Since 1965, and even as recently as 2003, after major power outages plunged much of the country into darkness, people have been asking, “Where were you when the lights went out?”
In 2024, the question might be, “Where were you when your PC showed the BSOD (Blue Screen of Death)?” Or, “Where were you on Blue Friday?”
You probably know someone whose life was turned upside down by the July 19 CrowdStrike incident, or you yourself have felt the impact. Microsoft Windows computers used in companies around the world crashed not because of a cyberattack, but because of a failed update to the Falcon Sensor security software distributed by the American cybersecurity company CrowdStrike.
The outage affected emergency call centers, airlines, banks, hotels, hospitals, media companies, stock exchanges, retail stores and government services across the country.
James Cell, network administrator for the city of Great Bend’s IT department, said he and desktop support technician Joshua Parks were busy that Friday, going through all the crashed computers and doing “cleanup.” By 3 p.m., they had completed much of the work and the city was back up and running. The rest of the cleanup was completed the following Monday.
Most personal Windows PCs were not affected that day, as CrowdStrike software is primarily used by organizations. Still, we can hear our Apple fans saying, “Something like that never happens with a Mac.”
Review
The Great Northeast Blackout on November 9, 1965, was one of the largest power outages in history. The failure of a 230-kilovolt transmission line near Ontario, Canada, led to the failure of several other heavily used transmission lines.
History.com recalls: “The blackout began at the height of rush hour and delayed millions of commuters, stranded 800,000 people on New York City subways, and left thousands more trapped in office buildings, elevators, and trains. Ten thousand National Guardsmen and 5,000 off-duty police officers were called into duty.”
In the aftermath, energy officials considered what they could have done differently and formed a coordinating council to develop plans to prevent similar incidents. Despite their best efforts, more blackouts occurred. The 1977 blackout is considered one of the 10 largest disasters in New York City history, and the 2003 Northeast blackout affected 45 million people.
Today, Security magazine reports that the CrowdStrike event underscores the fact that “the interdependencies within the world’s IT infrastructure are so fragile and critical that a small bug can bring them to their knees.” While this was not an attack, the consequences were similar.
The good news is that experts are already analyzing the lessons learned from CrowdStrike. (Again, to my diehard Apple fans, none of the advice I read was “buy a Mac!”) Part of the solution seems to be to implement software updates in phases, then test them even more thoroughly for bugs before pushing them out to larger groups where problems can spread. Areas to focus on include quality control for vendors and crisis preparedness for customers.
Our thanks go to the dedicated IT people who solved the problem as quickly as possible.
