Peter Jacobsen discusses the July technical and financial fiasco as a faulty software patch from CrowdStrike took down huge segments of the online economy and how regulatory capture may explain why the outage was so widespread:
On July 19th, something peculiar struck workers and consumers around the world. A global computer outage brought many industries to a sudden halt. Employees at airports, financial institutions, and other businesses showed up to work only to find that they had no access to company systems. The fallout of the outage was huge. Experts estimate that it totaled businesses $5 billion in direct costs.
The company responsible, CrowdStrike, was also severely impacted. Shareholders lost about $25 billion in value, and some are suing the company. The outage has led to expectations of, and calls for, stricter regulations in the industry.
But how did the blunder of one company lead to such a massive outage? It turns out that the supposed solution of “regulation” may have been one of the primary culprits.
Regulatory Compliance
CrowdStrike, ironically, is a cybersecurity firm. In theory, they protect business networks and provide “cloud security” for online cloud computing systems.
Cloud security, in and of itself, is likely a service that businesses would demand on the market, but the benefit of increased security isn’t the only reason that businesses go to CrowdStrike. On their own website, the company boasts about one of its most important features: regulatory compliance.
[…]
When experts who have relationships with companies are called in to help write regulations, they may do so in a way favorable to industry insiders rather than outsiders. Thus, regulation is “captured” by the subjects of regulation.
We can’t say with certainty that this particular outage is the result of an intentional regulatory capture by CrowdStrike, but it seems clear that CrowdStrike’s dominance is, at least in part, a result of the regulatory environment, and, like most large tech companies, they’re not afraid to spend money lobbying.
In any case, without cumbersome regulations, it’s unlikely that cybersecurity would take on such a centralized form. Despite this, as is often the case, issues caused by regulation often lead to more calls for regulation. As economist Ludwig von Mises pointed out:
Popular opinion ascribes all these evils to the capitalistic system. As a remedy for the undesirable effects of interventionism they ask for still more interventionism. They blame capitalism for the effects of the actions of governments which pursue an anti-capitalistic policy.
So despite the reflexive call for regulation that happens after any disaster, perhaps the best way to avoid problems like this would be to argue that in terms of regulation, less is more.