CrowdStrike operates differently than many other cybersecurity firms because it relies on cloud technology to distribute and manage its software. CrowdStrike’s software scans systems for threats. To do that it requires very comprehensive access to clients’ operating systems.
On July 19, 2024, CrowdStrike issued an update to its Falcon program. For whatever reason, that update caused a major hiccup in the operation of computers using the Windows Operating System. According to information published by Statista in February 2024:
“Microsoft's Windows was the dominant desktop operating system (OS) worldwide as of February 2024, with a market share of around 72 percent. Apple’s Mac operating system has gained market share over the years, growing to command around a fifth of the market. Linux and Google's Chrome OS have retained small but stable market shares in recent years.”
The problem only affected computers running Windows. The next time it might affect other systems and not Windows, Windows, or all systems. Time will tell.
The mechanics of what went wrong have importance for other purposes and to those who need to solve the problem and prevent a recurrence. The significance of what happened, however, concerns us all. The update triggered a reaction within the Windows operating system that prevented computers from rebooting. When a computer started the process, it ended with the infamous blue screen of death. As the computers could not boot up, they could not run their programs, and the global reaction resulted in financial institutions not having the ability to conduct transactions; airlines losing the ability to have planes take off and land safely, resulting in a large number of flight delays and cancelations; local governments, healthcare systems, and many businesses could not function.
CNBC reported that:
“Airlines, hospitals and financial services firms were among the many businesses affected.
American Airlines, which describes itself as the world’s largest, said a technology issue was affecting “multiple carriers” including American, while the Dutch arm of Air France-KLM said it had been “forced to suspend most” of its operations.
In Great Britain, the Royal Surrey hospital declared a “critical incident” and had to temporarily suspend radiography treatment. The National Health Service in England, meanwhile, said it was experiencing disruptions in the majority of doctors’ practices.
Banks and financial companies around the world have reported issues, with German insurance giant Allianz saying it was “experiencing a major outage that is impacting employees’ ability to log into their computers. It impacts multiple companies besides Allianz.”
NBCUniversal is also being affected by the CrowdStrike outage.”
As the problem prevents the computers from rebooting, the correction cannot come from a remote download, as did the update. That would make repair and restoration too easy. Instead, it will take much longer, as it will require manual local intervention to bring the computers back online so they can receive a corrected update. We do not know how long that process will take. We do not yet know the economic, business, or social consequences of the breakdown. We may not know those answers for some time.
More importantly, we don’t know if this catastrophe will repeat itself again or, if so, when. Security software must receive regular updates to address new threats and maintain effectiveness. Each update runs the risk of a problem like this occurring. Fortunately, we have not seen such a disaster before, and hopefully, we will not see another for a very long time, but we cannot be sure. While it makes sense that some computers may have conflicting software that interacts badly with an update and causes a problem, we would expect that to occur rarely and idiosyncratically.
We expect that before introducing a systemic update of this nature, somebody actually tested it to see if it worked. We do not have access to all the data and will not point fingers at anyone, but for a failure this massive to occur, apparently, someone missed the boat regarding pre-release testing of this update. We hope that CrowdStrike and other companies pay heed to the problems we experienced and take a more vigilant approach to rigorous pre-release testing before putting an update online.
The lesson for the rest of us: Sometimes, it does not make a damned bit of difference if you do everything right regarding technology. Someone else’s screw-up can still take you down. Friendly fire.
The situation has the potential to compound the casualties, as the bad guys will try to take advantage of this disability and disruption. To protect yourself, be hypervigilant about your own security. Exercise extreme caution about any contact purporting to come from CrowdStrike or from a “technical support” service seeking to help you recover from the CrowdStrike disaster.
Technology remains a double-edged sword, and we will continue to live in the shadow of its duality. It is the best of times; it is the worst of times…