A PYMNTS Company

CrowdStrike and Digital Ecosystem Transitivity

 |  September 6, 2024

By: Kevin C. Desouza, Richard Watson, and Yancong Xie (Tech Tank)

On July 19, 2024, a global outage occurred due to a faulty software update from CrowdStrike, a leading cybersecurity company. This update disrupted computers running Microsoft Windows, causing widespread economic impact across sectors like airlines, media, hospitals, banks, supply chains, small businesses, government agencies, and emergency services. For example, nearly nine percent of U.S. flights were canceled, with 57% of scheduled airline routes experiencing significant delays, prompting the New York Blood Center to resort to emergency ground transport. National driver’s license offices were also shut down, and the outage had international repercussions, affecting British Columbia’s health system and the Canada Border Service Agency. CrowdStrike confirmed that the outage was not caused by a cyberattack and managed to resolve the issue, although disruptions persisted for several hours.

As global connectivity grows, accidental or intentional outages are becoming more frequent. Policymakers can reduce the damage caused by such cascading failures by drawing on lessons from previous outages and crises.

Digital Transitivity in Australia

In 2023, we explored the effects of mass digital transitivity—a global web of dependencies where the failure of one entity can trigger a chain reaction across others. This became evident on November 8, 2023, when an internet outage from Optus, Australia’s second-largest telecommunications provider, disrupted key sectors including transportation, finance, healthcare, and security. The outage exposed the interconnected nature of these systems, with failures rapidly spreading across the economy. In Melbourne, communications errors caused around 500 train services to be canceled, and both individuals and businesses lost access to essential digital services.

The swift spread of the outage’s effects was attributed to Australia’s heavy reliance on Optus’s communication infrastructure and insufficient investment in system resilience. A post-incident investigation revealed that the disruption stemmed from a planned software upgrade at a Singtel Internet exchange in North America, which malfunctioned and triggered safety protocols in the company’s routers. This incident highlighted the complexity of analyzing transitive failures in interconnected digital systems and reinforced the need for a comprehensive regulatory framework to manage cascading disruptions in digitally dependent economies like Australia…

 

CONTINUE READING…