The massive outage has been traced back to a “single content update,” CrowdStrike CEO George Kurtz said in a post on social media platform X. Though the company said a fix for the issue had been deployed shortly before 3 a.m., many banks, private and public sector companies, airports and hospitals were still scrambling to resume normal operations midday on Friday.
Here’s what to know:
What is CrowdStrike?
CrowdStrike provides cybersecurity software to more than 29,000 customers, including nearly 300 Fortune 500 companies such as Amazon, Google, and Target, according to Reuters. Its services include protection from malware and ransomware threats, firewall management, cloud security and tracking down and identifying hackers.
The company made news and became the subject of right-wing conspiracy theories for assisting in a government investigation in 2016, working with the Democratic National Committee to determine that Russian-affiliated intelligence hacked the party.
Friday’s outage was not a cyberattack, CrowdStrike said. It was caused by a defect found in the content update pushed to Windows hosts; Mac and Linux systems were unaffected.
How long will the outage last?
Because so many Windows machines running CrowdStrike software around the world were affected, it could take much longer for systems to return to normal even after the company’s fix.
Many affected systems are continually crashing in what’s known as a boot loop and must be restarted in safe mode to manually remove the files CrowdStrike identified as the issue — and that has to be done one machine at a time.
“I don’t think it’s too early to call it: this will be the largest IT outage in history,” Troy Hunt, an Australian security consultant and creator of the hack-checking website Have I Been Pwned, said in a post early Friday on X.
Cooper said she can’t recall a more serious outage that has lasted so long.
It could take days for all affected businesses to recover, and the outage will have “cascading” effects on industries like air travel, said Levent Ertaul, a professor and cybersecurity researcher at Cal State East Bay.
“What is important for us as far as this incident is concerned is two points. The first is you see how we are all dependent on technology; our lives depend on technology. And the second is how fragile that technology is,” he told KQED.
Why does this matter?
Concern about a widespread outage isn’t new — experts have been wary of this kind of disruption for almost a decade, Cooper said.
“For a very long time, we have had in the back of our heads the possibility that a major service disruption like this could occur,” she said.
But how widespread the effects of an outage might be has grown as technology has advanced, even within the last few years. Whereas email and digital storage systems, for example, used to be separate, now they are often connected. CrowdStrike is an interconnected digital cybersecurity system.
“The prospect of the disruption has been long-standing, but perhaps the way that technology is developing means that the risks are potentially higher than they were even a few years ago of one change being able to affect so many systems across the board,” she told KQED.
Going forward, companies will need to plan for these scenarios in case of another code defect or a cyberattack targeting similar systems.
“Take a moment as a company to think, ‘What happens if my systems go down? If I can’t access email on this particular day, if I’m unable to get into our finance systems, if we were unable, as an airline, to see flight manifestos?’” Cooper said.
She said even small things like ensuring that employers have contact information for their employees outside of the digital software they use could help them maintain or more quickly resume operations if an outage occurs.
“And then, what is your recovery path, assuming those systems are going to be down not for a matter of minutes but for hours, even days.”
KQED’s Sukey Lewis contributed to this report.
