The impact of the CrowdStrike incident has been immense and the issues it foregrounds quite alarming. So I asked Chat-GPT to cheer me up with some puns:
Why did CrowdStrike update start a gardening service? Because it's really good at planting bugs! 🌱😅
Why did the CrowdStrike update go to a party? Because it wanted to bring all the systems down with a "crash"! 🎉💻
Why is CrowdStrike starting a dating service? Because it wants to make sure every computer had the perfect "patch"! ❤️🖥️
Now that we are a little comforted by the terrible AI dad jokes, it is worth considering the seriousness of the situation.
What happened
A CrowdStrike update inadvertently caused a global tech outage, affecting key sectors and leading to a "blue screen of death" on many systems. The issue started last Thursday evening and appears to have affected systems running MS Windows, which used CrowdStrike's Falcon software. Ironically, this is a piece of software which helps find, monitor and manage cybersecurity threats - and thus prevent tech issues. A faulty software update to this programme caused the issue for Windows users. Mac and Linux users were not affected.
The impact
This faulty update affected airlines' ticket and check-in systems, causing major disruption at airports across the world including in the UK, with long queues, flights cancelled, and passengers stranded; hospitals and GPs were affected in the UK, Germany and Israel, with patient record systems and appointment bookings unavailable and reports of cancelled operations and treatments. In the UK, the NHS Varian system was affected, causing the cancellation of radiotherapy treatments for cancer patients; some banking services and payment systems were also not working, including cash machines in the US; trains were delayed; broadcasters Sky News and ABC Australia were off the air; plus the inevitable exploitation of the issue by fraudsters took off, as they are always ready to use a new pretext to trick people and businesses to part with cash.
How to fix the issue
Thankfully, CrowdStrike has identified and isolated the issue, and a fix has been deployed. Instructions on how to replace the problematic update can be found on CrowdStrike's website here: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
The financial and legal fall out
Reports suggest that CrowdStrike's standard terms would only entitle their customers to a refund. If this is true and unless larger companies have negotiated different terms, insurance may be left to pick up the pieces - where the relevant coverage is in place. Of course, there is the possibility of litigation, but this is an expensive option for small and micro firms affected.
The bigger issue
Beyond the inconvenience, financial loss and potential harm this incident has caused, the risk of associated with our dependency on tech behemoths has been brought into focus by this incident. The impact of this incident reads like that of a major cyber attack, but instead, it is the result of having a crucial part of our global digital infrastructure in the hands of one company. Ironically, this is precisely the kid of "single point of failure" which cyber security experts warn against. Yet, CrowdStrike tells us it provides services to around 60% of Fortune 500 companies and over half of the Fortune 1,000. As this incident demonstrates, it is also has a significant presence in key industries, including health, travel and finance. In the aftermath of this incident however, it is likely that people will argue that given the risk associated with providing these services can only be effectively managed by the largest companies, even though their scale is obviously a part of the problem!
Comments