Mass global IT outage a wake-up call for resilient cyber security

Airlines, media, retailers, hospitals, banks, and essentially, any organization that relied on CrowdStrike's service to protect their Microsoft system from viruses and malware, are still recovering from the unprecedented global IT outage on Friday, with 8.5 million Windows devices affected.

Experts and analysts regard the incident as a wake-up call for a more resilient and less monopolized global digital infrastructure, warning that the world will be more vulnerable facing such disruptions, which could become a "new normal."

Unprecedented outage

On Friday, customers across the world of CrowdStrike, a cybersecurity firm based in Austin, Texas, started to see the "blue screen of death" on their Windows system after installing a faulty Falcon sensor update on Thursday night.

Essentially, Falcon monitors what is happening on the computers on which it is installed and looks for signs of nefarious activity (such as malware). This means that Falcon is deeply integrated into Microsoft's system to the extent that when it falters, the system does too.

"We currently estimate that CrowdStrike's update affected 8.5 million Windows devices, or less than one percent of all Windows machines," said Microsoft in its blog post on Saturday.

Following what Microsoft calls "significant incidents," the company said it has "maintained ongoing communication with customers, and is working with CrowdStrike and external developers to collect information and expedite solutions."

Just hours following the outage, scams, phishing e-mails, and other criminal activities started to target CrowdStrike customers concerning the incident, under the guise of customer service and technical support.

"The scale of this outage is unprecedented, and will no doubt go down in history," said Dr. Junade Ali, a cybersecurity expert and fellow at the London-based Institution of Engineering and Technology.

"Unlike some previous outages that targeted Internet infrastructure, this situation directly impacts end-user computers and could require manual intervention to resolve, posing a significant challenge for IT teams globally," Ali added.

Experts estimate a full recovery from a disruption at such a scale will take weeks. "It seems that millions of computers are going to have to be fixed by hand," said Mikko Hypponen, chief research officer at WithSecure, a cybersecurity company.

Recovery is particularly challenging for small and medium-sized enterprises, which have fewer resources and IT staff to do the manual fixing, said Joe Tidy, a BBC cyber correspondent on Friday.

More disruptions to come

Almost 30,000 flights were delayed on Friday and nearly 7,000 were canceled worldwide, according to Euronews.

The incident resulted in a significant drop in CrowdStrike's value, wiping billions off the company's market value when trading opened on Friday. The same day, Wall Street's major indexes declined, exacerbating a sell-off fueled by tech stocks and mixed earnings reports.

"The outage is likely to intensify regulations for critical services and risk management," said Dr. Madeleine Stevens, an IT expert at Liverpool John Moores University.

"Despite the incident not being a cyberattack, consumer skepticism will inadvertently be impacted, and this unintended demonstration of our cyber vulnerability will raise significant challenges for IT service providers," Stevens said.

The fact that the largest global IT outage so far was caused not by cyberattacks or ill-intentioned actors but, ironically, by a routine update from a cybersecurity software, has once again exposed the systemic risk stemming from an increasingly omniscient and intertwined digital infrastructure and a world which relies on it.

More "digital pandemics" like this are expected to emerge from enhanced global economic integration, said John Bryson, chair of Enterprise and Economic Geography at Birmingham Business School, the University of Birmingham.

The global cyber-energy-production plexus, or the "multiple connections between telecommunications, energy, and production networks," leave us all exposed to unknown disruptions at an unprecedented scale, Bryson added.

Axel Legay, a professor of computer science at the Catholic University of Leuven, said that the more interconnected a computer is, the more vulnerable it becomes.

"The more interconnected the software is, the more vulnerable we will be, because more and more software will interact and it will increase," Legay said in an interview with Euronews Next.

Back-ups and anti-trust

The largest cyber incident so far has offered lessons to stakeholders from tech companies, regulators, and businesses to prepare for more frequent and widespread disruptions in digital infrastructure in the future.

"A core issue is the ability of a digitally-enabled service function to switch immediately to manual," Bryson said.

"In other words, there needs to be an ability to provide services using paper rather than digital solutions. The real danger is that we all forget how to live and work in a pre-digital environment," he said.

The IT expert also highlighted the importance of companies having "air-gapped" back-ups, which are isolated from the cyber-energy-production plexus.

While individual organizations are recommended to spend more resources on off-grid back-ups and staff training over working without computers, some argue the incident showcases the urgency to regulate the highly monopolized market.

The outage "is the result of a software monopoly that has become a single point of failure for too much of the global economy," George Rakis, executive director of NextGen Competition, whose group advocates for more stringent antitrust enforcement, was quoted as saying by The Washington Post on Saturday.

The report added that legislators from three Congressional committees — House Oversight, House Homeland Security, and House Energy and Commerce — asked Microsoft and CrowdStrike to brief them on the cause and impact of the outage on various agencies on Friday.

"When just three companies — Microsoft, Amazon, and Alphabet Inc.'s Google — dominate the market for cloud computing, one minor incident can have global ramifications," wrote Parmy Olson, a Bloomberg Opinion columnist covering technology, on Friday.

Olson argues that policymakers could address the world's over-reliance on just three cloud providers and push the Big Techs to do more than simply administer a band-aid.

Why does a global computational infrastructure seem to have one point of failure? Brooklyn-based columnist Edward Ongweso Jr. asked in a Guardian analysis on Saturday.

Because of concentration, consolidation, and monopolization, he argued. "We've had these sorts of outages before and nothing has changed, partly because the tech industry has been so adept at shifting blame. If that continues, then the monopolists will do what they please and everyone will suffer what they must," he said.