Airlines, media, retailers, hospitals, banks and basically every organization that relied on CrowdStrike’s services to protect their Microsoft systems from viruses and malware are still recovering from Friday’s unprecedented global IT outage, which affected 8.5 million Windows devices.
Experts and analysts have seen the incident as a wake-up call for a more resilient and less monopolistic global digital infrastructure, warning that the world could become more vulnerable to such disruptions and become the “new normal.”
An unprecedented power outage
Customers around the world of Austin, Texas-based cybersecurity firm CrowdStrike began experiencing “blue screens” on their Windows systems on Friday after installing an update for the flawed Falcon sensor on Thursday night.
Essentially, Falcon monitors what’s going on on the computer it’s installed on, looking for signs of unauthorized activity (such as malware), which means it’s deeply integrated into Microsoft’s systems, and if Falcon malfunctions, your systems will malfunction too.
“We currently estimate that the CrowdStrike update has affected 8.5 million Windows devices, or less than 1% of all Windows machines,” Microsoft said in a blog post on Saturday.
In response to what it called a “significant incident,” Microsoft said it was “maintaining ongoing communications with customers and working with CrowdStrike and third-party developers to gather information and work toward a rapid resolution.”
Just hours after the outage began, scams, phishing emails, and other criminal activity related to the incident began targeting CrowdStrike customers, posing as customer service and technical support.
“The scale of this outage is unprecedented and will undoubtedly make history,” said Dr Junad Ali, a cybersecurity expert and research fellow at the London-based Institute of Engineering and Technology.
“Unlike previous outages that targeted internet infrastructure, this situation directly affects end-user computers and may require manual intervention to resolve, posing a major challenge for IT teams around the world,” Ali added.
Experts estimate that a full recovery from an outage of that magnitude could take weeks. “It would likely mean millions of computers would have to be repaired manually,” said Mikko Hypponen, chief research officer at cybersecurity firm WizSecure.
Recovery will be particularly difficult for small businesses with fewer resources or IT staff to carry out manual repairs, BBC cyber correspondent Joe Tiddy said on Friday.
More confusion continues
Around 30,000 flights were delayed and around 7,000 canceled worldwide on Friday, Euronews reported.
The incident sent CrowdStrike’s value plummeting, wiping billions of dollars from the company’s market capitalization as of the start of trading on Friday, a day that saw Wall Street’s major stock indexes fall, adding to selling pressure from tech stocks and mixed earnings reports.
“This outage is likely to lead to increased regulation of essential services and risk management,” said Dr Madeleine Stevens, an IT expert at Liverpool John Moores University.
“While this incident was not a cyber attack, it will inadvertently affect consumer skepticism and create significant challenges for IT service providers as it was an unintended demonstration of cyber vulnerabilities,” Stevens said.
The fact that the largest global IT outage to date was caused not by a cyberattack or malicious actors, but rather, ironically, by a routine update to cybersecurity software, once again highlights the systemic risks that arise from our increasingly omnipotent and intertwined digital infrastructure and the world that relies on it.
John Bryson, director of enterprise and economic geography at Birmingham Business School at the University of Birmingham, said he expected to see more such “digital pandemics” as the global economy becomes more integrated.
The global cyber-energy production complex – “the multiple connections between communications, energy and production networks” – exposes us all to unknown disruptions on an unprecedented scale, Bryson added.
Axel Legay, a computer science professor at the Catholic University of Leuven, said the more interconnected computers become, the more vulnerable they become.
“The more interconnected the software is, the more vulnerabilities there are because more software is interconnected and that expands,” Legay told Euronews Next in an interview.
Backups and Antitrust
The largest cyber incident to date has offered lessons for technology companies, regulators and business stakeholders on how to prepare for more frequent and widespread disruptions to digital infrastructure in the future.
“The core question is whether a service function that’s been digitized can be quickly converted to manual,” Bryson said.
“In other words, we need the ability to deliver services using paper rather than digital solutions. The real danger is that we all forget how to live and work in a pre-digital environment,” he said.
IT experts also stressed the importance of companies having “air-gapped” backups that are isolated from the cyber energy production grid.
While individual organisations are encouraged to spend more resources on off-grid backup and training staff rather than working without computers, some argue the case shows the urgency of regulating highly monopolistic markets.
The Washington Post on Saturday quoted George Lakis, executive director of NextGen Competition, a group that advocates for stricter antitrust laws, as saying the outage was “the result of software monopolies that have become single points of failure for large parts of the global economy.”
The report added that lawmakers on three congressional committees – the House Oversight Committee, the House Homeland Security Committee and the House Energy and Commerce Committee – called on Microsoft and CrowdStrike on Friday to explain the cause and impact of the outages on various agencies.
“When just three companies — Microsoft, Amazon and Alphabet Inc.’s Google — dominate the cloud-computing market, one small incident can have global repercussions,” Bloomberg Opinion technology columnist Parmy Olson wrote Friday.
Olson argues that policymakers can address the world’s over-reliance on just three cloud providers and push the big tech companies to do more than just apply Band-Aid fixes.
Why does the global computing infrastructure appear to have a single point of failure? Brooklyn-based columnist Edward Onweso Jr. asked in an analysis in The Guardian on Saturday.
He blames concentration, consolidation and monopolies. “These kinds of disruptions have happened before and nothing has changed. One reason is that the tech industry is so good at shifting the blame. If this continues, the monopolies will have no choice but to get what they want and everyone will suffer as they deserve,” he said.
