What the McDonald’s Outage Tells Us About Cybersecurity

McDonald’s suffered a global technology outage last week which left many customers jonesing for french fries – some were even driven to the extreme of trying to pay with cash.  While this didn’t reach the level of a global health crisis, it was nonetheless painful for McDonald’s customers and franchisees and left a blot on McDonald’s “always there for you” reputation. At least we were reassured that the outage was not related to a cybersecurity issue.  But we should pause before our sigh of relief at this information.  Why is this outage less worrisome because it was caused by error and not attack?  Systems were down, money was lost, food was unavailable.  We need to stop thinking about the mode of disruption as salient in our response to a disruption.  Despite the black hat/white hat gunslinger mentality of the cybersecurity marketplace, good cybersecurity is about keeping systems running, not about catching bad guys.  From this point of view, cybersecurity is just one aspect of good system management.  Once we start thinking this way, we can begin to make real strides in technical solutions to keep our systems safe – from attack, from error, from natural disasters, whatever.  That is the type of solution we want to invest in.