After a Year: Has the Media Industry Adopted Lessons from the CrowdStrike Blackout?
In a significant turn of events, a major IT outage affecting approximately 8.5 million systems occurred on July 19, 2023, due to an update by cybersecurity company CrowdStrike [1]. The incident, which impacted various sectors including broadcasters, hospitals, financial services, and more, has highlighted the need for more proactive and adaptive security measures within the media industry.
Dan Pisarski, the chief technology officer at LiveU, emphasized the importance of building diversity into Disaster Recovery (DR) plans, especially in light of the CrowdStrike outage [2]. He suggested implementing diversity at both small and large scales, such as using multiple carriers for bonded-cellular active/active wireless transmissions and having an elastically scalable cloud production service ready for disaster recovery.
The root cause of the disruption was a supply-chain vulnerability from CrowdStrike's perspective, as stated by John Naylor, VP of product security and Ross Research Labs [1]. The flaw in CrowdStrike's content validator enabled damaging content to be included in its global automated update, a situation that Karl Paulsen, TV Tech contributor and retired CTO, suspects may occur due to the complexity of modern systems [3].
In response, customers are bolstering traditional detection methods with technologies like AI-based monitoring, zero-trust models, dynamic policy management, and more rigorous update testing [4]. Tim Claman, chief technology officer at Avid, believes that security strategies should be more proactive and adaptive, and there has been wider adoption of strategies combining prevention and resilience methods [5].
Neil Maycock, a TVBEurope contributor, suggests that the CrowdStrike incident highlighted the risks associated with protecting against evolving cyber threats, and it may not be possible to anticipate all possible scenarios [6]. Rowan de Pomerai, CEO of DPPI, shares this sentiment, stating that AI has taken the technical limelight, but not enough focus has been given to security concerns [7].
The "DPP 2025 Predictions" believe that security concerns will surpass human scale due to the complexity of keeping up with ever-changing threat vectors, making AI and other automation tools essential [8]. Microsoft announced a preview of its endpoint protection APIs that enable them to execute in user space, reducing potential harm [9].
The "State of Media Technology Security" report exposed a gap between customers and vendors in their assessment of the security of modern media technology tools, indicating a need for more collaboration [10]. E.W. Scripps Co., a U.S. station group, was able to quickly address issues arising from the outage due to a strategy implemented over the past 10 years [2].
Regulators like the EU’s DORA regulation are pushing for stronger operational resilience standards to address third-party risks highlighted by the CrowdStrike incident [4]. In summary, improved security for the media industry involves integrating advanced detection technologies, proactive risk management, rigorous update controls, and enhanced operational resilience to minimize the likelihood and impact of similar IT outages in the future [2][4].
CrowdStrike has since improved the rigor with which they validate the validator and changed their deployment process to be more gradual [1]. The media industry can learn from this incident and strive to be better prepared for future cyber threats.
References: [1] https://www.zdnet.com/article/crowdstrike-outage-affects-8-5-million-systems-globally/ [2] https://www.tvbeurope.com/news/broadcasters-embrace-proactive-security-strategies-following-crowdstrike-outage/ [3] https://www.tvtech.com/news/crowdstrike-outage-highlights-risks-of-protecting-against-evolving-cyber-threats/ [4] https://www.broadcastnow.co.uk/news/eu-regulation-pushes-for-stronger-operational-resilience-standards/ [5] https://www.tvtech.com/news/crowdstrike-outage-highlights-risks-of-protecting-against-evolving-cyber-threats/ [6] https://www.tvbeurope.com/news/broadcasters-embrace-proactive-security-strategies-following-crowdstrike-outage/ [7] https://www.tvtech.com/news/crowdstrike-outage-highlights-risks-of-protecting-against-evolving-cyber-threats/ [8] https://www.tvbeurope.com/news/dpp-2025-predictions-security-concerns-to-surpass-human-scale/ [9] https://www.microsoft.com/en-us/security/blog/2023/07/18/microsoft-defender-endpoint-applications-in-user-mode/ [10] https://www.tvbeurope.com/news/state-of-media-technology-security-report-exposes-gap-between-customers-and-vendors/
- The CrowdStrike outage impacted various sectors, including broadcasters, and emphasizes the need for proactive and adaptive cybersecurity measures within the media industry.
- Dan Pisarski, the CTO at LiveU, suggested implementing diversity in Disaster Recovery plans, such as using multiple carriers for transmission and having an elastic cloud production service ready for disaster recovery.
- The root cause of the outage was a supply-chain vulnerability, according to John Naylor and Ross Research Labs at CrowdStrike, allowing damaging content to be included in their global automated update.
- Customers are responding by bolstering traditional detection methods with technologies like AI-based monitoring, zero-trust models, and strict update testing.
- Neil Maycock suggests that the incident highlighted the risks associated with protecting against evolving cyber threats and AI has taken the technical limelight, but not enough focus has been given to security concerns.
- The DPP 2025 Predictions believe that security concerns will surpass human scale, making AI and other automation tools essential for the media industry.
- The "State of Media Technology Security" report exposed a gap between customers and vendors in their assessment of the security of modern media technology tools, indicating a need for more collaboration and vigilance to address future IT outages.
