The cascading computer outages that grounded planes, crippled hospitals and disrupted vital public services laid bare just how dependent the global economy is on a single company: Microsoft.
Regulators and lawmakers from all political stripes have sounded the alarm, saying the massive outage that crippled Windows shows the dangers of concentrating so much power in one company that runs governments, businesses and critical infrastructure around the world.
The outages rippled around the world, with credit card systems down in Australia, airlines in India handing out handwritten tickets and US courts postponing hearings including those in Hollywood mogul Harvey Weinstein’s sex crimes case. The effects also spread to major public sector clients, with the Social Security Administration closing local offices over the weekend and the Federal Communications Commission reporting disruptions to 911 services, forcing some local dispatchers to switch to analog phone systems.
The outage was caused by a flawed update that cybersecurity firm CrowdStrike distributed to Windows systems around the world. Microsoft estimated in a blog post on Saturday that the update affected 8.5 million devices, which represents less than 1% of the computers that run Windows.
But the incident has resurfaced concerns that Microsoft’s grip on global systems is putting federal agencies and companies at unnecessary risk and raised questions about whether the power of one of the world’s most sophisticated political operators should be limited.
Get caught up in
Stories to keep you up to date
“These cases show how concentration creates a fragile system,” Rep. Lina Khan (D-Calif.), chair of the Federal Trade Commission, which is reviewing consolidation of cloud computing services, said in a post on X on Friday.
“The outage today was the result of CrowdStrike, not Microsoft,” said Microsoft spokeswoman Kate Frischmann.
Microsoft’s email, cloud storage and video conferencing products have long been staples in workplaces across the U.S., including the federal government, where it is a key supplier. But serious security flaws and growing regulatory concerns about the tech giant’s influence in the economy are testing the company’s cozy relationship in Washington.
Earlier this year, a massive hack exposed federal employee emails and led lawmakers to subpoena the company’s president, Brad Smith, putting Microsoft’s software in the spotlight once again. A scathing report from the federal government’s Cyber Security Review Board said a “cascade of avoidable errors” and a security culture “in need of a complete overhaul” contributed to the incidents.
CrowdStrike CEO George Kurtz said Friday that the outage was “not a security or cyber incident” and that the company is “working with all affected customers to ensure that our systems are restored and we provide the service they expect.”
Microsoft CEO Satya Nadella said in a statement on Friday that the company is “working closely with CrowdStrike and the entire industry to provide technical guidance and support to help customers get their systems back online safely.”
But the furor has already increased calls for the federal government to diversify the pool of vendors that run its day-to-day operations, which could be a boon for Microsoft’s competitors.
“This outage is the result of a software monopoly that has become a single point of failure for much of the global economy,” said George Lakis, executive director of NextGen Competition, a group that advocates for stricter antitrust enforcement. He accused Microsoft of stifling competition by locking in customers and called for the company to be “broken up.”
Spence Parnell, director of technology policy at the Reason Foundation, a libertarian think tank, said government officials often “ironically” complain about tech monopolies, but “they are supporting Microsoft’s dominance over government contracts through vendor lock-in.”
The outage is likely to bring greater scrutiny to the company’s dominance in Congress.
Lawmakers on at least three congressional committees — the House Oversight Committee, the House Homeland Security Committee and the House Energy and Commerce Committee — on Friday called on Microsoft and CrowdStrike to explain to them how the outage occurred and how it affected government agencies.
“This incident highlights how dependent we have become on technology in every aspect of our lives and how a single failure can have ripple effects across our entire economy,” Homeland Security Committee Chairman Mark Green (R-Tenn.) said in a statement.
At least one Republican committee member, Rep. Michael McCaul of Texas, learned of the outage after his flight was canceled on his way back from the Republican National Convention in Milwaukee, a spokesman said.
Rep. William Timmons (R-South Carolina), chairman of the House Oversight Committee, He called for an immediate public hearing. X said the incident “revealed multiple bottlenecks in our country’s IT and cyber infrastructure.”
Microsoft’s aggressive push into new technologies, including artificial intelligence, has led to a wave of regulatory issues around the world. Federal agencies reached an agreement last month to allow the FTC to investigate the company’s relationship with OpenAI, which is also being closely watched by regulators in Europe and the U.K. The moves signal a change of direction for the company, which has avoided much of the “techlash” aimed at companies during the Trump presidency and the first few years of the Biden administration.
Microsoft has powerful lobbying and public relations resources to neutralize the effects of this disruption: Learning from its missteps in antitrust battles with the U.S. government in the 1990s and early 2000s, the company has built over three decades perhaps the most sophisticated public policy department of any technology company.
Under Mr. Smith’s stewardship, the company has sought to portray itself as more outgoing and willing to engage with policymakers’ concerns than its tech peers, and Mr. Smith’s reputation as the industry’s de facto ambassador to Washington is likely to be put to the test in the aftermath of the blackout.
Frischmann confirmed that the company had briefed policymakers in Washington about the incident on Friday, but declined to say which government officials it had contacted.
The White House told The Post that it had briefed President Biden about the incident and that his team had been in contact with CrowdStrike. Microsoft was in contact with White House officials on Friday, according to a person familiar with the matter, who spoke on condition of anonymity to discuss private conversations.
After the hack earlier this year, numerous congressional committees and lawmakers called on federal agencies to investigate and evaluate their reliance on the company’s tools, and those calls took on new urgency after Friday’s outage.
“This is a failure that requires quick answers,” said Sen. Rick Scott (R-Fla.), who in May called on federal agencies to investigate Microsoft’s security flaws. he said in a social media post on Friday..
Sen. Eric Schmitt (R-Missouri), who recently grilled the Pentagon about its plans to increase its investment in Microsoft products, sent a letter to the Pentagon on Friday warning that the outage “demonstrates that consolidation and reliance on a single provider can have devastating effects on IT systems.”
Pentagon spokeswoman Jessica Anderson said the department was monitoring its networks for possible impacts but would not comment on the situation for security reasons.
The FTC itself was affected by the outage, and staff were working on resolving the issue on Friday.
Khan rose to the top of the FTC on a hard-line platform of dismantling the power of big tech companies, and under his watch the agency has brought antitrust cases against Amazon and challenged industry mergers, including Microsoft’s acquisition of Activision, which Microsoft ultimately won in court and closed last year.
Khan warned recently on “The Daily Show” that some companies have become so powerful that they can harm consumers with little or no impunity.
“Today, we live with regular reminders of the consequences of prioritizing ‘efficiency,’ whether it’s a faulty update that shuts down the global economy for a day or a hack that leaves millions of Americans without prescriptions for weeks,” said an FTC official who spoke on the condition of anonymity to discuss the agency’s confidential work, which includes its investigation into Microsoft. “Dominating companies are often too big to care, because customers have no one to turn to for better service.”
Jeff Stein contributed to this report.