Starting in 1965 and even in 2003, after major power outages plunged portions of the nation into darkness, people asked, “Where were you when the lights went out?”
In 2024, the question might be, “Where were you when your PC displayed the BSOD (Blue Screen of Death)?” Or, “Where were you on Blue Friday?”
Chances are, you know someone whose life was disrupted by the July 19 CrowdStrike incident, or you yourself may have felt its effects. Microsoft Windows computers used by organizations everywhere had crashed, not because of a cyber attack, but because of a failed update to the Falcon Sensor security software distributed by American cybersecurity company CrowdStrike.
The outage affected 911 call centers, airlines, banks, hotels, hospitals, media companies, stock markets, retail stores and governmental services throughout the nation.
James Cell, the network administrator for the City of Great Bend’s IT department, said he and Desktop Support Technician Joshua Parks were certainly busy that Friday, going around to all the crashed computers and doing “cleanup.” They got a lot of the work done by 3 p.m. and the City was back up and running. Whatever cleanup work was left was wrapped up the following Monday.
Most personal Windows PCs were unaffected that day, because CrowdStrike software is primarily used by organizations. Even so, we can hear our Apple fans saying, “That never happens with a Mac.”
Looking back
Nov. 9, 1965, the Great Northeast Blackout, was one of the biggest power failures in history. The dropping of a 230-kilovolt transmission line near Ontario, Canada, caused several other heavily loaded transmission lines to fail.
History.com recalls, “Blackout began at the height of rush hour, delaying millions of commuters, trapping 800,000 people in New York’s subways, and stranding thousands more in office buildings, elevators, and trains. Ten thousand National Guardsmen and 5,000 off-duty policemen were called into service.”
In the aftermath, power officials thought about what they could have done differently and they formed a coordinating council to develop plans to prevent a similar occurrence. Despite their best efforts, other blackouts have occurred. The 1977 blackout is listed as one of the 10 biggest disasters in the history of New York City and the 2003 Northeast Blackout affected 45 million people.
Today, Security magazine reports the CrowdStrike event underscores the fact that “dependencies within the world’s IT infrastructure are so fragile and critical that a small bug can bring it to its knees.” This wasn’t an attack but the results were similar.
The good news is that experts are already analyzing the lessons to be learned from CrowdStrike. (Again, to my diehard Apple fans, none of them I’ve read were, “Buy a Mac!”) Part of the solution appears to be implementing software updates in phases with more testing for glitches before dropping them to larger groups where problems can become widespread. Areas to focus on include quality control for the vendors and crisis management preparedness for the customers.
We can be thankful to the dedicated IT people who dealt with the problem as quickly as possible.