On the 19th of July 2024 the world witnessed what is being tagged as the largest IT outage in history caused by cybersecurity giant CrowdStrike. The disruption crippled critical IT systems globally, including healthcare systems in England and Northern Ireland, railway systems in the UK, 911 emergency services in the US and international air travel with the air travel industry being the most severely affected.
What Does CrowdStrike Do?
You may be wondering who CrowdStrike is for them to have caused an outage of this magnitude. CrowdStrike is an American cybersecurity company that offers endpoint security, threat intelligence and incident response services (Wikipedia, 2024). Find out more about what they do via the company’s official website. One of the products within their stack of offerings is the CrowdStrike Falcon which is a platform that unifies next-generation antivirus, endpoint detection and response as well as a host of other capabilities into a lightweight sensor which is managed and delivered via a cloud platform.
Further Details of The Incident
This outage was caused by a faulty configuration update released to systems running the Windows operating system on the 19th of July 2024 at 04:09 UTC. The configuration update triggered a logic error which led to a system crash and the blue screen (BSOD) on the affected systems.
CrowdStrike reported via a statement on their website that the configuration update which caused this outage was remediated over an hour later. However, we know from what was experienced around the world that it did not resolve the problem it initially caused. In addition, the CEO of the organization, George Kurtz when asked on an interview with CNBC how much time it will take to get things back to smooth operation inferred that resolving the underlying challenge won’t help every customer recover full operation and it could take some time for this to be done.
Since this incident occurred, the CEO of the organization, George Kurtz has been vocal, making several posts about the incident on different social media platforms. The organization has also made several official statements via social media like this LinkedIn post on remediation, all details and statements are also accessible in the blog section of their website.
– George Kurtz’ first post about the incident at 10:54 AM BST on X.
– George Kurtz reassures customers that this was not a cyber-attack while also issuing an apology on X.
This was the right step to take as communication serves to dispel confusion, prevent miscommunication and it helps stakeholders and customers comprehend the situation at hand.
Scale of Disruption
This disruption was worldwide, possibly the biggest ever experienced. The most significant being in the air travel industry. Several airlines around the world had to cancel flights, while some flight attendants at airports had to issue written boarding passes. By nightfall BBC news reported that more than 5000 flights had been cancelled globally.
The health sector in England and Northern Ireland was affected as well after their appointment and patient-record system experienced downtime. As a result, patients were unable to book appointments and there were serious challenges experienced with the prescription of medication, Sky news reports.
Cable channels like CBBC, Sky News, CMT, ESPN to mention a few were unable to broadcast for some time. The number of affected organisations and IT services and systems continued to increase with reports coming from police officers in the US, reporting that emergency phonelines were down. Payment processing services were not left out as cab drivers in London reverted to taking only cash payments due to the struggle with receiving card payments. Numerous supermarkets reported a challenge with receiving card payments from customers as well. Most obvious of it all are the billboards in New York City’s Times Square going blank during the IT outage, it is reported that over 100 of these billboards were affected.
The last few days have been horrific for IT support staff around the world as the only way to fix the blue screen is to reboot every single device in safe mode. This obviously requires physically accessing the affected devices which constitutes more stress for the IT professionals having to work on this. It will also be very challenging as each organization has thousands of endpoints running the Windows OS, resolving this completely could take weeks.
This outage has presented different views and lessons to the world. From a cybersecurity perspective, we see that this outage had an effect on availability. This exposes the poor disaster recovery culture within organizations as only a handful of the affected organisations were able to recovery from outage in a short time. Furthermore, it is a practical example of what could be if critical systems were compromised by bad actors. We expect that this incident will be a wakeup call to organizations who have not paid adequate attention to their security infrastructure.
