Without Backup Plans, Global IT Outages Will Recur

The global IT outage that occurred on Friday, which affected services from banking to healthcare and grounded aircraft, has been experienced before

It will recur until more contingencies are implemented in networks, and organizations establish more effective backup plans.

The outage on Friday resulted from an update that CrowdStrike, a cybersecurity firm based in the United States, distributed to its clients early Friday morning. This update was incompatible with Microsoft’s Windows operating system, rendering devices worldwide inoperable.

Some industry analysts have questioned whether control over such operationally critical software should remain in the hands of a handful of companies, as CrowdStrike has one of the largest segments of the highly competitive cybersecurity market that provides such tools.

However, the disruption has also prompted apprehension among experts regarding the fact that numerous organizations are inadequately equipped to execute contingency plans if a single point of failure, such as an IT system or a component thereof, is failing.

Simultaneously, increasingly solvable digital catastrophes are on the horizon, including the “2038 Problem,” the largest global IT challenge since the Millennium Bug and is just under 14 years away. This time, the world is infinitely more reliant on computers.

“It is effortless to assume that this is catastrophic and subsequently advocate for a more diverse market, which is precisely what we would have in an ideal world,” stated Ciaran Martin, the former director of the National Cyber Security Centre (NCSC) of the GCHQ intelligence agency in the United Kingdom.

“We are adept at overseeing the safety aspects of technology in the context of automobiles, trains, planes, and machines.” He also mentioned that we are not particularly adept at providing services.

He stated about the recent ransomware incident that impacted Britain’s National Health Service (NHS), “Look at what happened to the London health system a few weeks ago – they were hacked, and that led to loads of canceled operations, which is physically dangerous.”
Martin advised organizations to examine their IT systems and guarantee that they have sufficient failsafes and redundancies to remain operational during an outage.

The outage on Friday occurred amid a perfect tempest, as Microsoft and CrowdStrike possess substantial market shares that depend on their respective products.

“I am confident that regulators worldwide are reviewing this.” Nigel Phair, a cybersecurity professor at Monash University in Australia, stated that there is minimal competition on a global scale for operating systems and large-scale cybersecurity products such as those offered by CrowdStrike.

A passenger in Ahmedabad reads a message after attempting to use a self-check-in kiosk at a departure area at Sardar Vallabhbhai Patel International Airport due to a global IT disruption.

Airlines were notably affected by the outage on Friday, as they were compelled to rush to check in and board passengers reliant on digital tickets to travel. Some travelers shared photographs of handwritten boarding cards distributed by airline personnel on social media. Some individuals could only fly if they had printed out their tickets.

“I believe organizations of all sizes and shapes must conduct a thorough assessment of their risk management and adopt an all-hazards approach,” stated Phair.

Epochalypse Now

By Friday’s outage, the world will not be reminded of its dependence on computers and IT products for the last time in operating fundamental services. In approximately 14 years, the world will encounter a computer issue that is time-based and analogous to the Millennium Bug, known as the “2038 Problem.”
Early computers could save costly memory space by only counting the last two digits of the year, which resulted in the Millennium Bug, or “Y2K.” Consequently, many systems could not differentiate between 1900 and 2000, resulting in critical errors.

In the years preceding 2000, the global expense for mitigating the issue amounted to hundreds of billions of dollars.
The “Epochalypse” or 2038 problem, which commences at 0314 GMT on January 19, 2038, is, in essence, the same dilemma.

The “Epoch,” also called the number of seconds since midnight on January 1, 1970, is when numerous computers use a metric to measure the passage of time.
The maximum number of bits that can be stored in many computers is 2038, even though those seconds are recorded as a finite sequence of zeroes and ones, or “bits.”

Ciaran Martin, the former director of the NCSC, stated, “We are currently experiencing significant global disruption due to our administrative inability to manage the situation.”
“We can manage safety, but we cannot manage service provision when critical networks are disrupted.”