The dramatic events of ‘Blue Friday’, 19 July 2024, had their roots in the city of Austin, Texas, from where cybersecurity technology firm CrowdStrike released a routine and automatic security software update, inadvertently paralysing vulnerable IT systems worldwide and sparking off what many experts consider to be the world’s greatest-ever IT outage. The first signs of trouble were noted in Australia, which wakes up earlier than elsewhere, where the payment systems at Woolworths, 7-Eleven and other supermarket chains were affected, as were the flight schedules for Virgin Australia, JetStar, and other airlines.
Problems were soon being reported from the rest of the world. Airport terminals filled up with travellers, as many airlines grounded planes and cancelled flights. Departure times could not be displayed, while check-in systems and eGates were disabled. Supply chains that depended on the delivery of air cargo suffered. Rail operators had to cancel trains, adding to congestion at rail terminals. Supermarkets and many other businesses were unable to process digital payments. Some banking services were also unavailable. Many businesses experienced payroll failures. Media outlets, such as Sky News, could not transmit radio and television programmes.
Healthcare providers were particularly inconvenienced. Pharmacies could not access online prescriptions. NHS England’s EMIS Web clinical computer system went offline, leaving general practitioners unable to open patient records, book appointments, request prescriptions, and make referrals. At least five hospitals in England declared critical incidents, as surgical and radiotherapy services were impacted. In the US, several 911 emergency hotlines went offline.
George Kurtz, President and CEO of CrowdStrike, confirmed on social media platform X that the outage was not caused by “a security incident or cyber-attack”, being the result of a “single content update for Windows hosts.” Mac and Linux operating systems were unaffected by the software bug. CrowdStrike’s cloud-based software update for its Falcon Sensor agent, which has privileged access to the kernel, deep within the computer’s core operating system, had affected Microsoft’s Windows operating system. The ‘Blue Screen of Death’ error message appeared on computer screens, with affected devices stuck in restarting mode. Falcon is an Endpoint Detection and Response (EDR) platform, which monitors and responds to cybersecurity threats at ‘endpoints’ (entry points)- physical end-user devices that are connected to digital networks and include desktop and laptop computers, smartphones, tablets, printers, ATM machines, servers, and other wireless devices. According to a blog post from Microsoft on 20 July, over 8.5 million computers were affected by the software bug, representing less than 1 percent of Windows machines globally.
CrowdStrike was founded by Kurtz, formerly Chief Technology Officer at McAfee, “a worldwide leader in online protection”, back in 2011. He had started out by launching the anti-virus software company Foundstone in 1999, which was sold five years later to McAfee. CrowdStrike gained its reputation through investigations into such major cyberattacks as those involving Sony Pictures in 2014 and the Democratic National Committee in 2015 and 2016. The company currently provides software to over half of Fortune 500 companies and to the Cybersecurity and Infrastructure Security Agency in the US. On 18 July, at the close of trading on Nasdaq, the company was valued at $83.5 billion, but only four days later share prices had fallen more than 6 percent in pre-market trading on Wall Street. CrowdStrike was nevertheless quick to respond to the crisis, to apologise and accept responsibility, and to release a software patch, to be downloaded on to affected systems after rebooting, restarting in safe mode, and deleting a specific file within the directory.
Critics of Big Tech and IT oligopolies, alongside conspiracy theorists and doom-mongers, shared their suspicions of corporate malfeasance, with some blaming EU rules for the outage, even as scammers revelled in the confusion, offering malicious “quick-fixes” for crashed IT systems. The outage has raised concerns over the resilience of global IT systems, highlighted vulnerabilities of critical digital tech infrastructure to events that can be disruptive, costly, stifle productivity, and be cumbersome to fix, and also questioned the pace of transition to a cashless society. It is noteworthy that China, with its controlled IT infrastructure and lower reliance on Microsoft, mostly escaped the effects of the outage.
Once again, the events of 19 July remind us of the risks of catastrophic global digital system failures in an IT-driven world and the potential susceptibility of these systems to the undesirable attentions of malicious actors. It is quite possible for such cyber-disasters to be repeated in the days, months, and years to come. In mitigation, cybersecurity firms will be expected to continually update and test their products, ensuring that the ever-expanding digital world is protected from both unintended, as in the case of CrowdStrike, and deliberate attacks on system integrity.
Ashis Banerjee