Services from airlines to health care, shipping and finance were coming back online on Friday after a global digital outage disrupted computer systems for hours, another incident that shows the vulnerability of the world’s interconnected technologies.
After the outage was resolved, companies were dealing with backlogs of delayed and cancelled flights and medical appointments, missed orders and other issues that could take days to resolve. Businesses also face questions about how to avoid future blackouts triggered by technology meant to safeguard their systems.
An earlier software update by global cybersecurity firm CrowdStrike CRWD-Q, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as health care or banking.
Since the COVID pandemic broke out in 2020, governments and businesses have become increasingly dependent on a handful of interconnected technology companies over the past two decades, which explains why one software issue rippled far and wide.
The outage shone a spotlight on CrowdStrike, an $83 billion company that is not a household name but has more than 20,000 subscribers around the world including Amazon.com and Microsoft MSFT-Q. CrowdStrike CEO George Kurtz said on social media platform X that a defect was found “in a single content update for Windows hosts” that affected Microsoft customers.
“We’re deeply sorry for the impact that we’ve caused to customers, to travellers, to anyone affected by this, including our company,” Kurtz told NBC News. “Many of the customers are rebooting the system and it’s coming up and it’ll be operational.”
The latest on the CrowdStrike IT outage that’s affecting businesses worldwide
Porter Airlines grounds fleet, cancels flights amid global tech outage
CrowdStrike has one of the largest shares of the highly competitive cybersecurity market, leading some industry analysts to question whether control over such operationally critical software should remain with just a handful of companies.
The outage also raised concerns that many organizations are not well-prepared to implement contingency plans when a single point of failure such as an IT system, or a piece of software within it, goes down. But these outages will happen again, experts say, until more contingencies are built into networks and organizations introduce better back-ups.
CrowdStrike shares closed down 11 per cent. Its rivals SentinelOne shares closed up 8 per cent and Palo Alto Networks closed up 2 per cent. Microsoft closed down 0.7 per cent.
The scale of the outage was massive but not yet quantifiable because it involved only systems that were running CrowdStrike software, said Ann Johnson, who heads Microsoft’s security and compliance business.
“We have hundreds of engineers right now working directly with CrowdStrike to get customers back online,” she said.
U.S. President Joe Biden was briefed on the outage, a White House official said. Secretary of State Antony Blinken said his understanding was the outage was not a malicious attack. However, the U.S. Cybersecurity and Infrastructure Security Agency said it observed hackers using the outage for phishing and other malicious activities.
U.S. Customs and Border Protection (CBP) said it was experiencing processing delays and working to mitigate to international trade and travel. The Dutch and United Arab Emirates’ foreign ministries also reported disruptions.
“This event is a reminder of how complex and intertwined our global computing systems are and how vulnerable they are,” said Gil Luria, senior software analyst at D.A. Davidson.
“CrowdStrike and Microsoft will have a lot of work to do to make sure that it won’t allow other systems and products to cause this kind of failure in the future,” he said.
Wall Street’s main indexes fell on Friday, deepening a sell-off driven by tech stocks and mixed earnings. The Cboe Volatility index – Wall Street’s “fear gauge” – hit its highest level since early May, and the dollar climbed as the worldwide cyber outage unnerved investors.
Air travel was immediately hit, as carriers depend on smooth scheduling that, when interrupted, can ripple into lengthy delays. Out of more than 110,000 scheduled commercial flights on Friday, 5,000 have been cancelled globally with more expected, according to aviation analytics firm Cirium.
Delta Air Lines was one of the hardest- hit, with 20 per cent of its flights cancelled, according to flight tracking service FlightAware, and the U.S. carrier said it expected additional delays and cancellations potentially through the weekend.
Airports from Los Angeles to Singapore, Amsterdam and Berlin said airlines were checking in passengers with handwritten boarding passes, causing delays.
Banks and financial services companies warned customers of disruptions and traders across markets spoke of problems executing transactions. Insurers could face a raft of business interruption claims.
U.S. health care providers reported outages were affecting call centers, patient portals and other operations. Mass General Brigham in Boston said it was treating only urgent cases while Tufts Medical Center warned that patients may experience delays or need to be rescheduled.
In Britain, booking systems used by doctors were offline, posts on X by medical officials said, while Sky News, one of the country’s major broadcasters, was taken off the air.
As the day progressed, more companies reported a return to normal service, including Spanish airport operator Aena, U.S. carriers United Airlines and American Airlines, and Australia’s Commonwealth Bank.
U.S. Transportation Secretary Pete Buttigieg said transportation system issues appeared to be resolving and would hopefully be back to normal by Saturday.
A global tech outage was disrupting operations in multiple industries on Friday, with airlines halting flights, some broadcasters being forced off-air and everything from banking to healthcare hit by system problems. So what happened, and what impact have the outages had?
Reuters