Crowdstrike update causes global IT outage, inflicting havoc


A defective update to an obscure piece of security software knocked out computer systems around the globe Friday, causing widespread disruptions to travel, medical care, government agencies and retailers.

Airline passengers were stranded at airports as thousands of flights were canceled. Hospitals closed their doors to patients expecting routine appointments. Shoppers encountered self-checkout terminals showing the notorious Blue Screen of Death that pops up when Windows fails. Even the organizers of the upcoming Paris Olympics reported impacts to the delivery of uniforms.

The problem traced to an update issued for Windows computers by security firm CrowdStrike, the company said in a blog post. The company said at 6 a.m. Friday the problem had been identified and fixed, but by that point the effects had rippled around the world.

The effects of the outage were a reminder of how the global economy is dependent on computer systems that are vulnerable from everything from attacks by sophisticated hackers to bungled software updates. But while the problems were widespread, there was an element of randomness at play, too, depending on which companies in any given industry made use of the defective system.

GET CAUGHT UP

Stories to keep you informed

CrowdStrike chief executive George Kurtz said he was “deeply sorry” to anyone affected by the global outage during an appearance Friday on NBC’s “Today” show and vowed to “make sure every customer is fully recovered.”

Many CrowdStrike systems are recovering and will soon be operational, Kurtz said, but “it could take some time for some systems that won’t automatically recover.”

The company’s problems follow a string of computer security incidents and service outages in recent years that have disrupted online services. Bruce Schneier, a security technologist who teaches at the Harvard Kennedy School, said the latest problem shows how brittle parts of the online world have become as companies have chased efficiency while sacrificing resiliency.

“This is one of hundreds of companies you’ve never heard of that are essential to the functioning internet,” Schneier said. He compared the situation to a house built in such a way that nailing a picture to the wall puts it at risk of collapsing.

CrowdStrike’s software is widely used around the world by businesses seeking to defend themselves from hackers. The problems Friday affected only computers running Microsoft’s Windows operating system, CrowdStrike said, leaving Apple computers and those using Linux unaffected.

While Windows is the operating system for hundreds of millions of personal PCs, it also runs on the computers behind the scenes that are vital to the operation of airlines, digital payment systems, emergency services call centers and other organizations.

Microsoft chief executive Satya Nadella said in a post on X that his company was working with CrowdStrike and Windows users “to provide customers technical guidance and support to safely bring their systems back online.”

Some of the most visible early effects of the outage were at airlines. Budget U.S. carriers Frontier and Sun Country disclosed in the early hours of Friday that they were experiencing disruptions, and the problems spread to major airlines and affected airlines overseas.

By 9 a.m. Eastern time, more than 2,100 flights had been canceled worldwide. More than 1,200 of those were flights operating into, within or out of the United States, according to FlightAware.com, an online flight-tracking website. More than 22,000 flights were delayed worldwide, with delays affecting more than 2,600 flights originating or ending in the United States.

In the United States alone the impacts were similar to what might be expected during a major snowstorm. And even as airlines reported getting operations back up and running Friday morning, problems in the aviation system can take hours to fully resolve as crews and aircraft are left in the wrong cities.

John Cox and his wife found themselves spending more than a day at Reagan National Airport as they tried to get a flight home to North Carolina.

A technical issue Thursday evening prompted major airlines including Delta to delay service and reroute passengers. Then the 10:17 a.m. Friday flight to Charlotte was pushed to Saturday at noon. “It completely derailed our plans,” said Cox, slumped on a seat by the entrance of the airport.

“We’re going to end up spending a lot more money hanging around in D.C. than if we were back at home,” Cox said, before reclining in his seat and sighing. “There should be some compensation for the immense inconvenience that so many people are enduring.”

By Friday morning it had become clear that the effects were reaching into a large number of industries and affecting government agencies.

The effects on medical providers stretched from the United States to Israel, with doctors losing access to electronic medical records and some hospitals postponing elective procedures.

Mass General Brigham, a nonprofit that operates one of the largest hospital systems in Massachusetts, said on its website that it was canceling all “non-urgent visits” at its hospitals and clinics Friday. The organization said its emergency departments remained open and were providing care for urgent appointments and procedures.

Television news stations in several countries were knocked off the air. In Australia the outage left ABC News unable to deliver its usual evening news update. Instead it showed a special report on the disruption at Sydney airports.

Some emergency services also reported problems. The Alaska State Troopers reported that, starting at 9 p.m. Thursday Alaska time, 911 call centers statewide were not working correctly. Service was restored around 4 a.m. Friday when dispatch centers switched to analog phone systems or partnered with dispatch centers that had not been impacted, according to the Alaska Department of Public Safety.

Officials in Washington said they were monitoring the situation and providing assistance. A White House official said President Biden was briefed on the outage and that the administration was in touch with CrowdStrike and impacted entities. The White House will get “sector by sector updates throughout the day and is standing by to provide assistance as needed,” the official added.

Transportation Secretary Pete Buttigieg said in an interview on CNBC Friday that he expected airlines, ports and freight companies to be largely back on their feet by Friday. But he said the episode should prompt some soul searching about the vulnerability of the country to even seemingly minor technical problems.

“We’re certainly in a new era in terms of these risks,” Buttigieg said. “I think there will be a huge amount of after action assessment, after the dust settles and things get back to normal.”

Washington Post reporters Hannah Ziegler, Jeff Stein, Daniel Gilbert, Aaron Gregg, Adela Suliman and Julian Mark contributed to this report.

Leave a Reply

Your email address will not be published. Required fields are marked *