#96 Examining The Union Budget's Space Announcements
Analysing Space Budget 2024 and Other Announcements; Looking beyond the infamous file 291 - Drawing the right lessons from the CrowdStrike outage
Today, Ashwin Prasad opines on recent announcements concerning the Space sector made in the Union Budget 2024. In his inaugural post, Lokendra Sharma comments on the importance of learning the right lessons from the CrowdStrike outage.
Course Advertisement: Intake for the next cohort of the Graduate Certificate in Public Policy Course (GCPP) closes soon. The GCPP will equip you with policy fundamentals and connect you to over five thousand people interested in improving India’s governance. Check all details here.
Antariksh Matters: Analysing Space Budget 2024 and Other Announcements
— Ashwin Prasad
**The ideas mentioned in this post were first published in an article published in The Print here**
Space technology has figured in quite a few important government announcements in the last few weeks. First, in the 2024-25 budget, the Department of Space received a staggering 18% hike over last year's expenses. Second, the budget announced a ₹1000 Crore venture capital fund for space technology. Third, the Union government has invited the domestic industry to build and run earth observation satellite systems under a PPP model. There is a lot to unpack in each one of these.
A hike--yes, but not 18%
While the allocated budget was ₹12543.91 crores in the previous financial year, the revised estimate was ₹11070.07 crores--lower by ₹1,473.84 crores. When comparing the budget estimates of the previous financial year to this one, the actual increase is only about 4%. The perceived increase in budget is due to the Department of Space and ISRO underutilising its budget.
Figure 1: Author’s Visualisation
The initial budget estimates show the government's goals and plans for space activities at the beginning of the financial year. The revised estimates provide a more accurate representation of expected expenditures, and the actual numbers reflect the amount the Department of Space ultimately spent.
The fact that the revised estimates and actual expenditures always fall short of the budget estimates indicates a lack of fulfilment of the government's objectives every year. On the other hand, the consistency in the budget allocated each year shows that the government recognises the importance of space activities and supports its ambitions.
The ₹1000 crore Venture Capital Fund
Space technology is capital-intensive, and the government continues to try to help the country's startups by acquiring minority stakes in them as an investor. However, this approach has a few issues.
Startups (even those needing investments) might not want to divulge their equity. Additionally, ₹1000 crores is peanuts when it comes to the space sector. While this is still a good start and will send a positive signal to the stakeholders in the space ecosystem, there are better ways for the government to spend these ₹1000 crores--not as an investor but as a customer.
Government as a customer
The recent move inviting the industry to set up remote sensing satellites is an excellent example. Compared to investments, the government is much better served by using public funds to purchase end-to-end services from space companies in India. This can also become a way for the Department of Space to better utilise its budgets.Â
Government contracts in the space sector play two key roles: stabilising demand and boosting investor confidence. Together, these factors create a competitive environment that enables the most capable space companies to secure government contracts, which will then attract investments. This system provides funding opportunities for successful companies and incentivises industry competition. A positive cycle emerges where companies strive for excellence to win contracts, leading to increased innovation and improved capabilities.
This virtuous cycle is amplified by the recent liberalisation of India's Foreign Direct Investment (FDI) policy, which has opened the door for foreign investors in the country's space sector. Ultimately, this approach fosters growth and advancement in the Indian space sector.
Announcing Takshashila’s Expert Capsule Course on Life Science Policy!
Life science policy covers a vast array of laws, policies, and guidelines that govern research and the use of life science in India. If you are interested in understanding how India approaches life science policy—be it funding research, governing emerging technologies, or responding to pandemics—this course is for you.
You can also check out our other upcoming offerings here.
Cyberpolitik: Looking beyond the infamous file 291 - Drawing the right lessons from the CrowdStrike outage
— Lokendra Sharma
**This piece first appeared as a blog post on the Takshashila website on 13 August 2024**
On 19 July, millions of computer systems worldwide began crashing and displaying the blue screen of death. The outage was seemingly indiscriminate. Users ranging from airlines to hospitals, tech companies to broadcasters, and banks to retail outlets were all at the receiving end. The chaos and dust have since settled down, and most systems have returned to normalcy. However, this tech outage will pale in comparison to future ones if the proper lessons are not learned.
Anatomy of a tech outage
Microsoft estimates that the outage affected 8.5 million or about 1 percent of Windows devices. The outage itself was caused by a faulty update by CrowdStrike, a cybersecurity firm based out of Texas, United States. More specifically, by an update that was pushed to Windows devices hosting CrowdStrike's 'Falcon' sensor, and which were online between 04:09 UTC and 05:27 UTC (a time span of 78 minutes). Mac and Linux devices were not affected. The impact was also more pronounced for enterprise users than for individual users. According to an estimate by Parametrix, an insurance company, around 25% of Fortune 500 companies lost about 5.4 billion dollars due to the global outage. Delta Airlines alone lost 500 million, according to its CEO Ed Bastian.
This was not a cyberattack or the doing of a malicious actor. What's being touted as the biggest tech outage in history was caused by a mere 40 KB update(the now infamous channel file 291) pushed to the Falcon sensor installed onboard Windows machines. For some systems, iterative rebooting solved the problem. For others, it took days of manual effort and intense technical expertise to get systems to work as normal.
Highlighting the deeply interconnected nature of the global tech ecosystem, the outage affected not just the systems receiving the faulty update but also the systems that directly or indirectly relied on the crashed systems. In addition to Microsoft's cloud service Azure, Amazon Web Services and Google Cloud Platform were impacted as well. The cascading impact of a faulty 40 KB file exposed the fragility of the global tech ecosystem.
Framing the lessons
How could a reputed cybersecurity firm release a routine update without fault-testing? It turns out that the update was tested for fault by CrowdStrike's content validator before being released, but it had a bug that allowed the faulty update to pass through. In its Preliminary Post Incident Review, CrowdStrike has resolved to strengthen the testing of updates.
That is the first lesson CrowdStrike, cybersecurity firms and, in general, all major software providers need to learn: thoroughly test everything before releasing it for wider use. Staggered deployment should be standard practice, with a limited set of users getting to pilot newly released updates before a wider release is pushed. Even the testing systems should be tested themselves before deployment.
The second lesson is for Microsoft. CrowdStrike's faulty update was able to crash Windows systems because the CrowdStrike driver had kernel-level access (that is, the highest-level access to a system). The faulty update caused CrowdStrike's driver to fail, and the Windows operating system would not boot with a failed kernel driver — consequently causing the "blue screen of death". Notwithstanding potential antitrust concerns, Microsoft and other operating system providers need to rethink the level of privileged access they provide to third-party software. It is not abnormal that many initially thought that this was a Microsoft outage.
The third lesson is for the global tech ecosystem. The tech ecosystem includes more than just big-tech companies (Amazon, Google, etc.) as is broadly understood; every establishment also has a tech element, however small. This ecosystem is heavily interconnected and interdependent, with numerous single points of failure capable of crashing and severely impacting — in a cascading manner — a major chunk of the actors that make up this ecosystem. All establishments transacting in cyberspace need to diversify their vendors, including cybersecurity providers, invest in redundancy and resiliency, and empower in-house IT teams rather than only relying on third-party providers. The CrowdStrike outage has also weakened the arguments of naysayers of the Y2K (year 2000), who decried the problem as a hoax. If history is any indicator, the global tech community should take the Y2K38 (year 2038) and every embedded problem (with potential higher-order impacts) seriously.
The fourth lesson is for Indian industry, government functionaries, and policymakers. Barring some sectors like airlines, India did not witness significant disruption. The country's stock exchanges and banks were only minimally impacted. However, with India accelerating its digital push — from governance to finance — more and more systems are moving towards deeper integration with the global cyber constellation. India's National Cybersecurity Strategy, in the works for years now, should factor in the need for building resilience of the country's core sectors, particularly transportation, medical, finance and trading, military and strategic establishments.
If you like the newsletter, you will love to read our in-depth research and analysis at https://takshashila.org.in/high-tech-geopolitics.
Also, we are hiring! If you are passionate about working on emerging areas of contention at the intersection of technology and international relations, check out the Staff Research Analyst position with Takshashila’s High-Tech Geopolitics programme here.
What We're Reading (or Listening to)
[Article] ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections [We have previously discussed vulnerabilities like this in our discussion document on Chip-based hardware backdoors.]
[Article] AI scientists are producing new theories of how the brain learns
[Opinion] New Regulations Seek to Address Chinese Military Veterans’ Concerns, by Anushka Saxena