Canadians weren’t spared the headaches of cancelled flights, delayed medical appointments and other problems caused by a failed cybersecurity software upgrade that caused a host of cascading issues around the globe on Friday.
According to an alert sent by the global cybersecurity firm CrowdStrike to its clients and reviewed by Reuters, the company’s Falcon Sensor software caused Microsoft Windows to crash and display a blue screen, known informally as the “blue screen of death.”
The problem crashed Windows machines and servers, sending them into a loop of recovery so that they couldn’t restart.
-
Just Asking wants to know: What questions do you have about the global IT outage that brought businesses around the world to a halt? Fill out the details on this form and send us your questions ahead of our show on July 20.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” company CEO George Kurtz said in a message posted on social media.
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
David Shipley, CEO of cybersecurity firm Beauceron Security, said a majority of the world’s computers use Windows systems, and that is a vulnerability that Canada and other governments should think about addressing.
“Maybe we need to have a deep conversation about where government’s role is in regulating tech companies to make sure all of our eggs — in every single critical industry — are not concentrated in so few companies,” Shipley told CBC News.
Disruptions hit health services
Canadian airlines, business, government agencies, hospitals and media outlets — including CBC — suffered the effects of the outage, which began overnight.
British Columbia health authorities say the disruption affected its networks and computers across all systems. Adrian Dix, the province’s health minister, said that the tech issues left hospital workers “briefly” using pen and paper to do some tasks on Friday.
Hospitals in the Ontario cities of Toronto and Hamilton also dealt with some issues related to the outage, which affected the availability of some health-care services in Newfoundland and Labrador as well.
Domestic, international airlines affected
Airports across Canada advised customers to check with airlines about flight status before leaving home Friday.
Toronto-based Porter Airlines said all flights would be cancelled until at least 3 p.m. ET. The airline reported being in the “early stages” of restoring normal services by Friday afternoon.
Porter customer Jennifer Quintyne told CBC News that she was supposed to be headed east with her son to visit family, but instead found herself “vacationing at the airport.”
The flight issues caused serious consequences in some cases.
For Mark Rutherford, a cancelled flight from Halifax to Montreal left him unable to attend a pending funeral for two relatives.
“It would have been nice to be there and it’s not happening now,” Rutherford, who booked his flight with Porter, told CBC’s Canada Tonight.
He said an alternate flight with another airline was too expensive for him to consider.
Other Canadian airlines did not appear to be affected, Toronto’s Pearson airport said in a statement.
In the U.S., American Airlines, Delta Air Lines, United Airlines, Spirit Airlines and Allegiant Air had all their flights grounded for varying lengths of time.
Airlines said the outage affected many systems, including those used to check in passengers, calculate aircraft weight and communicate with crews in the air.
By early evening on the East Coast, nearly 2,800 U.S. flights had been cancelled and almost 10,000 others were delayed, according to tracking platform FlightAware. Worldwide, about 4,400 flights were cancelled.
Traffic delays at points of entry on land between Canada and the U.S. were also reported — including at the bridge and tunnel crossings between Windsor, Ont., and Detroit on Friday.
The Canada Border Services Agency said it experienced a partial systems outage of its telephone reporting system that was later resolved.
CEO ‘deeply sorry’
CrowdStrike’s Kurtz appeared on NBC’s Today show to apologize for the software failure.
“We’re deeply sorry for the impact that we’ve caused to customers, to travellers, to anyone affected by this,” said Kurtz.
A spokesperson for Microsoft said the CrowdStrike outage was unrelated to a previous outage affecting Azure data centres in the central U.S. and some Microsoft 365 services. “That issue has fully recovered,” the spokesperson said in an email to CBC News.
CrowdStrike says it has more than 20,000 subscription customers around the world, with over half of Fortune 500 companies using its software, according to company promotional materials from this year.
As a result, a number of companies across sectors were affected.
The website Downdetector, which tracks user-reported internet outages, recorded growing outages in services at Visa, ADT security and Amazon.
FedEx Corp. said on Friday it experienced substantial disruptions to deliveries throughout its networks. It warned of “potential delays” for packages expected on July 19.
The CBC experienced some issues with automated broadcasting processes that were resolved after a few hours.
Some international shipping was disrupted, too.
A major container hub in the Baltic port of Gdansk, Poland, said it was battling problems. And at the California twin ports of Los Angeles and Long Beach, marine terminals were affected, although the outage didn’t cause significant disruptions.
Scale of outage concerns experts
Experts said the cyber outage revealed the risks of an increasingly online world.
“This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” Ciaran Martin, professor at Oxford University’s Blavatnik School of Government told Reuters.
“I’m struggling to think of an outage at quite this scale,” said Martin, former head of the U.K. National Cyber Security Centre.
Ritesh Kotak, cybersecurity and tech analyst, told CBC News Network that clients and consumers will have to be patient.
“A lot of these systems have redundancies that are built into them. So, for example, when one system fails, it can piggyback off another system; it just literally passes the baton,” said Kotak.
“It’s not as smooth sometimes as one may think … but depending on the scale of the servers impacted sometimes it takes just a little bit of time to pass over that baton and then fix the problem.”