The CrowdStrike computer bug last week caused outages and problems worldwide on some computers running Microsoft Windows, reportedly amounting to about three-quarters of the world’s PCs.
In the United States, two sectors of the economy appear to have been hit particularly hard: the airline industry, with thousands of flights canceled or delayed, and the healthcare industry. There are reports of doctors’ offices closing and appointments being canceled. Some hospitals have reported having to record patient data by pen and paper.
The problems in these two industries may have historical parallels with the Irish potato famine of the 1840s.
At the time, Ireland relied on a single variety of crop, a type of potato called the lumper, to feed the majority of its population.
This monoculture practice meant that when the potato blight virus crossed the Atlantic and hit Ireland, it was able to attack the island’s staple crop and devastate its inhabitants within a matter of years.
On the other hand, a software monoculture can sometimes be a good thing.
“From a security perspective, there are a lot of benefits to running a small, standardized set of software because it helps you find problems faster and easier,” said Andrew Plato, CEO of cybersecurity consulting firm Zenaciti.
But when the software’s core is flawed, as was the case last Friday, the problems can become widespread.
“CrowdStrike is popular software and it has implications on Microsoft Windows. It’s that combination that has led to this,” he said.
One reason you see the same software combinations in so many places is because a relatively small number of people working in cybersecurity are familiar with them, Plato said. “That means you tend to see the same things being implemented over and over again at different companies.”
If a type of software appears to work well for one company, competitors will adopt it, he said.
And standardization is essential in some workplaces: Healthcare providers must adhere to strict privacy and data protection rules under the federal HIPAA law, for example, says Ken Berman, a computer science professor at Cornell University who has worked with Microsoft in the past.
“You want to make sure every computer in the hospital is running that software, but that means if you somehow pick something that’s vulnerable, every computer in the hospital goes down,” Berman said.
Workplaces may be reluctant to switch software systems, especially if employees are accustomed to the existing system.
“Some companies [said] “They actually escaped the CrowdStrike problem because their software was very old, and they were using even older versions of Windows on some of their critical systems,” says Bharath Raghavan, a computer science professor at the University of Southern California.
Cybersecurity consultant Andrew Plato said companies are unlikely to move away from software monoculture, and should instead have backup plans in place in case systems go down.
There’s a lot going on in the world, and Marketplace is here for you.
Marketplace helps you analyze world events and bring you fact-based, easy-to-understand information about how they affect you. We rely on your financial support to keep doing this.
Your donation today will help power the independent journalism you rely on: For as little as $5 a month, you can help sustain Marketplace and continue covering the stories that matter to you.