July 19 saw a CrowdStrike update taking down countless Microsoft systems, disrupting flights, surgeries, banking and more all over the world. The incredible impact this single outage had shows the importance of digital resilience, especially in the public sector. This can only credibly be achieved by decentralization and diversity in infrastructure and technology.
Incredible impact of CrowdStrike-Microsoft outage
While German satirical news site Der Postillion noted that fax machines were not impacted so the German public sector was fine, the effects could be felt everywhere.
Many politicians have already come out with statements about digital resiliency. In the Netherlands the minister of Justice noted there should be plans to deal with the fall-out of events like this. “Concentrating production can concentrate risk, so that a single natural disaster or disruption has cascading effects,” US Federal Trade Commission chair Lina Khan wrote in a series of posts on X.
Existing and upcoming legislation
There is a number of legislative initatives to protect the resilience of infrastructure. Examples include DORA, the Digital Operational Resilience Act, for the financial sector, coming 2025, and the Cyber Resilience Act (CRA) for consumer technology. The Directive on Security of Network and Information Systems, NIS, specifically targets the protection and resilience of critical infrastructure and digital services, mandating security measures and incident reporting.
In the US, the Federal Information Security Management Act (FISMA) mandates federal agencies to implement an information security program, including measures to mitigate the impact of IT outages. Additionally, there’s a National Institute of Standards and Technology (NIST) Framework that provides guidelines for improving critical infrastructure cybersecurity.
But none of the regulations seem to effectively tackle risks related to the centralization of IT. This means that the digital sovereignty and resilience of the public sector, as well as hospitals, banks and other critical infrastructure, continues to be critically endangered. A mono-culture of services delivered by just a handful of big tech firms threatens the continuity of service in case of mistakes, cyber-attacks and political conflicts.
Solutions
While this was just a mistake, a sustained cyber attack would have far more devastating consequences, and that is not to speak of attacks on physical infrastructure. Underseas cables are incredibly vulnerable, and in 2021 Russia also showed that satellites can be downed by rockets.
The key to digital resilience is decentralization and heterogeneity. In the end, every IT system will go down at some point. An over-reliance on a single service is thus inevitably a risk. Even if that vendor is ‚too big too fail‘ and has tons of redundancy and data centers.
Decentralize and federate
The public sector in particular should be following a focused strategy to differentiate their IT infrastructure, reducing the reliance on a small number of big tech giants.
First, a strong multi-vendor, multi-platform strategy can do wonders against cyber threats. But beyond that, the solutions themselves should be less centralized.
The cloud itself is a particular risk – globally connected datacenters might have a bigger capacity to absorb denial of service attacks, but they are simultaneously more vulnerable to mistakes and more advanced cyber attacks. Technologies that are fundamentally distributed and federated, rather than relying on a single point of failure, offer a big advantage.
With on-premises solutions, the most critical platforms can even be entirely air gapped, disconnected from the internet, either all the time or in response to attacks. This can ensure their availability even in the worst case scenario.
Open Source brings resilience
Open source solutions are not only more robust in the face of constant security threats. They also provide more transparency in their functioning. When there are issues, engineers can dive deeper than in black-box solutions, to the point where they simply read the code or even modify it to add extra information to hunt down problems. Patches from vendors like Crowdstrike, if they were open source, could be scrutinised before deployment.
Perhaps most importantly, access to their source and more widely distributed knowledge of their code base means open source products can be patched and fixed during emergencies even without vendor help.
There are solutions to the risks and economic damage caused by our dependence on just a few big tech vendors. It’s time for decisions now.
Webinar: How Schleswig-Holstein and Nextcloud collaborate on a sovereign workplace
Schleswig-Holstein is transforming its state administration by adopting open-source solutions, with a key focus on the Nextcloud Hub collaboration platform. Watch back our webinar with Felix Gebauer, Program Lead and Project Manager at the Schleswig-Holstein State Administration.
Unternehmen, ob klein oder groß, brauchen eine Möglichkeit, die Ausfallsicherheit und digitale Souveränität ihrer Abläufe zu gewährleisten - eine Open-Source-Alternative zu Teams, die die Privatsphäre respektiert. Und heute stellen wir diese Lösung vor - Nextcloud Talk.
Bechtle und Nextcloud kündigen heute eine vollständig verwaltete Kollaborationsplattform für den öffentlichen Sektor an, die keiner Ausschreibung bedarf und sofort bereitgestellt werden kann.
Our mission is to help individuals, businesses and organizations achieve digital sovereignty and regain control over their data. Nextcloud Hub 5 marks a massive step forward towards achieving this mission, putting the power of AI into your hands – in a way that keeps you in control. New release, new possibilities Hub 5 builds on […]
In this article, we find out how open-source AI gets you your privacy back and explore examples of reliable AI models that you can use in your ecosystem.
On December 3rd, we invite you to the Nextcloud Enterprise Day Paris, Nextcloud's flagship event for professionals. The day will kick off with a keynote by our CEO and founder, Frank Karlitschek—a highlight where he will share our vision for the future of online collaboration, followed by a major announcement about Nextcloud Talk!
Wir speichern einige Cookies, um Besucher zu zählen und die Nutzung der Website zu erleichtern. Diese verlassen unseren Server nicht und dienen nicht der Verfolgung Ihrer online-Aktivitäten.
Weitere Informationen hierzu finden Sie in unserer Datenschutzrichtlinie. Anpassen
Statistik-Cookies sammeln anonym Informationen und helfen uns zu verstehen, wie unsere Besucher unsere Website nutzen. Wir verwenden cloud-gehostetes Matomo
Matomo
_pk_ses*: Zählt den ersten Besuch des Benutzers
_pk_id*: Hilft, die Besuche nicht doppelt zu zählen.
mtm_cookie_consent: Erinnert daran, dass der Nutzer seine Zustimmung zur Speicherung und Verwendung von Cookies gegeben hat.
_pk_ses*: 30 Minuten
_pk_id*: 28 Tage
mtm_cookie_consent: 30 Tage