Global IT Outage Eases, Focus Turns to Reducing Risk

Services from airlines to healthcare, shipping and finance were coming back online Friday after a global digital outage disrupted computer systems for hours, laying bare the vulnerability created by the world’s shift toward interconnected technologies following the COVID-19 pandemic.

After the outage was resolved, companies are now dealing with backlogs of delayed and canceled flights and medical appointments, missed orders and other issues that could take days to resolve. They also face questions about how to avoid future blackouts triggered by technology meant to safeguard their systems.

An earlier software update by global cybersecurity firm CrowdStrike, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as healthcare or banking.


Since the COVID pandemic broke out in 2020, governments and businesses have become increasingly dependent on a handful of interconnected technology companies over the past two decades, which explains why one software issue rippled far and wide.

UNWANTED SPOTLIGHT

The outage shone a spotlight on CrowdStrike, an $83 billion company that is not a household name but has more than 20,000 subscribers around the world including Amazon.com and Microsoft. CrowdStrike CEO George Kurtz said on social media platform X that a defect was found “in a single content update for Windows hosts” that affected Microsoft customers.

“We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our company,” Kurtz told NBC News. “Many of the customers are rebooting the system and it’s coming up and it’ll be operational.”

CrowdStrike has one of the largest shares of the highly competitive cybersecurity market, leading some industry analysts to question whether control over such operationally critical software should remain with just a handful of companies.

The outage also raised concerns that many organizations are not well-prepared to implement contingency plans when a single point of failure such as an IT system, or a piece of software within it, goes down. But these outages will happen again, experts say, until more contingencies are built into networks and organizations introduce better back-ups.

CrowdStrike shares fell about 12%. Its rivals rose, with SentinelOne shares gaining 8% and Palo Alto Networks up 1.5%.

U.S. President Joe Biden was briefed on the outage, a White House official said. Secretary of State Antony Blinken said his understanding was the outage was not a malicious attack. However, the U.S. Cybersecurity and Infrastructure Security Agency said it observed hackers using the outage for phishing and other malicious activities.

“This event is a reminder of how complex and intertwined our global computing systems are and how vulnerable they are,” said Gil Luria, senior software analyst at D.A. Davidson.

“CrowdStrike and Microsoft will have a lot of work to do to make sure that it won’t allow other systems and products to cause this kind of failure in the future,” he said.

Wall Street’s main indexes fell on Friday, deepening a sell-off driven by tech stocks and mixed earnings. The Cboe Volatility index – Wall Street’s “fear gauge” – hit its highest level since early May, and the dollar climbed as the worldwide cyber outage unnerved investors.

5,000 FLIGHTS CANCELLED

Air travel was immediately hit, as carriers depend on smooth scheduling that, when interrupted, can ripple into lengthy delays. Out of more than 110,000 scheduled commercial flights on Friday, 5,000 have been canceled globally with more expected, according to aviation analytics firm Cirium.

Airports from Los Angeles to Singapore, Amsterdam and Berlin said airlines were checking in passengers with handwritten boarding passes, causing delays.

Banks and financial services companies warned customers of disruptions and traders across markets spoke of problems executing transactions.

Government agencies were also affected, with the Dutch and United Arab Emirates’ foreign ministries reporting some disruptions.

U.S. healthcare providers reported outages were affecting call centers, patient portals and other operations. Mass General Brigham in Boston said it was treating only urgent cases while Tufts Medical Center warned that patients may experience delays or need to be rescheduled.

Insurers could face a raft of business interruption claims.

In Britain, booking systems used by doctors were offline, posts on X by medical officials said, while Sky News, one of the country’s major broadcasters, was taken off the air.

As the day progressed, more companies reported a return to normal service, including Spanish airport operator Aena , U.S. carriers United Airlines and American Airlines, and Australia’s Commonwealth Bank.

U.S. Transportation Secretary Pete Buttigieg said transportation system issues appeared to be resolving and would hopefully be back to normal by Saturday.