to run the technology, or protect us from its failures.

Technology is not going to replace humans or jobs, as it is very quickly creating more jobs than can be filled.

But technology might just destroy our country’s infrastructure, and collapse everything that is dependent upon it.

See Also:

Understand the Times We are Currently Living Through

American Christians are Biblically Illiterate Not Understanding the Difference Between The Old Covenant vs. The New Covenant

Exposing the Christian Zionism Cult

Jesus Would be Labeled as “Antisemitic” Today Because He Attacked the Jews and Warned His Followers About Their Evil Ways

Insider Exposes Freemasonry as the World’s Oldest Secret Religion and the Luciferian Plans for The New World Order

Identifying the Luciferian Globalists Implementing the New World Order – Who are the “Jews”?

The Brain Myth: Your Intellect and Thoughts Originate in Your Heart, Not Your Brain

Fact Check: “Christianity” and the Christian Religion is NOT Found in the Bible – The Person Jesus Christ Is

Christian Myths: The Bible does NOT Teach that it is Required for Believers in Jesus to “Join a Church”

Exposing Christian Myths: The Bible does NOT Teach that Believers Should Always Obey the Government

Was the U.S. Constitution Written to Protect “We the People” or “We the Globalists”? Were the Founding Fathers Godly Men or Servants of Satan?