From their WatchBlog:
Earlier this month, a software update from the cybersecurity firm CrowdStrike caused Microsoft Windows operating systems to crash—resulting in potentially the largest IT outage in history.
Disruptions were widespread. Around the world, businesses and services were unable to operate as computers crashed, and some critical infrastructure sectors (like transportation, healthcare, and finance) were disrupted. For example, commercial flights were grounded, critical hospital care was interrupted, and financial institutions were unable to service clients.
Here at GAO, we have long highlighted concerns for Congress about IT vulnerabilities, a lack of security awareness, poor cyber hygiene, and a need for more cyber preventative measures to combat disruptions like the CrowdStrike outage. In our prior work, we have identified risks to the nation’s critical infrastructure sectors and in the supply chain of software supporting IT systems.
Today’s WatchBlog post looks at this work, including our June update to the High Risk List.
Read more at Government Accountability Office.