Passengers gather and wait at Madrid-Barajas International Airport due to the global communications outage caused by CrowdStrike, which provides cyber security services to US technology company Microsoft, on July 19, 2024 in Madrid, Spain. Photo: VCG
How China was largely unaffected in the significant tech outage caused by a routine update of CrowdStrike's cybersecurity software has drawn considerable scrutiny. A number of Western media outlets, such as the BBC and CNBC, mentioned that China managed to escape largely unscathed because CrowdStrike is hardly used in the country.
For those who may have further questions, it is important to note that as one of the most important cybersecurity companies in the US, CrowdStrike has made almost no attempt to expand its business in the Chinese market. Instead, it has often made baseless attacks and accusations against China and Chinese companies. Because of this, many Chinese companies don't use CrowdStrike's software.
For instance, the company said in its latest annual cyber threat report that last year, "China-nexus adversaries continued to operate at an unmatched pace across the global landscape, leveraging stealth and scale to collect targeted group surveillance data, strategic intelligence and intellectual property."
However, the company's strategy of smearing and excluding China has unexpectedly made the country one of the least affected major economies in the latest tech outage.
The irony should spark a reflection on who is the real threat to cybersecurity in the world. This could also serve as a chance for people to question the real purposes behind CrowdStrike's previous accusations against China's cybersecurity.
Despite CrowdStrike's esteemed reputation in the global cybersecurity field, this incident serves as a stark reminder that even top cybersecurity companies are not immune to significant technological challenges.
The event has cast doubt on CrowdStrike's own cybersecurity capabilities and undermined trust in the entire cybersecurity industry. Users often place excessive reliance on a limited number of companies for security solutions, leaving their interests vulnerable to potential harm when these solutions falter. This outage vividly illustrates how risky it is to have only a few key players exerting too much control in the cybersecurity field.
CrowdStrike frequently utilizes criticism of China as a strategic marketing tactic, leveraging cybersecurity concerns to bolster its appeal and gain an edge over competitors in the Western market. By casting aspersions on China and accusing Chinese firms of "intellectual property theft," the company may be seeking to limit the market presence of top Chinese companies' cloud services. This exclusionary conduct masked as security measures may help solidify its market dominance by instilling fear and doubt in the short term, but the approach disregards the essence of genuine cybersecurity, which should prioritize international collaboration and information sharing over unilateral accusations and isolationism.
The consequences of this practice on global cybersecurity are evident - rather than enhancing security, they may actually increase vulnerabilities. CrowdStrike's security products failed to protect users from threats and ironically become threats themselves, putting users at risk and undermining trust in the cybersecurity industry.
The case calls for deep reflection, since cybersecurity should not be viewed as a zero-sum game. In today's globalized world, all countries and companies face the challenge of cybersecurity. Playing up the "China threat" and excluding Chinese companies has not yielded the expected security improvements in the West, but may instead have led to overlooking broader security threats due to a narrow-minded perspective.
The approach of excluding competitors may offer short-term market advantages, but in the long run, it is short-sighted and may result in market monopolies that stifle innovation and competition within the industry. Continuous technological innovation and knowledge updates are crucial in the field of cybersecurity.
The outage also highlights the importance of not relying solely on a single security product or service. Companies must establish their own security cultures and mechanisms, and enhance their security awareness and capabilities to mitigate risks. Relying on a single security provider may increase vulnerabilities, as any issues faced by the provider could compromise the entire security infrastructure.