On Saturday (20th July), people in large numbers could be seen standing outside Airports across India a day after a technical glitch in Microsoft’s Crowdstrike caused massive disruptions globally. The disruption was caused by a faulty update of Crowdstrike software and it is being described as the world’s biggest IT outage. Although the situation has improved significantly since Friday’s pandemonium, passengers continue to face challenges. Crowdstrike said that while the core issue has been resolved, a full return to normalcy could take several days.
#WATCH | Microsoft outage affecting flight operations: People stand in queue outside Chennai International Airport pic.twitter.com/PyAwruG6me
— ANI (@ANI) July 20, 2024
On Saturday, the Ministry of Civil Aviation stated that flight operations were smooth and airline systems were back to normal across all airports a day after the global outage. In a statement, the ministry said that all issues related to travel adjustments and refund processes were being taken care of.
It is now clear that the root cause of the global Microsoft outage was a faulty update to its Falcon Sensor software which was issued by CrowdStrike for Windows systems. Microsoft said that the issue began at 1900 GMT on Thursday when Blue Screen of Death (BSOD) errors began popping up and computers crashed. In India, the outrage reportedly began at around 9.39 a.m. IST on 19th July.
Soon, the outage triggered a shutdown-like situation for global airlines, banks, healthcare, and financial institutions on Friday. According to reports, Microsoft’s outage caused maximum disruptions in the aviation sector as over 5000 flights were cancelled globally.
The Indian airline carriers cancelled over 200 flights with IndiGo being the worst-hit carrier as it alone canceled 192 flights. In the United States, at least three major airlines, American, United, and Delta, grounded all flights, according to the Federal Aviation Administration. Reportedly, 3,000 US flights were canceled while another 11,000 were delayed. Likewise, UK rail services were also severely impacted as the faulty update caused Windows to crash.
Hours after Windows started crashing because of its faulty update, CrowdStrike released a software patch as a fix.
Microsoft had said, “After an extended period of monitoring, we’ve determined that the issue is mitigated, and all previously impacted Microsoft 365 apps and services have recovered.”
CrowdStrike’s CEO George Kurtz acknowledged the error and issued an apology for the massive disruption. The firm also promised to undertake a full investigation and to take steps to prevent similar incidents in the future. However, it ruled out apprehensions of it being a security incident or a cyberattack.
CrowdStrike revealed, “The update that occurred at 04:09 UTC was designed to target newly observed, malicious named pipes being used by common C2 frameworks in cyberattacks. The configuration update triggered a logic error that resulted in an operating system crash.”
The firm confirmed the problem was due to a defect in a content update for Windows hosts and not a security incident or cyberattack.
Meanwhile, airlines and other affected industries including banking and hospitals are working to clear the backlogs caused because of yesterday’s outage. It is pertinent to note that while outages are not uncommon and it is often caused by technical errors or cyberattacks, however, the scale of yesterday’s outage has caused concerns.
Several domain experts have expressed concerns that the global outage highlights the need for diversification in software application usage and Operating systems to avoid over-dependence on a few firms like Google and Microsoft. According to them, the outage has exposed the vulnerability of interconnected technologies on a global scale and highlighted the need for improved contingency plans to mitigate future IT outages.
They have expressed apprehensions that while the latest case was of a faulty update which was corrected after a few hours, mischievous actors or cyberattacks in the future could cause disruptions on a wider scale and for a prolonged period which requires more focus on advancing cybersecurity measures, and reducing over-dependence on few hegemonic firms.
Microsoft glitch causes global shutdown of banks, financial markets, flights …….. This is why genetic diversity is important. A unified, interconnected global system is a bad idea. A less interconnected system may appear inefficient but will be more resilient. This is an…
— Sanjeev Sanyal (@sanjeevsanyal) July 19, 2024
The one country that escaped the mayhem is Russia. Because of sanctions, Russians could no longer access Microsoft cloud services and business intelligence tools.
— Rahul Shivshankar (@RShivshankar) July 19, 2024
So they built their own!
India must build similar technical redundancy, too.
The next pandemic could be a cyber…
The disruption to Microsoft's global services today serves as a stark reminder that any global tech giant can face similar vulnerabilities.
— Pradeep Bhandari(प्रदीप भंडारी)🇮🇳 (@pradip103) July 19, 2024
The issue at hand is far more profound than a mere faulty update, as highlighted by Crowdstrike.
Today's incident has exposed the… pic.twitter.com/ZsOv7SToKB
Meanwhile, many experts, X users, and journalists pointed out that India needs its own Operating System and other necessary Software setups to make it immune from future global IT outages. Additionally, there are apprehensions that non-India-based firms can deliberately cause disruption or could threaten to exploit this leverage as part of their parent country’s geopolitical stance vis-a-vis India.
Imagine if our electricity grid was controlled by companies outside of India.
— Bhavish Aggarwal (@bhash) July 20, 2024
Similarly our “digital grid” is even more important. And all of it is controlled from outside of India.
Ola founder, Bhavish Aggarwal wrote, “Imagine if our electricity grid was controlled by companies outside of India. Similarly our ‘digital grid’ is even more important. And all of it is controlled from outside of India.”
