Global tech outage eases; new focus seen on risks

Michael M. Santiago / GETTY IMAGES NORTH AMERICA / Getty Images via AFP

Services from airlines to health care, shipping and finance have returned online after a mistake in a security software update sparked hourslong global computer systems outages on Friday, highlighting the vulnerability of the world’s interconnected technologies.

After the outage was resolved, companies were dealing with backlogs of delayed and canceled flights and medical appointments, missed orders and other issues that could take days to resolve. Businesses also face questions about how to avoid future blackouts triggered by technology meant to safeguard their systems.

A software update by global cybersecurity firm CrowdStrike, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services, such as health care and banking.

Global shipper FedEx faced major disruptions and some moderators who police content on Meta’s Facebook were also hit.

CrowdStrike is not a household name, but it is an $83-billion company with more than 20,000 subscribers around the world—including Amazon.com and Microsoft.

CrowdStrike CEO George Kurtz said on X that a defect was found “in a single content update for Windows hosts” that affected Microsoft customers.

“We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our company,” Kurtz told NBC News.

Will happen again

CrowdStrike has one of the largest shares of the highly competitive cybersecurity market, leading some industry analysts to question whether control over such operationally critical software should remain with just a handful of companies.

The outage also raised concerns that many organizations are not well prepared to implement contingency plans when a single point of failure, such as an IT system, or a piece of software within it, goes down.

sExperts say these outages will happen again, until more contingencies are built into networks and organizations introduce better backups.

The scale of the outage was massive, but not yet quantifiable because it involved only systems that were running CrowdStrike software, said Ann Johnson, who heads Microsoft’s security and compliance business.

Hackers using the outage

“We have hundreds of engineers right now working directly with CrowdStrike to get customers back online,” she said.

US President Joe Biden was briefed on the outage, a White House official said.

The US Cybersecurity and Infrastructure Security Agency said it also observed hackers using the outage for phishing and other malicious activities, while the US Customs and Border Protection said it was experiencing processing delays and working to mitigate issues on international trade and travel.

The Dutch and United Arab Emirates’ foreign ministries also reported disruptions.

“This event is a reminder of how complex and intertwined our global computing systems are and how vulnerable they are,” said Gil Luria, senior software analyst at D.A. Davidson.

“CrowdStrike and Microsoft will have a lot of work to do to make sure that it won’t allow other systems and products to cause this kind of failure in the future,” he said.

Airports, banks, health care

Wall Street’s main indexes fell on Friday, deepening a sell-off driven by tech stocks and mixed earnings, while the dollar climbed as the worldwide cyberoutage unnerved investors.

Air travel was immediately hit, because carriers depend on smooth scheduling that, when interrupted, can ripple into lengthy delays.

Out of more than 110,000 scheduled commercial flights on Friday, 5,000 were canceled globally with more expected, according to aviation analytics firm Cirium.

Delta Air Lines was one of the hardest hit, with 20 percent of its flights canceled, according to flight tracking service FlightAware. The US carrier said it expected additional delays and cancellations through the weekend.

MICROSOFT GLOBAL OUTAGE / JULY 20, 2024
Passengers experience canceled and delayed flights at Ninoy Aquino International Airport, Terminal 3, Pasay City on Friday evening, July 20, 2024, as the global outage of technology giant Microsoft has affected the system of budget carrier Cebu Pacific and Air Asia, but the operations of international carriers in the Philippines remained unaffected as of 4 p.m. on Friday, according to a statement issued by the Manila International Airport Authority (Miaa).
INQUIRER PHOTO / NIÑO JESUS ORBETA

Airports from Los Angeles to Singapore, Amsterdam and Berlin said airlines were checking in passengers with handwritten boarding passes, also causing delays.

Banks and financial services companies warned customers of disruptions and traders across markets spoke of problems executing transactions. Insurers could face a raft of business interruption claims.

US health-care providers reported that the outages were affecting call centers, patient portals and other operations.

Mass General Brigham in Boston said it was treating only urgent cases, while Tufts Medical Center warned that patients might experience delays or need to be rescheduled.

But as the day progressed, more companies reported a return to normal service, including Spanish airport operator Aena, US carriers United Airlines and American Airlines, and Australia’s Commonwealth Bank.

Reuters

Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.