The world is trying to get back to normal after the largest ever IT outage on Friday July 19. It was almost with a sigh of relief that it was not as a result of malevolent behaviour, though the problems caused by a faulty update upload does mean that cybercrime insurance will not be applicable for businesses and individuals seeking compensation. Problems on 8.5 million Microsoft computers were magnified for many more millions of customers and users of services. Major providers of transport, finance, retail and medical services have all been affected. This week, everyone is trying to get back to running as normal and no doubt reviewing the IT incident management plans, though for some the implications of missed journeys or appointments could have much longer-term, and expensive, implications. Also affected are unknown numbers of crowd economy freelancers who are likely to receive inaccurate or incomplete payments due to problems with employers updating systems on work completed in time for paycheque runs.
The causes of the IT outage
A cybersecurity consultant and owner of a crowdsourced UK cybersecurity company that helps clients with IT incident management explained it to me like this: “The biggest ever IT outage has, ironically, been caused by a cybersecurity company. It was not a cyberattack but a human error by CrowdStrike in wrongly classifying an update as a content update. Content updates are a change of font or a logo. There was obviously a serious functionality update which was not properly tested by CrowdStrike.”
CrowdStrike’s LinkedIn page describes itself as “a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data.” No information has come to light on how many previous times their updates have been problem-free, which could have led to last week’s situation in which the latest update was apparently rolled-out globally without any initial pre-testing.
Cybersecurity consultant Bryan Altimas further explained what should have taken place: “Testing should have taken place throughout the supply chain. In addition to testing at Crowdstrike, Microsoft should have tested it and companies should have been able to look at the release notes and decide on a risk basis how quickly it needed testing or implementing.”
Immediate impact
At a personal level, the global outage explained the Cash Only sign taped to the door of my local d-i-y store on Friday morning, though by 11.30 card payments were once again possible. My wife messaged me to say how lucky it was she had flown to Poland the day before, as thousands of flights around the world were delayed or cancelled. Telephone lines at my bank stopped working. My doctor’s surgery could not access patient records, test results, or the drug prescription service.
The backlog of handwritten notes from the appointments and consultations that did go ahead will have to be added to the system this week. 60% of UK general practitioners (GPs) use the same Microsoft-based online service provider, which quickly led to widespread problems. Hospital operations were cancelled, further exacerbating the growing waiting lists for treatment.
In the UK, school summer holidays have just begun, and this particular weekend was scheduled to be the business travel day of the year on Saturday.
Some broadcast media channels, such as Sky News, ABC News Australia and the U.S. Paramount channels were unable to report on the outage as their own services were unable to operate.
At a corporate level the potential impact on financial compensation is massive. For example, under European aviation rules, airlines still have to provide meals and overnight accommodation for delayed or stranded passengers, even though this outage was an event beyond their control. This is just one element of the costs that companies will no doubt want CrowdStrike to pay. Crowdstrike’s company value has already dropped by 12%. I wonder what their own IT incident management plans look like?
Russia and China untouched
Boycotts in the wake of Russia’s invasion of Ukraine mean that Microsoft is no longer used there and they have developed their own operating systems. China, similarly, has its own systems and neither country has been immediately impacted. Unfortunately, the whole CrowdStrike episode serves as a stark warning to the West of what could possibly be achieved by a cyberattack from a malevolent state.
It was the biggest, but not an isolated experience
In the UK the implications of this outage are today being felt on the same day as the BT telecoms provider has been fined for faults on the 999 Emergency Services call lines last year. An on-going enquiry is investigating faulty Fujitsu software that led to false accusations of theft by many hundreds of Post Office staff, which in turn caused personal financial loss to make good the “losses,” imprisonment, ill health, and sometimes even suicide. The NHS (National Health Service) remains susceptible to disruptions and costs incurred due to ransomware hacks and threats, either directly or to its suppliers.
At a time when AI is coming to the fore, the general public is continually being given reasons to doubt the wisdom of technology that is in so few hands having the potential to disrupt so many lives. Trust in governments’ abilities to embrace technology and provide reliable services is sinking. Their IT incident management plans and contingencies look weak. What do you think are some possible solutions?
0 Comments