Explainer: How CrowdStrike knocked the world offline
Computers around the world failed on Friday, crippling businesses and shutting down everything from airlines and television networks to emergency and hospital services.
Cybersecurity firm CrowdStrike (CRWD) said an error in one of its software updates for Microsoft’s (MSFT) Windows knocked systems offline.
The incident sent companies and government agencies across the globe into chaos, as they were unable to access the computer programs necessary for continued operations.
New York’s Memorial Sloan Kettering Cancer Center announced it was pausing the start of any new procedures that required anesthesia while airlines, including Delta (DAL) and American Airlines (AAL), were forced to ground flights. The UK’s Sky News network couldn’t broadcast live news, bankers at JPMorgan couldn’t log into their systems, and 911 services in Alaska went offline.
The cascade of failures at such a wide array of organizations left some questioning how a single update could topple so many businesses and agencies in such a short amount of time.
The problem, however, is a direct result of the way our current internet infrastructure operates.
The web is powered by a handful of major players including Microsoft, Amazon (AMZN), and Google (GOOG, GOOGL). But beyond those are smaller but no less important companies that plug their software into those tech giants' platforms. CrowdStrike offers, among other things, cybersecurity programs for Windows that companies access via the cloud.
Because so many organizations rely on Windows — and because CrowdStrike has become such a mega player in the cybersecurity space — a massive number of key businesses, government organizations, and financial institutions use both companies' software platforms.
When CrowdStrike released an update for its software, companies using Windows systems began experiencing errors, leading to the outage.
“Updates happen an amazing amount of times each day,” explained Gregory Falco, assistant professor of mechanical and aerospace engineering and systems engineering at the Sibley School Program at Cornell University. “Most of them you don't notice. Some of them are annoying, when things get slower or you have to restart your computer.
“But then,” he added, “sometimes these updates do not play as expected.”
Cybersecurity is an integral part of any company that does business over the internet. Hackers are constantly looking for flaws in systems, and cybersecurity companies like CrowdStrike continuously release updates to address any potential cracks those hackers can slip through.
Companies, meanwhile, will apply updates as soon as possible to ensure their systems are as safe as possible from potential attacks. And because CrowdStrike’s update went out so quickly, every organization that uses its software was hit by the same error at once.
Said Benjamin Lee, a professor of computer and information science at the University of Pennsylvania: “Any computer system that does not install the update will be at risk of attack with a known vulnerability. This is why so many businesses, financial firms, and other organizations have — at the exact same time — installed this CrowdStrike software update and suffered the consequences.”
It’s that combination of a small number of companies running the internet and businesses needing to keep their cybersecurity software updated at all times that pushed millions of computers to their breaking points on Friday.
CrowdStrike has released a fix for its software and is actively pushing it out to customers. But that doesn’t mean every company will get back online right away.
“Because of the way in which the update has been deployed, recovery options for affected machines are manual and thus limited,” explained Forrester principal analyst Andras Cser. “Administrators must attach a physical keyboard to each affected system, boot into Safe Mode, remove the compromised CrowdStrike update, and then reboot.”
In other words, it could be some time before the entire outage is fully resolved.
For now, IT administrators around the world will be working around the clock to get their systems back up and running. As for the average person, there’s nothing to do but sit back and wait. And unless internet companies dramatically change how they operate, something like this will inevitably happen again.
Email Daniel Howley at [email protected]. Follow him on Twitter at @DanielHowley.
Click here for the latest technology news that will impact the stock market.
Read the latest financial and business news from Yahoo Finance