On Friday, July 19th, a software update failure by the cybersecurity company CrowdStrike led to the collapse of Microsoft operating systems, causing the largest IT failure in global history. Although the issue had been mitigated by Saturday, this event once again drew attention to the risks brought about by the increasingly interconnected global IT systems.
This incident impacted global port operations, the medical industry, and financial services. Additionally, the highly complex air transport system also suffered significant damage. While industries have largely resumed operations, the effects are still lingering. This incident highlights the vulnerability of global internet technology.
CrowdStrike issued a statement on Saturday stating that the company had deployed remediation procedures.
Ann Johnson, Chief Security and Compliance Officer at Microsoft, told Reuters that the scale of this failure was huge but could not be quantified since it only involved systems running CrowdStrike software.
Despite the resolution of this global IT failure, affected companies are still dealing with flight delays and cancellations accumulated on Friday, medical appointments, and other issues that may take days to resolve. Enterprises also face the challenge of preventing similar incidents in the future.
Chief Air Freight Officer Niall van de Wouw of supply chain consultancy firm Xeneta, in a statement shared with CNBC, expressed that airplanes and cargo are not where they should be, requiring days or even weeks to fully resolve the situation.
“This reminds us how easily maritime and air transport supply chains can be impacted by IT failures,” van de Wouw said.
U.S. Transportation Secretary Pete Buttigieg told CNBC on Friday morning that even as networks recover, ripple effects would persist.
“These systems, these flights, they operate so tightly,” he said, “you can still feel these effects for an entire day even after the root cause has been resolved.”
This failure originated from a software update released by CrowdStrike, a cybersecurity company, on Microsoft Windows systems.
Warnings issued by CrowdStrike to customers and reviewed by Reuters indicated that their Falcon Sensor software caused a crash in Microsoft’s Windows systems, leading to the appearance of the infamous “blue screen of death” for Microsoft users worldwide.
Reportedly, in less than 80 minutes before CrowdStrike took action, the upgrade had spread to computers globally based on Microsoft Windows systems, rendering enterprise computers inoperable and causing disruptions in the operations of some media companies and other enterprises. The U.S. 911 call center and Department of Justice were also affected.
Reuters stated that the failure raised concerns that many companies were not adequately prepared to implement emergency plans in the event of a single point of failure, such as a failure in an IT system or specific software in the system. However, experts say that unless more emergency measures are established in networks, and better backups are introduced, such failures will continue to occur.
Gil Luria, Senior Software Analyst at “D.A. Davidson” company, was quoted saying, “This incident reminds us of how complex and interconnected our global computing systems are, and how fragile they are.”
“CrowdStrike and Microsoft have a lot of work to do to ensure that similar failures do not occur in the future,” he said.
The Wall Street Journal noted that CrowdStrike’s issue exposed the risks facing the world today, where IT systems are increasingly interconnected and reliant on numerous software companies. When these companies’ technologies fail or are threatened, significant problems arise. These software run on people’s laptops and enterprise IT systems, often updating automatically without users’ knowledge to enhance functionality or provide new security protections.