The global IT meltdown shows how tech failures could be the chink in our armour to enemies like Russia and China.
In what has been branded the “largest IT outage in history”, major airport, airline, railway and supermarket services across the planet were crippled today.
Now experts have warned that tech outages can leave defence systems more vulnerable from attacks from Putin and his pals.
David Brumley, CEO of ForAllSecure and the firm’s head of developer advocacy, Josh Thorngren, said meltdowns posed great risks for data security.
Brumley said: “When things are down, that doesn’t necessarily mean that China and Russia are going to get access to information.
“But what we see happening in these sorts of situations is people will stand up temporary systems that are less secure, and those often get left behind.”
Read more on the IT outage
Brumley noted that the public saw effects of the outage in everyday services, but there would be a host of unseen problems caused for governments.
He said: “Medical services are down, flights are getting delayed and backed up. Planes can’t get in the air.
“Imagine how much is going on the defence side where they rely upon Windows just as much. And that’s internationally.”
“The security implications can’t really be underestimated here.”
Thorngren warned these consequences can be even more concerning.
He said: “Given the scope of what we’re hearing about just in publicly available information, the things you’re not hearing are even more worrisome to some degree.”
The boss said security companies like CrowdStrike are top targets for attacks.
That’s because security software runs with high privileges and doesn’t require user interaction.
Brumley identified three critical mistakes made by CrowdStrike: a latent bug that hadn’t been fixed, inadequate testing of updates, and the lack of an incremental rollout for the update.
The pair called for a shift in how security is integrated into product development.
What is CrowdStrike?
THE global cyber outage affecting TV channels, banks, hospitals, airports and emergency services appears to relate to an issue at cybersecurity firm CrowdStrike.
IT security firm CrowdStrike ran a recorded phone message on Friday – saying it was aware of reports of crashes on Microsoft’s Windows operating system relating to its Falcon sensor.
A prerecorded message said: “Thanks for contacting CrowdStrike support. CrowdStrike is aware of reports of crashes on Windows… related to the Falcon sensor.”
The Falcon system monitors the computers it is installed on and detects hacks and bugs before responding to them.
CrowdStrike, headquartered in Austin, Texas, says it is a global security leader which provides an advanced platform to protect data.
A CrowdStrike update on Friday is said to have caused a critical error in Microsoft operating systems, affecting millions worldwide.
The company regularly updates systems with new anti-virus software
Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia said: “If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons .
“One: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.
“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats.
“It is possible that today’s outage may have been caused by a buggy update to Falcon.”.
Cyber expert Troy Hunt told Australian TV network Seven: “It looks like they’ve pushed a bad update, which is presently nuking every machine that takes it.”
They want security features prioritised and product security roles to have the authority to implement necessary changes.
Thorngren said: “At the end of the day, security is as much a feature as something that a consumer sees, some shiny new button in the UI.
“Without an investment in that at the board level down, saying our security roadmap and being proactive and being preventative, that’s an investment we have to make just as much as new features.”
GLOBAL CHAOS
The major tech outage has sparked mayhem – with flights grounded and TV channels and banks knocked offline.
The severe issues at Microsoft have crashed computer systems across the world as major businesses, newsrooms and television networks all plunged into chaos on Friday.
Cybersecurity software firm CrowdStrike say they have identified the issue behind the global outage as a flawed anti-viral update.
The firm are reportedly used by Microsoft to handle various updates to their systems.
The incident had far-reaching impacts, notably in airports where it led to widespread chaos.
Airlines were unable to check in passengers, and even basic airport terminal services were disrupted.
The disruption also extended to banks, healthcare services and other critical sectors, leading to a domino effect of failures.
Senad Aruc – who has has more than 25 years of experience in cybersecurity – said the financial impact of Friday’s “tech doomsday” will cost billions across the globe.
Cybersecurity software firm CrowdStrike say they have identified the issue behind the global outage as a flawed anti-viral update.
When things are down, that doesn’t necessarily mean that China and Russia are going to get access to information because those systems are down.
David Brumley
The firm are reportedly used by Microsoft to handle various updates to their systems.
Microsoft has since announced it is taking “mitigation actions” against the issues.
They said via X: “Our services are still seeing continuous improvements while we continue to take mitigation actions.
“We remain committed in treating this event with the highest priority and urgency while we continue to address the lingering impact for the remaining Microsoft 365 apps that are in a degraded state.”
A Microsoft spokesperson told Bloomberg that a “resolution is forthcoming”.
CrowdStrike said in a post on their website: “CrowdStrike is aware of reports of crashes on Windows related to the Falcon Sensor.”
They confirmed it isn’t a hack or a cyber attack that caused the issues.
Global services affected by IT outage
rains
- Govia Thameslink Railway (GTR) – urged passengers to expect disruption due to “widespread IT issues”
- Gatwick Express – warned travellers they are “currently experiencing widespread IT issues”
- South Western Railway – all ticket vending machines are currently non operational – buy tickets online
- National Rail – some train operators are unable to access driver diagrams at certain locations, leading to potential short-notice train cancellations
- TransPennine Express – some TPE stations and systems are having IT issues – buy tickets online
- New York City’s MTA system affected
- Washington D.C Metro trains – delayed
Airports and airlines
- Manchester Airport – delays for those checking-in for Swissport flights
- London Gatwick – passengers may experience some delays while checking in and passing through security but should still arrive for their normal check-in time
- Ryanair – advise passengers to arrive at the airport three hours in advance of their flight to avoid any disruptions
- Edinburgh Airport – wait times longer than usual
- Stansted Airport – some airline check-in services reverted to being done manually, but main operational systems are unaffected and flights are still operating as normal
- Luton Airport – running manual systems
- Heathrow Airport – affected but flights operational – check with airline on latest journey information
- American Airlines – all flights cancelled
- United and Delta – no flights taking off
- Allegiant Air and Spirit Airlines – flights grounded
- Frontier and SunCountry – affected by outage
- San Francisco Airport – passengers reporting suspended flights
- Mumbai Airport – check-in desks shut down for IndiGo, Akasa and Spice Jet flights
- Australian airline Qantas – flights grounded
- Schipol Airport in Amsterdam – flights to and from the Netherlands affected
- Spanish airport association AENA – reported issues at 42 airports
- Rome’s Fiumicino Airport affected
- Ibiza Airport – empty due to IT outage
- Hamburg Airport in Germany affected
- BER Berlin Airport – Long queues
- The Hague Airport in Rotterdam – travellers experiencing longer wait times
- Narita International Airport in Narita, east of Tokyo – check-in delays
- Palma Mallorca Airport affected
- Suvarnabhumi Airport in Bangkok – longer queues reported
- Hong Kong Express Airways passengers delayed at Hong Kong International Airport
Television Networks
- Sky News – Friday morning breakfast show unable to air but now back on screens with reporter reading from printed notes
- Paramount Global channels including MTV, VH1, CMT and Pop TV – bumped offline.
Britain’s GPs
- The Wilmslow Health Centre in Cheshire – without access to their IT systems
- Solihull Healthcare Partnership in the West Midlands – affected ability to book/consult with patients this morning
- Central Lakes Medical Group in Ambleside – stated there has been a “big effect” and delays on the phone expected
- Pocklington Group Practice in the East Riding of Yorkshire – appointments needing to be cancelled and rearranged
- Hulme Hall Medical Group, in Stockport – unable to offer any appointments
- Windrush Medical Practice in Witney, Oxfordshire – continuing as normal for urgent enquiries but ask for routine concerns to wait until Monday
- Grimethorpe Surgery in Barnsley – no access to the clinical system, EMIS Web
- The National Pharmacy Association (NPA) confirmed the IT outage is disrupting community pharmacies
- A surgery in Putney, southwest London – Displaying an error message online to patients who attempt to book
Global hospitals
- Two German hospitals have been forced to cancel emergency operations
- The hospitals, in the northern German cities of Luebeck and Kiel, cancelled all elective operations scheduled for today
Supermarkets and restaurants
- Morrisons are affected
- Some Waitrose and Co-op are now cash only
- Gails and Waterstones experiencing some issues
- Wetherspoons pubs – only accepting cash
- Woolworths and Coles supermarkets in Australia – self service machines not working
Events
- Manchester United ticket release postponed – morning’s ticket release will be postponed until midday and website will remain unavailable
Banks and supermarkets in Australia including Beyond Bank Australia have also been experiencing issues this morning.
Various Microsoft services in Japan and New Zealand are also battling tech issues.