Intellectual Property Litigation, Protection, Prosecution and AI Legal Matters
The CrowdStrike® Global Tech Outage
The Future of Cybersecurity, IT Blackouts and Related AI Legal Issues
On Friday July 19, 2024, CrowdStrike® Holdings, one of the largest cybersecurity technology companies in the world, announced that a faulty software update caused a global computer outage which ultimately disrupted many important aspects of a modern data-driven world. Airlines were forced to ground flights, banks were forced to postpone transactions, hospitals and 911 centers were forced to postpone emergency situations, courts were forced to close, and many global businesses and governments that rely on cloud-based CrowdStrike® as their cybersecurity provider were forced to limit operations. Because CrowdStrike’s AI-Native programs require very deep and privileged access into its customers’ IT systems, it can create a huge impact in an AI and data driven world, if there is a failure, as here, with a code error in a software update.
According to its website, CrowdStrike® is used by 43 of 50 U.S. states, 298 of the Fortune 500 companies, 8 of the top financial services firms, 7 out of the top 10 manufacturers, 6 out of the top 10 healthcare providers, and 8 out of the top 10 technology firms. Thankfully, CrowdSrike’s CEO George Kurtz, announced via X (formerly known as Twitter) that the outage was not caused by any security breach or cyberattack and reiterated that the customers of CrowdStrike® were protected. A failure such as this is known as a single-point failure in the IT industry, or otherwise an error in a single part of a system that creates a technical issue across many industries, and across various functions/communications of networks. The single-point failure is a real-world example of the initiation of a generative AI (dubbed AI-Native by CrowdStrike®) and data-internet-computer domino effect which can create an IT Blackout. IT experts are already raising questions about over-centralization and a lack of redundancy in the cybersecurity industry. CrowdStrike® uses AI powered behavioral analysis and machine analytics to predict user behavior and patterns, and to foresee and head off cyber threats.
Companies with contracts with CrowdStrike® will likely be exploring remedies if they suffered damages in real dollars or opportunity time. There may also be downstream commerce issues where certain institutions were impacted and their downstream customers were also impacted. There will be examinations of this event on both the technical and legal sides of the equation. It is not inconceivable that class actions may be filed even in anticipation of multiple claimants. Legal actions are expected against CrowdStrike® itself and claims up and down the commerce stream between clients, vendors and customers. Defendants may turn to their cybersecurity insurance carriers to attempt to navigate the complicated world of data privacy, cybersecurity, data breach and related insurance coverages. Many such policies for small businesses carry small liability limits and self-eroding policies brought down in limits by defense costs. These cyber data insurance policy endorsements or riders to such policies may get a workout. Investigating immediately the scope and availability of insurance coverage will be key assisting clients in litigation.*
A single-point failure poses many questions, even though a company like CrowdStrike® is essentially a back-office product designed to protect data from attack. It is not Google or Bing in the forefront, but a failure like this one, even in the background, can cause visible and front-end issues across a broad spectrum of programs (like Microsoft) and businesses, as this event demonstrates. CrowdStrike® is known as “endpoint security”, but it relies on what it calls AI-Native technology which can be placed into the forefront of the data world very quickly. Its products are heavily reliant on AI technology. How reliant are we on only a handful of cybersecurity cloud vendors? Should an event such as this cause regulators to closely monitor the vulnerability of this occurring again? Will future regulations lead to overregulation? But, most importantly, how prepared is your organization when a single failure causes a system to shut down entirely? What is the plan B? Additionally, a global IT outage potentially presents claims, litigation and lawsuits as organizations attempt to recoup losses that were suffered during the downtime. The actions your organization takes when an IT/cybersecurity outage occurs matter and every company needs to be aware of “Security Breach Notification Laws” in every state for their affected customers and clients. Litigation will certainly ensue from these types of events and businesses will need lawyers with knowledge of cybersecurity, data protection, artificial intelligence and the workings of the internet to protect their interests.
*Insurers are already estimating over $5 Billion in potential claims across multiple industries
CrowdStrike® is a federally registered trademark of CrowdStrike, Inc. a Delaware Corporation
CrowdStrike® | Cybersecurity | IT Blackouts | Generative AI Legal Issues | Cyber Insurance | Lawyers | Insurance
About Us
The IP and Trade Secret attorneys at Houston Harbaugh, P.C., have extensive courtroom, jury and non-jury trial and tribunal experience representing industrial, financial, individual and business clients in IP counseling, infringement litigation, trade secret protection and misappropriation litigation, and the overall creation and protection of intellectual property rights in an AI driven world. From our law office in Pittsburgh, we serve clients in Pennsylvania and other states. Our Trade Secret Law Practice is federally trademark identified by DTSALaw®. We practice before the United States Patent and Trademark Office (USPTO) and we and our partners and affiliates apply for and prosecute applications for patents, trademarks and copyrights. IP section chair Henry Sneath, in addition to his litigation practice, is currently serving as a Special Master in the United States District Court for the Western District of Pennsylvania in complex patent litigation by appointment of the court. Pittsburgh, Pennsylvania Intellectual Property Lawyers | Infringement Litigation | Attorneys | Patent, Trademark, Copyright | DTSALaw® | AI
Henry M. Sneath - Practice Chair
Co-Chair of Houston Harbaugh’s Litigation Practice, and Chair of its Intellectual Property Practice, Henry Sneath is a trial attorney, mediator, arbitrator and Federal Court Approved Mediation Neutral and Special Master with extensive federal and state court trial experience in cases involving commercial disputes, breach of contract litigation, intellectual property matters, patent, trademark and copyright infringement, trade secret misappropriation, DTSA claims, cyber security and data breach prevention, mitigation and litigation, probate trusts and estates litigation, construction claims, eminent domain, professional negligence lawsuits, pharmaceutical, products liability and catastrophic injury litigation, insurance coverage, and insurance bad faith claims. He is currently serving as both lead trial counsel and local co-trial counsel in complex business and breach of contract litigation, patent infringement, trademark infringement and Lanham Act claims, products liability and catastrophic injury matters, and in matters related to cybersecurity, probate trusts and estates, employment, trade secrets, federal Defend Trade Secrets Act (DTSA) and restrictive covenant claims. Pittsburgh, Pennsylvania Business Litigation and Intellectual Property Lawyer. DTSALaw® PSMNLaw®