The impact of a global IT outage caused by an update designed to protect Microsoft Windows devices, could ‘take days’ or longer to recover from, according to BCS
Our experts have called for the government to track, record and assess IT outage incidents to build up our national resilience to such critical issues.
The issue has caused travel chaos, disrupted banking and healthcare services, and it knocked some TV channels off air. The cyber-security firm CrowdStrike has said a defect in a content update caused the problem, and it was not a security incident or cyber attack.
How it happened
Patrick Burgess, from the BCS Information Security Specialist Group, explained the background to the incident to Matt Chorley from Times Radio: "Crowd Strike is a provider of security software to a huge number of companies across the world, and they rolled out an update overnight, which unfortunately caused the classic 'blue screen of death', affecting a lot of Windows machines globally that support a lot of infrastructure."
Adam Leon Smith, a BCS Fellow and a cyber security expert, told Sky TV: "People want to get security updates rolled out as quickly as possible because that helps prevent against what we call 'zero-day' attacks; that is new ways that actors are found to compromise systems. There's a trade-off here between the speed of ensuring that systems get protected against new threats and the due diligence done to protect the system's resilience and stop things like this from happening."
Fix could take a while
CrowdStrike has said they have identified the problem and have rolled out a fix. It is unclear how long it will take until everything gets back to normal.
Leon Smith added: "In some cases, the fix may be applied very quickly, but because it has to be applied to so many computers around the world, that may take longer than it sounds.
But if computers have reacted in a way that means they're getting into blue screens and endless loops and things like that, it may be difficult to restore, and that could take days and weeks.
"We have to realise this could have been a lot worse. Microsoft Windows isn't the main operating system used for mission-critical systems. It's Linux.
For you
Be part of something bigger, join BCS, The Chartered Institute for IT.
"We have to look at the complex supply chain infrastructure that's providing the systems, services and products we rely on every day. Software should be a priority when we are planning from a national resilience point of view. The government needs to start tracking when things like this happen – even lesser incidents. We need to start understanding the nation's ability to respond to events."
Steve Sands, Chair of the BCS Information Security Specialist Group said: “Working IT systems are a prerequisite for almost every aspect of modern life and indeed the global economy. BCS has made a number of key recommendations to improve service and software resilience to government in a recent consultation and report. I sincerely hope that today’s CrowdStrike issues raise awareness and create some much-needed urgency to continue this vital conversation.”
Patience needed
BCS warned organisations should make sure their IT teams are well supported as it could be a difficult and stressful weekend for them as they help customers. Sands said that speculation as to why this incident happened is “not helpful or productive” at this point and he recommended companies concentrate on the task in hand: “My advice would be to focus on restoring your own IT systems (following the advice of the vendors) and leave the providers and the industry to work on understanding how this happened and learning the lessons.”
In a statement, Crowdstrike said: "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."
CEO George Kurtz told US broadcaster NBC News: "We're deeply sorry for the impact that we've caused to customers, to travellers, to anyone affected by this, including our companies."