A global IT outage is highlighting just how much we all depend on digital technologies and updates for millions of critical functions. A technology outage that started late Thursday sparked widespread impacts which continued into the day Friday.
The head of CrowdStrike, the company responsible for a Microsoft Windows update that took millions of people offline, said Friday that the massive global outage was not a cyber attack nor a security incident.
The outage affected airlines, hospitals, businesses, financial markets, and more. The impacts have tech and cybersecurity experts buzzing about both the widespread failure and whether there's a way to prevent it from happening again. Many experts who spoke with NBC Bay Area said this outage underscores a global culture of digital reliance.
At the San José Mineta International Airport Friday afternoon, an airport spokesperson said that while there were no new delays, a few residual delays were impacting passengers as a result of the outages that morning. Many passengers found themselves at the mercy of interconnected industries and the tech providers keeping everything running.
Eric O'Neill, a National Security Strategist at Nexasure and a former counterintelligence operative, likened CrowdStrike's technology "Falcon Sensor" to a "bouncer at your most exclusive club."
"It doesn’t let anybody in unless you’re on the list. The problem is, the bouncer went rogue," O'Neill said.
He emphasized that the outage was not a cyber attack, "it's just a bug in code, and the problem was that bug caused Windows to crash."
Local
CrowdStrike said in a blog post on Friday that it understands "the gravity of the situation" and is "working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on."
Microsoft's CEO, Satya Nadella, said the company is working with CrowdStrike, "to provide customers technical guidance and support to safely bring their systems back online."
Get a weekly recap of the latest San Francisco Bay Area housing news. Sign up for NBC Bay Area’s Housing Deconstructed newsletter.
Austin-based CrowdStrike is used by many major companies around the globe, including Microsoft, and is rapidly growing its market share.
Lisa Plaggemier, the executive director of the National Cyber Security Alliance, said that she sees this outage as a red flag for many organizations regarding cyber security risk.
"If we’re not ready to handle this better than we are for some of these organizations, then this is a warning sign that you probably wouldn’t be any better equipped to handle a security incident," Plaggemier said. She noted that Microsoft is represented on the board of the National Cyber Security Alliance.
She expects that CrowdStrike leaders are currently discussing how to prevent something like this in the future.
"I think we’re still in the infancy of the information age," she said, noting how long it took the auto industry to create more reliable and safe cars for consumers. With the auto industry, she said it took consumer outrage and work from advocates to lead to changes.
"We're probably just not expressing our dissatisfaction enough when the technology leaves us broken down by the side of the road," she noted.
Plaggemier said this incident also highlights how ubiquitous Microsoft is, as this outage only impacted Windows customers, not Mac or Linux customers.
"I think that’s a bigger question I have is: just how reliant we are on Microsoft?" Plaggemier said.
Tech experts said this outage is stirring conversation over how much of our lives depend on digital technology and a very small number of major companies providing that technology.
Bill Budington, Senior Staff Technologist with the San Francisco-based Electronic Frontier Foundation, said a term often used to describe this is "digital monoculture."
Budington said the Electronic Frontier Foundation works to keep online security accessible to all. He noted that EFF gives certificates to https sites so that they can secure their traffic.
"I think that what we need to move towards is a system where we have less reliance on big tech," said Budington, suggesting that instead, "we can kind of rely on some of these decentralized systems."
"There's a lot at play here, but I think it's clear there has to be better resilience and more options out there," he added.
But in practice, that may be difficult to accomplish.
Cybersecurity professionals told NBC Bay Area that many companies will continue to rely on the big digital players because they are more affordable and built to handle the massive demand of the digital world.
If you can't avoid these major companies, experts say your next line of defense is scrutinizing them.
"At the same time they vet the solution they’re procuring from these vendors, they also need to make sure they vet the process for how updates are delivered," said Krishna Vishnubotla, who is in charge of project strategy at mobile security company Zimperium.
Vishnubolta said his company helps customers vet vendors for apps.
He noted that the same issues seen in this week's global outage could also happen to the mobile apps on your phone. Which is why Vishnubolta said it is even more important for consumers to keep an eye out for the security features baked into the platforms they're using.
"Please be mindful, these apps make you productive, also make sure you keep yourself safe," Vishnubolta said.
Professor Levent Ertaul, the chair of the Computer Science Department at Cal State East Bay, said that consumers and businesses need to brace themselves for the possibility of future outages.
"Is it going to be the last one? No. Is there going to be more? Yes," Ertaul said.
He emphasized that this outage shows how vulnerable and interconnected our digital systems are.
"Our lives depend on it," Ertaul noted.
He believes this outage is a reminder to the next generation of tech professionals that as our digital reliance grows, their products need to be rock solid.
Ertaul said he plans to talk with his students about this and tell them, "When you write software, you have to make sure that software has to be high quality."
