HomeTechCrowdStrike tech outage shows the precarious nature of our digital world

CrowdStrike tech outage shows the precarious nature of our digital world

Date:

Related stories

How to get your sports fix every day this Christmas

The festive season means there is plenty of sport...

Hi-tech drones will be used to crack down on migrants crossing Channel

HI-TECH drones are to be used to crack down...

Giovanni Pernice thanks UK fans for support before Italian dance show final

Former Strictly Come Dancing professional Giovanni Pernice has thanked...

Crystal Palace vs Arsenal live updates: Premier League predictions, team news and latest score

Crystal Palace’s Eberechi Eze will miss today's Premier League...
spot_imgspot_img

Train stations. Airports. Television stations. Stock exchanges. Banks. Emergency services. The world has ground to a halt thanks to an unexpected outage to a system designed to keep computers from harm this morning.

As people in the UK woke up, they were confronted by blank blue screens. The purported cause was a faulty update with a security system operated by CrowdStrike, a third-party company, that was pushed out to users worldwide.

And while the inability to turn on your laptop or computer is frustrating for individuals, the offline impact of the digital incident is enormous.

Michael Veale was set to fly out of Heathrow this morning, but encountered issues as he tried to go through security. “Only one scanner was working due to a computer crash,” he said. “As I left to the gate, all the departure screens were showing ‘Recovery Mode’. As I got onto the plane and the runway, Berlin airport closed.”

Veale, a computer science expert who is an associate professor at University College London, spoke to i from his plane seat, stuck on the runway at Heathrow. He had been told by the pilot that the plane was experiencing a two-hour delay and they hoped Berlin airport would soon reopen, but was told mid-conversation that the flight had been cancelled.

Veale explained that the issue highlights our over-reliance on individual software providers for security of key infrastructure. “As companies try to control their computers on-the-cheap, they turn to third-party software providers that they give deep control over their infrastructure to.

“Modern software development is all about giving centralised, remote control of what code is running on your device to companies like CrowdStrike and Microsoft. When this goes wrong, as we have seen, everything goes wrong. We’re building a dangerous digital monoculture, and just like agricultural monocultures, these are very susceptible to blight and disease.”

It’s a concern echoed by other cyber security experts. “This proves our IT infrastructure is fragile,” said Eerke Boiten, a cyber security professor at De Montfort University. “Probably too many organisations are in a position where their actions can break a lot – even if unintentional.”

CrowdStrike is a large, US-based company that provides cyber security services to companies around the world. One of its major services is Falcon Sensor, a tool that runs in the background of Microsoft Windows and tracks data flows to and from internet-connected devices.

Indications suggest that the issue is a problem with Falcon Sensor. As computers that use the Falcon Sensor system update to the latest version, cyber security experts suggest that error has prevented computers running the Windows operating system that have CrowdStrike services installed from starting up.

The problem appears to be that an individual file, which was updated overnight, was misconfigured, which causes Windows to refuse to start. It’s the computer equivalent of a small mechanical error in a motor preventing a vehicle from starting up.

There are no suggestions that the issue has been caused by a malicious actor, but rather a mistake that, because of CrowdStrike’s ubiquity – it is one of the world’s most widely-used protection systems – multiplies across different areas, from supermarket checkouts to airline routing systems.

Indeed the CEO of CrowdStrike, George Kurtz, said: “This is not a security incident or cyber attack. The issue has been identified, isolated and a fix has been deployed.”

He added that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts”.

Microsoft said a resolution for Windows devices was “forthcoming”.

Nevertheless, the impacts have been significant. Some have reported their devices were switching off as they were on Zoom calls, leaving them unable to restart their computer. There are workarounds, including starting up devices in safe mode and changing which CrowdStrike files are run at the point a device starts up, but most people are best to wait for an update.

The issue is a black eye for CrowdStrike, which seeks to solve problems and protect users, rather than cause problems.

“This incident shows that while distributed security solutions can help an organisation respond quickly to a threat, if the very tool protecting you causes an error the impact is fast and widespread,” said Alan Woodward, professor of cyber security at the University of Surrey. “It shows just how vital IT has become to the operation of a whole range of organisations. Lose your IT and you can’t function.”

The silver lining is that because so many aspects of our lives have been affected, the relevant companies who can fix the problem – CrowdStrike in particular – are working fast to remedy the issue.

Yet while the incident is likely to be resolved today with a new automated update that winds us back to before the issue appeared, the outage will raise awareness of the precarious nature of our world and its reliance on technology – and quite how quickly things went wrong will act as a cautionary tale for next time. While it’s impossible to iron out human errors, it’s likely we’ll see even more oversight going forward.

“We don’t often get reminders of [how reliant we are on single services], fortunately,” said Boiten.

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_img