The News
Airlines, banks, hospitals, and other services around the world are still feeling the impact of cybersecurity company’s CrowdStrike’s outage on Monday, days after it happened. The fallout continues even though the company said it has brought “a significant number” of the 8.5 million Windows devices hit by a faulty update back up.
While fewer than 1% of all Microsoft devices were affected globally, experts described the event as “the worst IT catastrophe in history.”
Passengers remained stranded in airports Monday as thousands of flights were canceled. Atlanta-based airline Delta, one of the worst-impacted companies, has canceled thousands of flights, drawing criticism from US Transportation Secretary Pete Buttigieg.
SIGNALS
Ripples will be felt for weeks
The global supply chain will feel the consequences of CrowdStrike’s outage for weeks to come, experts told trade outlet MotorTransport, because “planes and cargo are not where they’re supposed to be,” and that could create knock-on problems in planning and scheduling for importers, exporters, and consumers. The UK’s National Health Service also warned that its services would likely take weeks to go back to their regular schedules as doctors scramble to catch up with their lost work.
CrowdStrike’s failure is a warning
This incident was not the first of its kind and it won’t be the last, The Atlantic wrote, noting that such failures are the “inevitable outcome of modern social systems that have been designed for hyperconnected optimization, not decentralized resilience.” As the world has globalized and digitized, risk becomes increasingly catastrophic and instantaneous. This time, the outage was fixed quickly because CrowdStrike made a good-faith mistake, but if a bad actor had been the problem, the consequences could be much worse. One cybersecurity expert told UK outlet The Independent that governments would need to work with the industry to “design out” technological flaws if they want to avoid similar incidents in the future.
Experts wonder who will pay the price of the outage
The CrowdStrike outage could cost businesses over $1 billion in losses, one analyst estimated, but whether the company will have to foot the bill remains unclear, CNN noted. It’s likely that the wording of CrowdStrike’s contracts shields it from liability, one expert said, and even if a business or a customer was affected, it will be difficult to prove that the losses they incurred resulted directly from the outage, Sky News added. Airline passengers are most likely to struggle to get their money back — airlines may refuse to compensate them due to “extraordinary circumstances,” and they may have to resort to recoverable cost protection from their card providers.