Friday’s massive IT outage was caused by Texas-based cybersecurity firm CrowdStrike Holdings Inc., disrupting operations in airlines, hospitals, and business services.
According to the New York Times, the outages were caused by an update the company sent to companies that use its software to protect against hackers, but the update caused computers running Microsoft Windows to crash.
Unlike traditional antivirus software that hunts for known malware, CrowdStrike’s endpoint detection and response software continuously scans machines for suspicious activities and automates responses. This software requires deep access to computer operating systems, which, ironically, can disrupt the very systems it protects.
The outage was said to be the largest in history, affecting 911 lines in the U.S., airlines worldwide, broadcasters, financial services, and even hospitals.
The Associated Press reported that Harris Health System, which runs Houston’s public hospitals, said it had to suspend hospital visits. Some procedures were canceled.
“Some services may not be available due to the current CrowdStrike incident. We appreciate your patience and understanding as we work through this disruption,” the health system said.
CrowdStrike attributed the incident to “a defect found in a single content update for Windows hosts” and confirmed it was not due to a cyberattack. The company assured that Mac and Linux machines were unaffected and that a fix had been deployed.
The outage highlighted the problem of a deeply interconnected world that relies on a few systems, as essential services can be disrupted if a few key machines go down.
“This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” Ciaran Martin, former chief executive of Britain’s National Cyber Security Center told the Times.
The outage is expected to have a huge economic impact as people are still struggling with some financial services and airline delays.
“We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this,” George Kurtz, CrowdStrike’s chief executive, told NBC.
