Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Cyber security plan to deal with IT outage crisis was delayed because of election

Former security minister Stephen McPartland carried out a cyber review with recommendations which would have helped deal with the IT outage crisis

David Maddox
Political editor
Friday 19 July 2024 13:39 EDT
Comments
CrowdStrike CEO breaks silence after global outage

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The author of a major review into cyber security says recommendations he made in February would have helped tackle the major IT outage crisis today.

Stephen McPartland came up with a number of recommendations in his review, including that the government should set up a cyber charter to allow major companies to share good practice and work together to help tackle wide-reaching IT failures which bring company operations to a halt.

But, despite the McPartland Review being published in February, there was no time to bring the recommendations into force because Mr Sunak called the general election in May.

The Tories said they would adopt his proposals but Labour has not made any guarantee, with the report currently sitting on the shelf.

(AP)

Mr McPartland’s intervention comes after aircraft were grounded, the NHS’s operations were disrupted, CBBC and Sky television were unable to broadcast, and companies were unable operate during an IT outage caused by an update from the cyber security company Crowdstrike.

Mr McPartland told The Independent: “The mass worldwide IT outage is a clear example of the vulnerability of large organisations to their third party critical suppliers. The impact being felt by businesses and their consumers, shows how fragile our economic resilience is in more digitised economies.

“The McPartland Review made cyber resilience and securing supply chains the first recommendation and called on the government to launch a cyber charter to incentivise this through the tax system.

“The government must work with industry to implement the recommendations and get on with launching a cyber charter as even businesses with robust cyber security measures within their own networks remain exposed to risks stemming from their partners and suppliers.”

A passenger looks at delayed flights
A passenger looks at delayed flights (Copyright 2024 The Associated Press. All rights reserved)

His top recommendation would have ensured that companies were prepared to work to fix the problem which in this case was caused by a flawed update in Microsoft systems.

The report said: “Government should launch a cyber charter that will empower large companies to share their cyber security expertise and resources with their 3rd party critical suppliers.

“The cyber charter will help them achieve the Cyber Essentials standard, which is a simple and effective way to protect their systems from the most common cyber attacks. Government should also provide clear incentives for investment in cyber security by improving awareness of existing tax reliefs for cyber security costs, such as software, hardware, or training, including the annual investment allowance for eligible capital expenditure which can cover up to £1m per year. This will enable businesses to invest in cyber security with confidence, knowing that they can reduce their tax bill and enhance their cyber resilience.

“By investing in cyber security, businesses can safeguard their data, customers, and reputation from cyber threats.”

The chief executive of CrowdStrike said he is "deeply sorry" for the incident but warned it would take time for systems to be fully restored.

George Kurtz said a fix had been deployed for a bug in an update which affected Microsoft Windows PCs, knocking many offline around the world, causing flight and train cancellations and crippling some healthcare systems.

In an interview with NBC's Today Show in the US, Mr Kurtz said: "We've been on with our customers all night and working with them - many of our customers are rebooting the system and it's coming up and operational because we fixed it on our end.

"Some of the systems that aren't recovering, we're working with them, so it could be some time for some systems that just automatically won't recover, but it is our mission to make sure that every customer is fully recovered and we're not going to relent until we get every customer back to where they were and we'll continue to protect them and keep the bad guys out of their systems."

Asked whether he thought an outage of this scale was possible, the CrowdStrike founder said: "Software is a very complex world and there's a lot of interactions, and always staying ahead of the adversary is a tall task."

In a post to X, formerly Twitter, Mr Kurtz reiterated that the outage "was not a security or cyber incident".

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in