CrowdStrike fiasco: Wake-up call for national software sovereignty

A single defect in a cybersecurity update from CrowdStrike disrupted key internet services worldwide, highlighting the crucial importance of local software. This incident has shown the dangers of relying on foreign tech. With 99% of cybersecurity software being foreign, columnist Omer Temur suggests Türkiye must prioritize national solutions to protect its digital infrastructure.

Why it matters

The CrowdStrike incident has illuminated a crucial issue: the strategic importance of domestic software applications, much like their role in defense technologies. As the world increasingly gravitates toward centralized digital systems, maintaining cybersecurity through local solutions has never been more critical.

What happened

Microsoft estimates that 8.5 million computers were affected globally by the IT outage, marking it as potentially the worst cyber event in history. The world faced a small-scale digital apocalypse; airports halted flights, hospitals canceled emergency surgeries, banks stopped fund transfers, and gas stations and ATMs failed to function.

• Apology and recovery efforts: CrowdStrike CEO George Kurtz has apologized and stated that engineers deployed an update to fix the problem. A significant number of affected devices are now operational.
• Financial impact: Patrick Anderson, CEO of Anderson Economic Group, estimates that the overall costs from the outage could exceed $1 billion.
• Congressional inquiry: Top House lawmakers have requested Kurtz to testify about the incident, emphasizing the need to understand the causes, national security risks, and preventive measures.

Big picture

The CrowdStrike incident has highlighted the need for robust national software solutions to safeguard against global digital disruptions, reinforcing the strategic importance of local applications in maintaining national security.

Zoom in

• Digital centralization threat: The world is moving toward a centralized digital structure, leading to increased dependency on global companies. Without Microsoft Windows, SAP for business processes, or Google for information access, operations become nearly impossible.
• Android ban reminder: The incident echoes the 2019 ban on Huawei by Google Store under former President Donald Trump. Past examples include social media platforms like Facebook and Twitter resisting local representation and SAP’s pressure on Turkish companies.

Between the lines

The software sector is as crucial as defense, as national software reduces dependency and vulnerability in the cyber realm. Employing domestic software for unmanned aerial vehicles and other critical functions is essential to mitigate risks associated with foreign software, especially during conflicts or emergencies.

The recent global software disruption highlighted these risks, with countries like Russia and China, which rely on local software, remaining largely unaffected. To guard against the influence of monopolies such as Microsoft, Türkiye must diversify its software sources and make full use of open-source systems like Pardus.

Pardus: Missed opportunity for Türkiye

Türkiye once embarked on creating its own operating system, Pardus. In 2003, the Scientific and Technological Research Council of Türkiye (TUBITAK) assembled top Turkish engineers to develop this Linux-based OS, releasing its first version in 2005. Despite efforts to implement Pardus in state institutions, the project lost momentum in 2011 when its core team was disbanded. Though development continues, Pardus remains just another Linux distribution, failing to achieve its full potential.

What experts say

• TOBB Software Council Chair Ertan Barut emphasizes the need for countries to develop and use their own software for critical infrastructures.
• Informatics Law Association Chair Kursat Ergun considers software technologies a national security issue. The CrowdStrike incident served as a global warning.
• Global Informatics Association President Senol Vatansever believes TUBITAK’s Pardus could mitigate such crises if implemented for critical systems.
• Turkish Informatics Association President Rahmi Aktepe notes that 99% of cybersecurity software in Türkiye is foreign-made, mainly from Israel, questioning the nation’s cybersecurity claims.

In a nutshell

The CrowdStrike fiasco has highlighted the urgent need for nations to develop and maintain their own software solutions. Relying on foreign software poses significant risks, as seen in the widespread disruptions caused by a single update error. Türkiye must prioritize domestic software development to safeguard its digital infrastructure and national security.