YIGF Cambodia Close

Microsoft Global Outage Throws Industries into Chaos

Flights were delayed, airports were in chaos, and banks were struggling to stay online—these were the scenes worldwide as a global tech outage wreaked havoc across industries.

On the evening of July 19, 2024, a significant global tech failure brought operations across multiple industries to a standstill. The outage, caused by a software update from cybersecurity firm CrowdStrike, led to a widespread disruption of Microsoft Windows systems, displaying the infamous Blue Screen of Death (BSOD). The outage — linked to an update rolled out for widely used security software made by cybersecurity firm CrowdStrike early on Friday – has affected computers running Microsoft Windows at companies across various sectors, from airlines, banks, food chains, and brokerage houses, to news organizations, and railway networks across the globe. The travel sector seems to be the hardest hit.

The “Blue Screen of Death” explained

The Blue Screen of Death (BSOD) is a critical error screen displayed on Windows operating systems when a severe system issue occurs, preventing safe operation. This error forces the computer to restart unexpectedly, often resulting in data loss. In the recent incident, the BSOD error message indicated that the PC ran into a problem and needed to restart, leaving users frustrated and businesses scrambling for solutions. Essentially, it forces laptops and computers to suddenly shut down and restart.

Impact of Widespread System Outages

Airports worldwide are experiencing flight delays and cancellations due to their inability to access critical systems. People saw flight delays and cancellations as their check-in and ticketing systems failed. Passengers faced long waits and confusion, with many flights grounded due to the inability to process necessary data.

Banks in countries like Australia and New Zealand experienced significant disruptions. Online banking services were down, ATMs were inoperable, and customers could not access their accounts, leading to financial uncertainty and frustration. 

Major media outlets like Sky News in the UK were taken off-air, and the UK’s National Health Service faced issues with its clinical computer system, affecting patient care and appointment scheduling.

How Does That Happen?

The modern digital infrastructure heavily relies on cloud servers—centralized storage and computing services accessed over the internet. These servers host critical applications and data for businesses and governments worldwide. When a cloud server experiences a failure, it can disrupt the services of all clients dependent on it. This means that any organization using these servers can face operational shutdowns, data loss, and communication breakdowns.

In the recent outage, the root cause was linked to a CrowdStrike software update affecting their Falcon Sensor, a cybersecurity tool used by many enterprises. This update caused Windows systems to crash, resulting in the dreaded Blue Screen of Death (BSOD).

Conclusion

This incident underscores the vulnerabilities inherent in our increasingly interconnected digital infrastructure. The reliance on cloud-based services and third-party cybersecurity solutions, while offering enhanced protection and efficiency, also poses significant risks when things go awry. The global scale of the outage highlights the need for robust contingency plans and the importance of swift, coordinated responses to such crises.

While CrowdStrike has assured customers of ongoing support and updates, the global tech community must take a closer look at safeguarding against similar incidents. This includes thorough testing of updates, improved communication channels during crises, and enhanced disaster recovery protocols. The lessons learned from this outage will undoubtedly shape the future of cybersecurity practices and digital infrastructure management.

This recent incident is a stark reminder of the delicate balance between technological advancement and the resilience of the systems we depend on daily. As industries continue to recover, the focus remains on restoring normalcy and preventing future occurrences.

Reference

Related Articles

Key highlights of the second day of the Cambodia Youth Internet Governance Forum 2023

On 24 September 2023, after reflecting upon what had been learned from Day 1, participants had the option to attend one of three sharing sessions. Each session includes two lightning talks and two workshops on different topics. In the main hall, Mr. Ahmad Umair Bin Suhaidi presented “Navigating the Digital World: Unpacking Online Risks & Building Digital Resilience”, joined by Mr. Harisa Shahid, who covered “AI Ethics and Governance”. In room 2, Ms. Te Sonita led a discussion on “Ensuring Security for Your Passwords and What Happens when You are Connected to wifi?”. In room 3, Ms. Chhit Kanika and Mr. Chum Rasy presented “Important securities features of Telegram”.The morning session concluded with a keynote by Mr. Ly Sokphath, Director of the Department of Project Appraisal and Development Programs and General Secretariat of the Digital Governance Committee, where he talked about “Digital Transformation”. Some of the key policies he emphasized include the Pentagon Strategy-Phase 1, the Digital Economy and Society  Policy Framework, and the Cambodian Digital Government Policy 2022-2035, citing the importance of involvement from all stakeholders to create a dynamic digital economy and society. He stated, “Digital infrastructure and citizen’s trust and confidence are the fundamentals of building and transitioning toward a digital society”. At the end of the session, participants from various backgrounds engaged in the Q&A session as well as shared their experiences and impressions from participating in the event. Among them, one of the participants who belongs to the indigenous community expressed her excitement in attending the event, while hoping for similar forums on digital transformation to be accessible to a diverse range of populations, particularly indigenous populations in highland areas in​ the Northeast region such as Ratanakiri. It was not yet the end of the story since another participant from Thbong Khmun, further expressed his great impression of the value of the Forum from which he could learn and engage with a wide range of people, especially youth. In his opinion, even though the forum was aimed at youth, it should be extended to reach out to the elders, too, whose knowledge of digital technology is somehow lagging behind since they are also the target of digital risks such as online scams.  After lunch, participants could choose from six sharing sessions under different topics. The first half of the afternoon consists of three sessions from our domestic and international speakers. In room 1, sessions consist of “AI Ethics and Data Protection Law” by Ms. Svaradiva Anurdea Devi and “For Sustainable Digital Safety Literacy” by Mr. Kurihara Kohei. In room 2, Mr. Jaewon Son presented “Empowering a Sustainable and Inclusive Digital Future: A Holistic Approach to Responsible Internet” and Mr. Sreng Kimhab presented “Data Privacy and Protection”. In room 3, Mr. Tepken Vannkorn led a workshop on “The Foundation of Web Security”.In the second half of the afternoon, participants can choose from three additional sessions, consisting of two lightning talks and three workshops. In room 1, Ms. Maristela Miranda presented “Youth and Data Privacy: Concerns and Ways to Address Them”, while Mr. Porhai EUNG presented “Career in Cybersecurity”. In room 2, Mr. Touch Sangrotha discussed “Web Accessibility: Build Websites That Are Inclusive to Everyone”. In room 3, Mr. Diep Kong presented “Cyber Security” and Mr. Sy Tech Hong presented “Protecting Your Identity in Digital Era”.After a coffee break came one of the most interesting activities of the day. The activity is called “Multistakeholder Internet Governance Mockup Meeting on Data Protection Law”, where participants are divided into groups and role-played as stakeholders, including the government, private sector, and netizens. An important note is that all information and opinions expressed in this mockup meeting shall not be interpreted or used by a third party due to the fact that it is not an official meeting. Each group of stakeholders is given about 05 minutes to deliver their statement on personal data protection, followed by a plenary session of 20 minutes whereby questions and answers are exchanged between the stakeholders.It is observed that questions mainly capture issues around how netizens’ personal data can be collected and stored without being leaked for any reason. Public CCTV which captures the facial data of citizens is also a concern since the data might be leaked. Questions and answers around the way consent is collected with understandable terms and conditions are another appealing point being discussed. Last but not least, some eye-opening recommendations given by netizens touch upon the possibility of cybercrime in FinTech in the way that now anyone can open a bank account through a mobile app just by completing some basic personal data and facial recognition. The point is that information like facial recognition can be generated by AI, so it makes sense to raise a concern about the risk of AI-generated cybercrimes in FinTech. Netizens also want the government, especially MPTC, to increase their efforts in promotional and informational campaigns aimed at gathering inputs or insights from citizen and civil society organizations (CSOs). It is necessary that these meetings or workshops have specific dates, times, and venues that make it easy for people to engage. The public is interested in sharing their concerns and input into any drafted law. However, limited information about consultative meetings has been a barrier. The mockup meeting then arrived at another session called Cross-Community Group Discussion in which three groups were formed to present three types of stakeholders including (1) youth group, (2) private sector group, and (3) government group. Final statements taken from the three groups include some interesting snapshots including more inclusive training and education on data protection given to people living in remote areas, affordability and accessibility of products and services provided by the private sector, and a matter of Internet gateway which genuinely aims to protect the people at all margins. The day was closed with lessons learned and reflection given by Ms. Voleak spoke on behalf of the youth team who made a great effort in organizing the event. Paying forward is something she highlighted in the way that experiences and lessons taken in the event will be shared with other Cambodian youth who have not attended the event. “Today, I am youth but tomorrow I will be an adult” is a remark by Voleak who wanted to depict that internet governance is a long-term ongoing effort to be taken not only by one person in one generation but it is an effort by all from one generation to another.Mr. Thy Try then took the podium thanking the youth organizing team and key speakers such as Mr. Klein and Mr. Dixon who devoted their restless effort to attend the event. Having a national internet governance forum is a plan that ODC is committed to organize in collaboration with the Ministry of Post and Telecommunications, in parallel with a global-level forum which will be organized in New York. The very last closing remark is given by Ms. Lay Puthineath, Advisory Committee of Cambodia Youth Internet Governance Forum.​ The fact that 170 participants attended 33 sessions with a good impression is a key highlight, showing that the forum was successfully carried out. Appreciation to ODC and FHI, APNIC, and Chumrum Digital is especially noted.