Police department and city staff restored more than 1,500 computers to service after the global CrowdStrike outage that bricked millions of Microsoft machines July 18-19, according to officials. Now that the emergency has shown how broad and devastating a single company’s software mistake can be, how is the city planning for similar events in the future?
Cambridge police and city operations didn’t suffer serious impacts from the breakdown, but part of that may have been because of luck. The police department’s computer-aided dispatch system, which responds to 911 calls, failed. But police also ordinarily use radios to communicate in the field, so those radios could replace the affected computer system, spokesperson Robert Goulston said.
Meanwhile, six or seven police information-technology workers were working to restore 690 police computers, including those in cruisers. Superintendent Pauline Wells, in charge of operations, said the morning after the outage that technicians had to restore each computer individually because CrowdStrike couldn’t send out a fix immediately for the defective security system update that crashed computers running the Microsoft operating system around the world. Wells said the police computers failed shortly after midnight July 19 and were operating by 4 a.m.
As for the city, spokesperson Jeremy Warnick said information technology staff “serviced about 900 computers and were able to get them all functional after examining or servicing them. Additionally, all critical servers were restored by 6:30 a.m. on Friday.” There were no major impacts.
Asked how the city and police are planning for a future breakdown, Warnick and Goulston didn’t provide much that was specific. Goulston said the police need to perform a “technology post-mortem” but didn’t answer when asked when that would happen. Warnick said the city “is always evaluating our IT systems and performance” and added that Cambridge expects to keep using CrowdStrike “as our security vendor.”
Keri Pearlson, a senior lecturer in the MIT Sloan School of Management and executive director of Cybersecurity at MIT Sloan, said organizations typically plan for cyberattacks in which they focus on “tools to make sure we’re protected.” An event such as the CrowdStrike outage illustrates the need for a different kind of preparation, one focused on “resiliency,” she said.
“Resiliency means a bad thing happens and you plan for that event so you can respond quicker and more appropriately,” Pearlson said. Such planning would involve “people, processes and technology, not just IT. If you can’t use email, what would you do instead; if the phone goes down, what would you do instead.”
“The idea would be you now have the experience [of CrowdStrike], so assume that kind of thing will happen again. Your systems, processes and people are vulnerable,” Pearlson said. Another emergency like CrowdStrike “will surely happen again.”
A stronger
Please consider making a financial contribution to maintain, expand and improve Cambridge Day.
We are now a 501(c)(3) nonprofit and all donations are tax deductible.
Please consider a recurring contribution.
