Welcome back to the July Cyber Scan Headlines CrowdStrike Outage Special Edition. This week, we dive into the historical IT outage that has shaken global IT dependency systems and brought down networks worldwide, affecting airlines, retailers, and financial services across the globe.
The story starts with a chronological breakdown of the events unfolding on July 19th. We begin with the hour-by-hour incident reports starting on Thursday, July 18th at 6:00 p.m. Pacific Daylight Time, and move forward to review the first worldwide outage at 3 p.m. Friday, July 19th Australian Eastern Time.
We will provide an in-depth analysis of the latest CISO expert opinions and the impacts mentioned during the 72-hour saga, as well as the Australian government's position and announcements. This edition includes three pivotal articles: an hour-by-hour account of the outage, expert opinions from CISOs on the global ramifications, and detailed responses from the Australian government and Home Affairs Minister Clare O'Neil. The coverage highlights the significant disruptions caused by the CrowdStrike update, the coordinated government response, and the expert insights on the fragility and interconnectedness of modern IT systems.
Global IT Outage Linked to CrowdStrike Update Causes Widespread Disruptions
A recent global IT outage, primarily traced back to a faulty update from cybersecurity firm CrowdStrike, has caused significant disruptions across multiple sectors, including airlines, banks, supermarkets, and media companies. Here is a detailed hour-by-hour breakdown of the event and its impacts:
Hour-by-Hour Event Development
July 18, 2024
6:00 PM ET (8:00 AM AEST, July 19)
Microsoft Outage Begins: Microsoft reports a major technical outage affecting its cloud services, particularly in the Central US region. This impacts multiple Azure services and Microsoft 365 apps, causing initial disruptions across various sectors.
July 19, 2024
3:00 PM AEST Initial Reports in Australia
Reports of widespread IT outages begin to emerge in Australia, impacting banks, supermarkets, and media companies. Users experience blue screen errors on Windows devices due to a faulty CrowdStrike update.
4:00 PM AEST Airlines and Airports Affected
Major airlines, including Qantas and Virgin Australia, report boarding delays and cancellations. Airports in Australia and globally start experiencing significant disruptions.
5:00 PM AEST Financial Services Hit
Banks such as NAB, Commonwealth Bank, and Bendigo Bank report service disruptions. Customers face issues accessing online banking and payment systems.
6:00 PM AEST Media Outlets Disrupted
Australian media outlets, including ABC and Sky News, experience network problems. Video editing systems and broadcasting capabilities are affected, leading to limited news coverage.
7:00 PM AEST Retail Sector Impact
Supermarkets like Woolworths report checkout system failures, causing delays and preventing customers from making purchases.
8:00 PM AEST Global Impact Becomes Clear
Similar issues start surfacing in the US, Europe, and Asia. US airlines such as American Airlines and United Airlines implement ground stops due to IT failures.
9:00 PM AEST Microsoft and CrowdStrike Response
Both Microsoft and CrowdStrike acknowledge the issue. CrowdStrike CEO George Kurtz confirms that a faulty update caused the disruptions and that a fix has been deployed. However, recovery is expected to take time.
10:00 PM AEST Ongoing Disruptions
Despite the deployment of a fix, many systems remain affected. Users continue to report issues with accessing Microsoft 365 apps and other services.
July 20, 2024
Early Morning AEST
Gradual Recovery: Some systems start to recover as the fix takes effect. However, residual impacts are still being reported, and full recovery is expected to take additional time.
Overall Impact
The outage, described as one of the largest IT failures in history, had widespread repercussions:
Airlines
Over 1,400 flights were cancelled globally, with significant delays and ground stops implemented by major airlines.
Qantas and Virgin Australia
Australian Impact: Both airlines experienced significant disruptions, particularly at Narita Airport near Tokyo. Virgin Australia and Qantas also faced issues in Australia, with widespread delays and operational challenges.
Other Affected Airlines across the region
Cathay Pacific: Reported technical difficulties with its online flight booking service and self-service check-in facilities at Hong Kong International Airport.
AirAsia and Cebu Pacific Air: Both airlines had to switch to manual check-in processes at various airports.
Financial Services
Banks experienced service disruptions, affecting online banking and payment systems.
Retail and Supermarkets
Checkout and payment systems in supermarkets failed, causing operational delays.
Media and Broadcasting
Media companies faced network issues, impacting news coverage and broadcasting capabilities.
Public Services
Emergency services and government departments reported operational challenges, although critical services like Triple-0 remained functional.
CISO's and Security Executives Respond to CrowdStrike Outage
Whilst Australia was winding down its working week last Friday, the first signs of a major outage began at 3 PM AEST. Corporate law firms and national retailers such as Coles were among the first to suffer outages. Meanwhile, in the US, the Chief Information Security Officer (CISO) at RingCentral, Michael Armer, was being woken up by notifications of a major incident. “I freaked out,” Armer said, suspecting that it could be a massive cyber attack. “That’s enough to get your blood flowing really quickly,” he added.
It turned out that the massive computer outage was not the work of nefarious hackers but the result of a glitch in a routine software update by security company CrowdStrike. “We were all very fortunate that this was related to one of their standardised and automated software deployments,” Armer said.
The incident, while not a cyber attack, highlighted the fragility and interconnectedness of modern technology systems. Security experts are increasingly concerned about the dangers posed by today’s convoluted system of software updates, which stretch staff thin at even the largest organisations.
Paul Davis, field CISO at software supply chain platform JFrog, emphasised the difficulty of balancing speed and risk.
“The antivirus products are pushing up multiple updates per day because in some ways we’ve pushed them into a corner,” Davis said.
“The faster they can respond to detect a piece of software or malicious activity, the better they are. So, the requirement to test multiple times a day becomes onerous.”
For many security executives, the real challenge lies in protecting organisations from cybersecurity threats that can spread rapidly while ensuring that software updates are thoroughly tested. As a CISO at a top law firm in New York City noted,
“It’s a really difficult conundrum. Sometimes you have to put out a security patch because it’s critical, and you’ve got vendors breathing down your neck and there’s no way to [test] it.”
The CrowdStrike incident serves as a wake-up call for organisations to reassess their reliance on automated updates and consider the implications of their technology dependencies. As RingCentral’s Armer observed,
“I personally am thankful that it wasn’t a state-sponsored attack.”
Australian Government and Clare O'Neil's Response to the CrowdStrike IT Outage
The recent global IT outage caused by a faulty update from CrowdStrike last Friday, has highlighted the critical importance of robust cybersecurity measures and meticulous update protocols. This incident, which disrupted services across various sectors including airlines, banks, supermarkets, and media companies, offers several key lessons for businesses and technology leaders.
As Australia grappled with the widespread IT outage caused by a CrowdStrike update, the Australian government quickly activated the National Coordination Mechanism to manage the crisis. Prime Minister Anthony Albanese assured the public that critical infrastructure, government services, and triple-0 emergency services remained unaffected.
Home Affairs Minister Clare O'Neil confirmed that the issue was purely technical, not a cybersecurity breach, and emphasised the ongoing recovery efforts, which could take one to two weeks to fully resolve. Assistant Energy Minister Jenny McAllister reiterated that the government is in the "recovery stage" and is working closely with affected sectors to restore normal operations.
Home Affairs Minister Clare O'Neil was quick to clarify the nature of the issue, stating,
"This is a technical issue, caused by a CrowdStrike update to its customers. We can confirm there is no evidence that this is a cybersecurity incident."
Her reassurance was crucial in mitigating fears of a cyberattack, but the scale of the disruption underscored the need for improved resilience in IT systems.
Prime Minister Anthony Albanese also addressed the public's concerns, emphasising that,
"there is no impact to critical infrastructure, government services, or triple-0 services at this stage."
This statement highlighted the preparedness of essential services to handle such disruptions, but the broader impact on other sectors was undeniable
Activation of the National Coordination Mechanism
The government activated this mechanism to manage the response, bringing together federal, state, and territory governments, along with representatives from affected sectors such as banks, supermarkets, airlines, and media companies.
Minister O'Neil also issued a stern warning about potential scams exploiting the situation, urging businesses to remain vigilant against phishing attempts and unsolicited offers of assistance. The incident underscored the need for robust business continuity plans and highlighted vulnerabilities in national IT resilience. Calls for a comprehensive review of cybersecurity and software systems have emerged, aiming to prevent similar disruptions in the future and enhance overall national resilience.