Buffalo, N.Y. (WBEN/AP) - A tech outage in the early morning hours on Friday caused some problems globally with a number of different businesses, emergency services, health care facilities, banks, and also affected travel for folks at airports and even at the U.S.-Canada border.
The outage was sparked by an update issued by cybersecurity firm CrowdStrike, and only affected its customers running Microsoft Windows, the world's most popular operating system for personal computers. It was not the result of hacking or a cyberattack, according to CrowdStrike, which apologized and said a fix was on the way.
Businesses and governments worldwide experienced hours-long disruptions — their computer monitors glowing blue with error messages — and scrambled to deal with the fallout. CrowdStrike's CEO said some of their systems will require manual fixes.
Related
The breadth of the outages highlights the fragility of a digitized world that's dependent on just a few providers for key computing services.
"It is very concerning that something as simple as a Microsoft Windows update can take down the entire world travel system," said Scott from Depew on Friday, as he awaited a new flight out of Buffalo after his was canceled due to the outage. "I can only imagine if somebody really got in and tried to mess things up what would happen."
For other travelers affected by Friday's global tech outage like Mariah from Lockport, she's not overly worried about incidents like this, more so just annoyed.
"It's funny to make a joke that it's like a cyberattack, but it's something as little as when your phone updates, it feels like, which is just insane that it can affect all of this," said Mariah with WBEN. "But honestly, I'm not worried. I'm just annoyed, and I want to go home. But I don't think we're going home anytime soon."
Meanwhile, one local cybersecurity expert says this global outage affecting so many could have easily been avoided.
"These are essentially problems created by solutions. If you think about what really is going on over here, this is a solution that created a huge problem," said Arun Vishwanath in an interview with WBEN. "What was the solution? Basically, this is an endpoint protection, so think of it like a wireless protection that's being launched on everybody's devices automatically, which is one of the things that CrowdStrike does. And because they don't want users to remember to do it, they did it for them. And once the patches were updated, there was a flaw in the patch. That basically downed every device where the patch had been installed. So now that we rely on computers and everything is automated, even the stuff that we used to do ourselves, we're going to face many more such problems.
Vishwanath feels one of the solutions businesses, other organizations and anyone should have is a strong incident response plan for potential outages like this.
"Think of it like digital address books. We no longer have physical address books. So if your digital address book fails, that's about it. You can't contact anyone. Having a backup in these kind of circumstances for essential stuff, the stuff that you know is going to be critical to you, is important," Vishwanath explained. "You don't have to have a complete address book, but you can handle the essential numbers. So in the same light, you want to do similar things. Essential services. If it's accounting, if it's ticketing, you gotta have a backup system. And that's what an incident responsible plan helps you."
With systems more-and-more connected online, Vishwanath warns outages like this are likely to happen more.
"We're relying on it from everything from our address book to online shopping. Everything is online, and so this is one of those things we're gonna have to keep preparing ourselves for so it doesn't happen again, or doesn't impact us to the extent it does, even if it does happen," he said.
Vishwanath says it's everyday processes that are getting disrupted, or even broken into or hacked. They are processes that are now automated almost completely. That's why, especially for businesses, it is imperative to have an incident response plan always have a backup in case you may get left in the dark.
"Businesses have to do it, especially big businesses out there, which rely on a lot of this technology for everything they're doing. For buildings, for ticketing, if it's an airline. They need to have a backup plan, assuming that something's going to happen and prepare for it. Have a contingency plan, have a contingency paper backup," Vishwanath said.
In this particular case, Vishwanath believes it will take a day or two for the systems to come fully back online, and to be rebooted or repatched. He says that's something businesses and other organizations also have to plan for.
"Since we know these are happening and these are going to happen, planning for it is really important. And I think this is important for bigger businesses to prepare for. Be prepared with these kind of incident response plans so that the next time something like this happens, either because it's a breach or if it's just a system outage caused by some kind of error like this one, you're prepared for it so the downtime is not so long," Vishwanath noted.
"Right now we're talking about a downtime of about a day, maybe two until the patches are restored and everything comes back online. It could be even a busy weekend, and then all the airlines have to catch up on the backlog, so it could be about a week for us to get back on. That's too long. You should be able to recover from this in maybe one or two or three days, at the most."
Meanwhile, Vishwanath says you can also control your own systems and the backups you may have.
"Often what's happening now is most of us are going online for everything. Even our licenses are online in New York State now. Having a paper backup, assuming something's going to fail, just a few essentials - some paperwork to demonstrate who you are, having some cash on hand, having a little bit of these contingencies built in - they could help you when these kinds of systems go down in ways in which no one else can. That's something every one of us can do," he said.