On Friday, July 19, the world woke up to news that computers in many industries, government agencies, and media outlets were out.
The outage impacted healthcare, banking, stock markets, travel, and broadcasting. It caused a disruption in air travel, not up to the level of the Southwest debacle in December, but enough to grab headlines in Europe, the U.S., and Australia.
The mass computer failures were not the result of a cyberattack. The affected computers used a version of the Microsoft Windows operating system with CrowdStrike. The issue was caused by CrowdStrike, security software used by thousands of companies. CrowdStrike sent a security update to its “Falcon” program that was, in the company’s words, “defective.” It caused Microsoft to go into a “blue screen of death” loop. CrowdStrike quickly sent out a fix, but the affected computers shut down before the fix could be loaded. It affected only CrowdStrike users with Microsoft Windows—according to the company, “only” 8.5 million computers, one percent of the computers in the world. The company said it was nothing to worry about, unless of course you use one of those computers.
Gaming did not escape. Casinos in California, Mississippi, and Nevada reported system failures that affected slot machines and ATMs, among other things. Compared to the MGM cyberattack that was estimated to cost $100 million, this incident is small potatoes. In fact, the number of airline flights affected, media blackouts, and banking, financial, and medical problems is a minor portion of the theoretical possibilities.
CrowdStrike has made its name, reputation, and ultimately its market cap on high-profile cases of cyberattacks by foreign nations and bad actors. The defect in its software will probably cost CrowdStrike more than anyone else. Its stock price fell and there is major damage to its reputation. If you own the stock, it may cost you too, at least in the short term. To everyone else, it is just another news story or a momentary inconvenience. But it should do more. It should serve as a major warning sign. It was, if you will pardon the pun, a strike at the crowd by a crowd striker.
One company and one software system connected the Israeli army, a hospital in New York, a casino in Henderson, Nevada, and a flight from Chicago to New Orleans. It is not the result of evil-minded bad actors or religious terrorists.
According to some sources, the whole issue was the result of a lack of proper quality control. Updates to computers systems are as common as sunrises. Overnight, while we sleep, our computers, iPhones, and tablets are updated. The updates fix glitches, improve functions, or add some new bells and whistles that we neither need nor want. Or as in this case, they deliver an error that causes your computer to go into a terminal feedback loop.
That is the warning sign. A nearly mindless automatic system has access to the digital devices in the world. Actually, it is more than one system; dozens of them have backdoor access to the digital universe. It is an existential threat to world order. We have already experienced bad actors who wish to disrupt our economic and security systems to collect ransoms. Dozens of casinos besides MGM have been shut down by ransomware. Not all paid the fee that was asked, but some did, and the others paid indirectly.’
Several years ago, I lost all of my files to one of those. I opened a bogus email claiming to be from FedEx and clicked a link. That click gave kidnappers access to my computer and locked me out. I did not pay the criminals, but I did pay for a tech to get my data back and add a new backup system. In the process, I lost several working days.
Besides the ransomware gang, there have also been rumors of threats from China, North Korea, Iran, and Russia to our power and military systems and interference with elections. Those countries also have a comparable narrative where the elections, national security, economy, and infrastructure are threatened by agents of Western countries.
In the current wired and connected world, one company created a major disruption. The economic impact could have been much worse. No plane crashed, no cities lost power, no one had their bank accounts wiped out, nor were any nuclear missiles launched leading to a world war. But all these things and many more are conceivable in a wired connected world. The fact that this issue arose not from intent, but from an automatic system with inadequate quality control, is the most frightening.
