"The largest IT failure in history", Microsoft's blue screen incident has raised national security concerns

Observer.com

2024-07-20 22:35Posted on the official account of Jiangsu Observer.com

The full text is 5401 words, and it takes about 16 minutes to read, so help me highlight the key points

Highlight the point

01A failed software update of CrowdStrike, a leading cybersecurity company in United States, caused many Microsoft Windows users around the world to suffer a "blue screen" failure, affecting government departments to retail stores.

02Since every affected computer may have to be repaired manually, the adverse effects of this incident will take at least a few days to slowly recover.

03Experts believe that this incident highlights the serious risks posed by the global reliance on a small number of vendors' software, and that if something goes wrong, the consequences can be more serious than the consequences of not functioning.

04In addition, this incident has raised concerns about the national security risks caused by the global IT technology outage, and United States, Canada, Australia, Japan, United Kingdom and other countries and regions have been affected.

05Experts suggest that governments and companies need to explore new policy tools to avoid future disasters and diversify software vendors.

The above content is generated by Tencent's hybrid model and is for reference only

[Text/Observer.com Ruan Jiaqi]

One update, one string of code, and a global outage. On the 19th local time, CrowdStrike, a leading United States network security company, failed a software update, which disturbed countless Microsoft Windows system users around the world.

This cyber security incident, which has affected almost all industries, has forcibly pressed the pause button on the busy world, from government departments to retail stores, all operations have been blocked. Everyone could only stare at the blue screen with dry eyes, so angry that Tesla CEO Elon Musk said ruthlessly to "burn down the CrowdStrike computer room"; A senior official of the United States Department of Homeland Security looked at the computer that restarted infinitely and wailed "driven crazy by the blue screen"; Anne Neuberger, the United States deputy national security adviser in charge ·of cyber technology, was called to the White House at 4 a.m. by a phone call in her sleep.

Although the cause of the problem has been identified, the adverse effects of this incident will take at least a few days to recover slowly, as each affected computer may have to be manually repaired. According to many cybersecurity experts, the "largest and worst IT failure in history" highlights the serious risks posed by the world's reliance on a handful of vendors' software. Considering the widespread use of a single security software and its deepening of computer privileges, "if it fails, it may be more serious than if it does not work," the New York Times quoted experts as saying.

At the same time, United States, Canada, Australia, Japan, United Kingdom...... Even South Africa has been affected to some extent by this incident, which has also quickly raised concerns about the national security risks caused by the global IT technology outage. Given the wide range of critical infrastructure providers affected, some experts cautioned that the incident could be seen as a national exercise in a large-scale cyberattack. Tobias Feakin, a former cybersecurity official in Australia, said later that if the incident was really deliberately done by a "malicious adversary", the consequences would be unimaginable.

CNN reported that the blue screen incident may prompt governments around the world to study what could happen, and United States officials and business executives may explore new policy tools to avoid a "catastrophe." At the Aspen Security Forum, United States Secretary of State Antony Blinken emphasized the need for diverse software vendors for national security.

At Delhi International Airport, India, a passenger looks at a large screen at a malfunctioning airport. European News Agency

Near-global shutdown, "worst IT failure ever"

On July 19, local time, the United States technology giant Microsoft broke out a major service interruption incident, and many users around the world reported that enterprise computers equipped with Windows systems had a "blue screen" failure and could not start normally.

The incident was related to a software update from CrowdStrike, a third-party United States cybersecurity company. To put it simply, CrowdStrike sends a software update to Microsoft Windows users around the world, and under normal circumstances, this update will be quietly and automatically updated in the background without affecting the user's use. However, due to the vulnerability of this update, it directly caused the system to crash at runtime, which in turn caused a global IT system outage.

As a result, since Thursday night, Microsoft users around the world have been exposed to "blue light" after turning on their computers, accompanied by the embarrassing situation of repeated computer restarts and crashes. As one netizen complained, "If you get a Microsoft blue screen today, you are not alone." ”

Foreign netizens complained

And as the sky brightens, a busy day is about to begin, and the computers that have not seen the slightest improvement make people slowly realize that this failure may not be so simple - the plane is no longer flying, the hospital is not turning, the freight is not leaving, and even the coffee shop at the intersection cannot be swiped to pay the bill...... Many countries have staged varying degrees, even top-down, "paralysis" of public services.

Especially now that it is the peak tourist season, the "critical attack" of the aviation industry is the most direct and obvious. CNN cited data from flight-tracking website FlightAware that as of Friday evening, 41,000 flights had been delayed and more than 4,600 flights had been canceled worldwide.

Many airports have to check in manually and use handwritten boarding passes to check in, which greatly reduces the efficiency and causes long queues of waiting passengers. There are also many people who are trapped at the airport and can only sleep on the floor with their luggage. Ryanair, Europe's largest airline, admitted that the outage was beyond its control and advised all visitors to arrive at the airport at least three hours in advance.

Among them, more than 3,000 flights have been canceled in the United States and abroad, and more than 11,000 flights have been delayed.

According to US media reports, the United States FAA initially suspended all flights in the United States, and airlines later reported resuming service one after another. According to the New York Times, this level of impact is almost equivalent to the impact of a snowstorm on flights.

As of 23:30 p.m. EST on the 19th, flights across the United States were cancelled. Flightaware Data

A bit of black humor is that United States Southwest Airlines, which has been named and criticized by the US Department of Transportation and Congress for its aging system, has not been affected by the outage at all this time and operates flights as usual. The reason for this may be because the airline is still using the Window3.1 system launched 32 years ago, which is too "backward" to update, but "escaped".

CCTV reporter Liu Xiaoqian was United States at San Francisco Airport just in time for the collapse of the airport paralysis. And when he took a taxi in the dark to find a hotel to stay in, he found that the "nightmare" was much more than that—the hotel system was also a bright blue.

According to Politico News, the hotel system is down and guests cannot be charged, checked out or booked. Indus Hotels, which operates about a dozen Hilton and Marriott hotels in Ohio and Pennsylvania, revealed that many of its hotels had only one computer working on Friday mornings.

"The hotel managers must be pulling their hair frantically." · Aaron, Chief Operating Officer of Indus Hotels, · Alan L. Assaf said helplessly.

In addition, companies in different industries, including Tesla, Starbucks, ExxonMobil, etc., have also publicly stated that they have been affected. Starbucks said widespread failures in third-party systems led to a temporary outage of mobile booking and payment capabilities. ExxonMobil said the global network failure affected some of the company's information systems.

Tesla CEO Elon Musk reacted the most, angrily complaining on social media that he had removed the CrowdStrike software from all of Tesla's systems, scolding the outage for its impact on the automotive supply chain. Business Insider, citing sources familiar with the matter, said Tesla halted some of its production lines in Texas and Nevada due to global IT failures.

After scolding, Musk also attached an AI-generated picture of "burning the CrowdStrike computer room" to vent his dissatisfaction. He then added, "Unfortunately, many of our suppliers and logistics companies are using that company's software. ”

Musk's X account

The Wall Street Journal pointed out that the outage affected almost all industries, from the Americas, Europe to Asia, and it can be described as "rain and dew", and many countries have been seriously disrupted in various industries, including transportation, finance, media, healthcare, retail, logistics, etc.

The Washington Post reported that even in an industry that has already been hit hard by hacking this year, experts are still shocked by Friday's level of shutdown.

"I'm stupid to see this chain reaction." Chris Cummiskey, a cybersecurity expert and former Department of Homeland Security official, said that while CrowdStrike is often seen as the "gold standard" for cyber protection, the incident may require a revisit of their internal practices, "You wouldn't want this kind of global collapse to happen at the push of a button, would you? ”

CrowdStrike is "ubiquitous", and the dominance of a single software vendor raises concerns

According to CNN, CrowdStrike may not be well-known to ordinary people, but in fact this company is a real leading cybersecurity company in United States, with the largest share of the cybersecurity market. After more than a decade in business, CrowdStrike's business footprint spans the globe with 29,000 customers, including large companies like Amazon and Microsoft. According to US media reports, 271 of the world's top 500 companies are its customers.

In the words of Bruce Schneier, a security technologist who teaches at Harvard's Kennedy School of Government, the company, which the average person "has never heard of," is critical to the proper functioning of the Internet. But now it's the equivalent of just nailing a painting to the wall of the house, and the house is about to collapse.

A single loophole could easily lead to a complete stagnation in some areas of the global economy. United Kingdom Ciaran Martin, a former chief executive of the National Cyber Security Centre and a professor at the University ·of Oxford, said bluntly that the example "made him very uneasy".

CNN noted in a commentary that the blue screen incident highlights the fragility of the global economy and its reliance on CrowdStrike, an United States cybersecurity company, which has received little attention before. Experts believe that a few companies dominate the anti-virus and testing market, and once something goes wrong, it will "lead the whole body", bringing huge risks to governments and enterprises.

Munish Walther-Puri, former director of cyber risk in New York City, worried, "We have a wide range of trust in cybersecurity vendors that lack diversity, and we create vulnerabilities in the technology ecosystem. ”

On July 19, local time, in Hamburg, Germany, passengers waited for check-in at Terminal 1 of Hamburg Airport. Visual China

The Wall Street Journal also pointed out that a single update from a single vendor can plunge so many companies into the digital dark age, a new warning about the world's technological dependence. While there are precedents for similar update failures, the growing reliance on AI-driven automation tools by businesses and individuals makes each new outage feel more dangerous.

Thomas Parenty, a cybersecurity consultant and former ·United States NSA analyst, also points out that one of the tricky things about security software is that it requires absolute access to the entire computer to do its job. "So if something goes wrong with it, the consequences are far more serious than if it doesn't work."

The problem is that in the event of a major service outage and cybersecurity incident, these software vendors have little to no responsibility. Unlike automakers, who face severe penalties for brake failures, software vendors are often negligible and may only need to release a new patch and move on as if nothing happened, Parenti said.

He argues that "unless software companies have to pay a serious price for problematic products, we won't be safer tomorrow than we are today." ”

Gil · Luria, senior software analyst at D.A. Davidson, a United States market forecaster, said most companies could not find a replacement for Microsoft. In the wake of this incident, some business users may consider looking for alternatives to security products.

Especially considering that it's not uncommon for CrowdStrike products to be buggy: in April of this year, the company pushed a software update to a customer running Linux, which caused the computer to crash. It took CrowdStrike almost five days to fix the vulnerability.

"This will be the largest IT disruption in history." Australia security consultant · Hunt, creator of the hacker inspection website, said, "We're actually just beginning to see the tip of the iceberg." ”

For national security, "it can be called a nuclear bomb accident"

Although George Kurtz, co-founder and CEO of CrowdStrike, stressed that the incident was "not a security incident or a cyber attack", the failure has affected nearly 10 million devices using Microsoft Windows, including a large number ·of critical infrastructure operations in many countries, and even government departments, United States the mayor of Portland declared a state of emergency for the city due to the "paralysis" of public services. Therefore, in the eyes of many security experts, this incident can be called a "nuclear bomb" cyber security incident.

Kemba Walden, former acting national cyber director ·of the White House, said it was a "reasonable assumption" that federal agencies would be affected, given the widespread use of CrowdStrike and Microsoft software. Since then, officials from the United States Treasury Department and the Department of Justice have admitted to Politico News Network that some of the department's computer systems have problems. The U.S. Social Security Administration also announced on the 19th that all offices are closed to the public. The Pentagon was also asked by senators to brief on the impact of the disruption on United States defense affairs.

In a statement, the United States Department of Ground Security did not respond to whether its systems were affected by the failure, while an anonymous senior official wailing that he was "driven crazy by the blue screen" privately told Politico News that the department's computers crashed en masse around 1:30 a.m. and still could not be restarted Friday morning.

CNN reported that although the chaos that occurred on Friday did not involve malicious attacks, the blue screen incident, which almost led to a global shutdown, is bound to attract the attention and research of governments around the world. Given the wide range of critical infrastructure providers affected, United States officials and business executives may also wonder whether new policy tools are needed to avert future disasters.

On Friday, local time, at the Aspen Security Forum in Colorado, United States, Anne Neuberger, the United States's deputy national security ·adviser for cyber technology, revealed that she was woken up at 4 a.m. by a call from the White House and then spent the morning assessing the impact of the outage on all critical infrastructure sectors in United States.

Newberg believes that this incident exposes the integration risks in the technology supply chain, "What we need to really think about is our digital resilience, not only the systems that are running, but also the risks of integrating globally connected security systems, how do we deal with integration, and how do we make sure that if an incident happens, it can be contained and quickly recovered." We still have a lot of work to do to build that resilience. ”

United States Deputy National Security Adviser Anne · Newberg. Aspen Security Forum's official X account

Also at the Aspen Security Forum, United States Secretary of State Antony Blinken stressed that the blue screen incident showed that "we must diversify our software vendors." ”

Rob D'Amico, a former FBI agent in United States, noted in an interview with CNN that the impact of the global computer failure on national security was "greater than most people think."

In addition to the impact that has already been caused, he believes that there are some cyber malicious attackers who may continue to follow the course of the incident or try to take advantage of the phishing attack, "They may not be involved in the incident, but they are paying attention to what happened, what the reaction was, what the reaction time was, and how to fix it." ”

According to the BBC, Australia is one of the countries most affected by the incident, and its financial industry, aviation industry, communications industry, and even media organizations all reported errors intensively on the 19th. Australia's cybersecurity regulator once alarmed came forward to reassure, saying that there was no information that the country had received a malicious attack.

Tobias Feakin, a former cybersecurity ·official at Australia Foreign Ministry, said that if the incident had been deliberately done by a "malicious adversary", the consequences would have been unimaginable and could have caused very serious damage to Australia.

Earlier on Friday, EU authorities were also actively responding to the impact of the incident on airport airlines and financial institutions. Spokesmen for the European Commission and the United Kingdom Prime Minister's Office both told Politico News that they were investigating the matter.

"It's a good warning, or rather, a large-scale cyberattack exercise." Lisa Plaggemier, executive director of the National Cybersecurity Alliance, a United States nonprofit, said, "I mean, if we're struggling with the failure of a major security vendor, that's probably what we're being cyber attacked looks like." According to US media, the organization is one of the main partners of the Cybersecurity and Infrastructure Security Agency under the United States Department of Homeland Security.

It is worth mentioning that in this sudden global "big test", Saudi Arabia believes that it has handed over a satisfactory answer. On the 19th local time, the Saudi National Cyber Security Agency (NCA) issued a statement saying that the impact of global IT technology disruptions on Saudi Arabia's critical infrastructure was "minimal".

Its statement noted that by increasing national capacity and technological sovereignty, the authorities have taken active measures to respond to and monitor cyber threats. The cybersecurity standards set by the NCA strengthen the country's cybersecurity and reliability, protecting state entities and critical infrastructure.

In addition, Egypt, U.A.E. and other countries have also announced that after the implementation of backup systems, the impact on their aviation industry is relatively limited.

CCTV News reported on the 19th that on the same day, the flights of many airlines such as Air China, China Eastern Airlines, and China Southern Airlines were not affected by a wide range of system technical failures, and the flights were operating normally. International flights departing from Beijing Capital Airport and Daxing Airport are also currently operating normally.

According to Beijing Daily, Wang Liejun, a cyber security incident response expert and head of the threat intelligence center of Qianxin, said that the main domestic impact is foreign companies and their branches in China, and relevant office computers may be loaded with CrowdStrike by default, and domestic party and government organs, central enterprises, and large private enterprises are less affected.

CBN also learned that because Chinese local companies have hardly installed CrowdStrike, Chinese mainland's flight operations and inbound and outbound operations, local hotel industry and medical industry have basically not been affected. Zhao Hongbing, general manager of AsiaInfo's security SaaS product department, believes that the Microsoft blue screen incident has also prompted China to think deeply about the need to accelerate the pace of information innovation, from the basic operating system to the top-level application, and build completely independent and controllable technical capabilities.

This article is an exclusive manuscript of Observer.com and may not be reproduced without authorization.

View original image 379K

• 

• 

• 

• 

• 

•