BCS MEMBERSHIP

navigation-membership-member.png

Join the global and diverse home for digital, technical and IT professionals.

CHARTERED IT PROFESSIONAL

navigation-membership-citp.png

CITP is the independent standard of competence and professionalism in the technology industry.

STARTING YOUR IT CAREER

Young Careers

Kick-start a career in IT, whether you're starting out or looking for a career change.

SOFTWARE TESTING CERTIFICATION

navigation-qualifications-swt.png

Over 100,000 professionals worldwide are certified with BCS.

ESSENTIAL DIGITAL SKILLS

navigation-qualifications-skills.png

Improve your digital skills so you can get on in today's workplace.

EVENTS CALENDAR

navigation-events-calendar.png

View all of our upcoming events.

ARTICLES, OPINION AND RESEARCH

navigation-articles-people.png

The latest insights, ideas and perspectives.

IN FOCUS

BCS MEMBERSHIP

CHARTERED IT PROFESSIONAL

STARTING YOUR IT CAREER

SOFTWARE TESTING CERTIFICATION

ESSENTIAL DIGITAL SKILLS

EVENTS CALENDAR

ARTICLES, OPINION AND RESEARCH

IN FOCUS

The impact of a global IT outage caused by an update designed to protect Microsoft Windows devices, could ‘take days’ or longer to recover from, according to BCS

Our experts have called for the government to track, record and assess IT outage incidents to build up our national resilience to such critical issues.

The issue has caused travel chaos, disrupted banking and healthcare services, and it knocked some TV channels off air. The cyber-security firm CrowdStrike has said a defect in a content update caused the problem, and it was not a security incident or cyber attack.

How it happened

Patrick Burgess, from the BCS Information Security Specialist Group, explained the background to the incident to Matt Chorley from Times Radio: "Crowd Strike is a provider of security software to a huge number of companies across the world, and they rolled out an update overnight, which unfortunately caused the classic 'blue screen of death', affecting a lot of Windows machines globally that support a lot of infrastructure."

Adam Leon Smith, a BCS Fellow and a cyber security expert, told Sky TV: "People want to get security updates rolled out as quickly as possible because that helps prevent against what we call 'zero-day' attacks; that is new ways that actors are found to compromise systems. There's a trade-off here between the speed of ensuring that systems get protected against new threats and the due diligence done to protect the system's resilience and stop things like this from happening."

Fix could take a while

CrowdStrike has said they have identified the problem and have rolled out a fix. It is unclear how long it will take until everything gets back to normal.

Leon Smith added: "In some cases, the fix may be applied very quickly, but because it has to be applied to so many computers around the world, that may take longer than it sounds.

But if computers have reacted in a way that means they're getting into blue screens and endless loops and things like that, it may be difficult to restore, and that could take days and weeks.

"We have to realise this could have been a lot worse. Microsoft Windows isn't the main operating system used for mission-critical systems. It's Linux.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

"We have to look at the complex supply chain infrastructure that's providing the systems, services and products we rely on every day. Software should be a priority when we are planning from a national resilience point of view. The government needs to start tracking when things like this happen – even lesser incidents. We need to start understanding the nation's ability to respond to events."

Steve Sands, Chair of the BCS Information Security Specialist Group said: “Working IT systems are a prerequisite for almost every aspect of modern life and indeed the global economy. BCS has made a number of key recommendations to improve service and software resilience to government in a recent consultation and report. I sincerely hope that today’s CrowdStrike issues raise awareness and create some much-needed urgency to continue this vital conversation.”

Patience needed

BCS warned organisations should make sure their IT teams are well supported as it could be a difficult and stressful weekend for them as they help customers. Sands said that speculation as to why this incident happened is “not helpful or productive” at this point and he recommended companies concentrate on the task in hand: “My advice would be to focus on restoring your own IT systems (following the advice of the vendors) and leave the providers and the industry to work on understanding how this happened and learning the lessons.” 

In a statement, Crowdstrike said: "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."

CEO George Kurtz told US broadcaster NBC News: "We're deeply sorry for the impact that we've caused to customers, to travellers, to anyone affected by this, including our companies."

Topics

Computing in society Security / data / privacy

Related

Article

Digital Pioneers: Recoding our Future

2 days ago
Article

BCS in Northern Ireland: meaningful collaboration

4 days ago
Article

What IT can learn from aviation safety

4 days ago