Lessons from a global outage
If you’re a child of the ’90s like I am, you’ll remember all the doomsday prophecies and collective anxiety surrounding the year 2000. Famously known as the Y2K problem, many computer programs used only the last two digits of the year making 2000 indistinguishable from the year 1900, potentially leading to errors that could disrupt computer-reliant services worldwide, including the banking system. As the millennium approached, the Y2K scare spread, leading some people to withdraw large amounts of money or to stockpile groceries and firearms. When the clock turned midnight on Jan. 1, 2000, very few errors occurred, and the new year started without the feared glitch. Those involved in Y2K remediation efforts commend the programmers and IT experts for all the preemptive actions that were undertaken to avert the possible disaster.
Late last week, however, the world finally experienced the kind of large-scale chaos and disruption that a tiny computer error can cause. CrowdStrike, a cloud-based firm providing cybersecurity protection services for most Fortune 500 companies, released a configuration update specifically for its clients using the Windows operating system. Due to faulty code, it triggered an error that led to the endless reboot of impacted machines, resulting in a system crash.
Those using Linux and iOS were spared. Unfortunately, it seems that every major system worldwide was running on Microsoft’s software and relying on its technology for day-to-day operations. I first learned about the outage through my WhatsApp group chat with my high school friends. Several of them shared that they had no choice but to have an “early weekend” because all their laptops would not function. A few minutes later, the scale of the problem exploded online.
Article continues after this advertisementAll over the world, major airlines, banks, retail, and media companies faced operational challenges as their online systems crashed. Airports became overcrowded with waiting passengers as the affected airlines were forced to revert to manual processes, leading to the unprecedented sight of handwritten boarding passes. In the Philippines, Cebu Pacific, Air Asia, and United Airlines all canceled local and international flights. Most local banks also experienced operational disruptions, resulting in much longer wait times at the different branches. Some government agencies also had to pause their online services temporarily due to the IT outage.
Although CrowdStrike quickly identified and responded to address the cause of the error, it was challenging for the company to fix the issue remotely since the impacted machines were rendered offline. As a result, many of the affected users require personal assistance from an IT expert to fix each computer manually to remove the erroneous code. It remains to be seen whether the company will face sanctions and penalties for the damages its mistake had inadvertently caused.
As organizations worldwide found themselves paralyzed last week, it highlighted the need for a more balanced approach to IT infrastructure versus a system with a single point of failure. Cloud services may offer convenience and scalability, but organizations still need to maintain on-premises capabilities and develop robust contingency plans, ensuring greater resilience.
Article continues after this advertisementEven if CrowdStrike was responsible for the incident, it reignited concerns about Microsoft’s dominance in the operating system market. With more than 80 percent of the market share, the recent events exposed how any issue with Microsoft’s products can have widespread effects, setting off a chain of negative events. Microsoft’s monopoly power has long been criticized, with the United States government suing the company in the 1990s for anti-competitive practices. The global outage revived questions about how Microsoft’s dominance could potentially harm organizations and consumers by limiting choice.
Separately, the reliance of government agencies worldwide on Microsoft products has also been highlighted as a security risk. This surfaced most recently in a US House committee hearing focusing on a high-profile 2023 incident in which Chinese hackers infiltrated US government systems through Microsoft Exchange Online, compromising the mailboxes of more than 500 people and 22 organizations globally. While Microsoft acknowledged its shortcomings, it also emphasized the importance of collaboration to address possible geopolitical cyber threats in the future from countries like China and Russia.
Whether this series of scrutiny will have an impact on Microsoft’s market share is uncertain. However, experts hope it will raise awareness of just how vulnerable consumers, governments, and businesses are when one company monopolizes a particular technology. In the same way, the world recognized and acted to mitigate Y2K’s potential harm, may the global outage prompt consumers and organizations to rethink their choices when buying software and cloud computing programs, and may this urgently remind government officials to aggressively push back against monopolistic practices in the technology space and any other industry.
