The Kernel of the Matter: CrowdStrike and the Future of Software Regulation

The July 2024 CrowdStrike saga reflected the incredibly fragile software ecosystem which  sustains modern life as we know it. The neglect of basic principles of software development by just one vendor brought down 8.5 million computers and an array of essential services around the world. Indeed, the incident demonstrated the self-made threat to our very existence from our failure to regulate software security. We have allowed vendors themselves to govern the security of their products and thus evade accountability for harms from their insecure products to our economic wellbeing, public health and national security. Governments have also failed to robustly check concentrations in markets for (security-critical) software, amplifying the software security problem. In turn, we face systemic national security risks of the sort that were indeed realised in the CrowdStrike incident.

To interrogate these issues and meditate on ideal multi-stakeholder policy responses, join the Social Cyber Institute for a discussion with experts on software and cyber security policy.

SPEAKERS

• Dr Alexandra Paulus:

  Dr. Alexandra Paulus is a Researcher for cybersecurity policy and emerging technologies at the German Institute for International and Security Affairs (SWP), a Berlin-based foreign and security policy think tank. Her expertise covers cybersecurity policy, cyber diplomacy, and German and European cyber foreign policy. Her current research focuses on securing military software supply chains. Previous projects include the official public political attribution of cyber operations, the nexus between cyber norms implementation and cyber capacity-building, and governmental responses to cyber operations. Previous to her position at SWP, Alexandra was Project Director for Cybersecurity Policy and Resilience at tech policy think tank interface, completed her Ph.D. on Brazil's role in the construction of global cyber norms, and did cybersecurity policy consulting for the European External Action Service and the German Federal Foreign Office.

• Ravi Nayyar:

  Ravi Nayyar is an Associate Fellow of the Social Cyber Institute and PhD Scholar at the University of Sydney. His research concerns how critical software regulation fits into critical infrastructure regulation, with theoretical foundations in regulatory theory and corporate governance. He has worked in technology law and policy, including for the OECD and as a non-resident Guest Fellow at the German Institute for Global and Area Studies. A published author, he continues to write extensively on cyber law and policy, including for his blog, ‘A Techno-Legal Update’.