Article: Indian software for MS Inflicted global IT outage; exposes vulnerabilities in Cybersecurity
Ishfaqullah Shawl
Indian IT experts and software developers working for Microsoft, often referred to as “rent-a-coders,” based in India’s Silicon Valley, have caused significant issues worldwide as their updates were tested without proper checks by Microsoft clients. CrowdStrike, which holds a substantial market share, is also heavily relied upon for its products.
The software updates developed for the Microsoft Windows system contributed to these problems and suddenly caused a global outage, bringing systems to a standstill.
George Kurtz, CrowdStrike’s CEO, revealed in a post on X that CrowdStrike had deployed a fix for the issue. “This is not a security incident or cyberattack,” he wrote. However, he did not explain why CrowdStrike forces client companies to install updates prepared by Indian software developers. It is also unclear how easily the affected systems can be fixed remotely, as the “Blue Screen of Death” is causing computers to crash on reboot before they can be updated.
After a massive IT outage resulted in hundreds of billions of dollars in losses to the global economy, the world was reminded of the vulnerabilities in our technological infrastructure. This outage, which occurred on Friday, affected various sectors, including aviation, banking, and healthcare. Such incidents have happened before, and until more contingencies are built into networks and organizations implement better backup plans, they will happen again.
Airlines were particularly hard hit by the IT outage, as many scrambled to check in and board passengers who relied on digital tickets. Some travelers posted photos on social media of handwritten boarding passes provided by airline staff. Others could only fly if they had printed out their tickets.
IT experts have raised concerns about the lack of capacity among many organizations to implement contingency plans for such collapses in the future. Indian software developers, whether deliberately or due to a lack of capability, have exposed the world to significant risks.
Besides Microsoft, companies like Boeing and the London Stock Exchange (LSE) have experienced the negative impacts of IT outages. The LSE came to a standstill due to this disruption. Airports worldwide faced chaos, and ticket bookings and luggage handling were impossible during the blackout. Major IT companies serving hundreds of millions of people also experienced closures due to the failure of Microsoft software.
This system closure has brought the banking system to its knees, as bank transactions and card swiping were also down. Many media channels, particularly in the U.S., went off the air.
The IT outage occurred amid a perfect storm, with both Microsoft and CrowdStrike holding substantial shares of a market that relies heavily on their products. The chaos was attributed to an update pushed by the U.S. cybersecurity firm CrowdStrike to its clients early on Friday morning, which conflicted with Microsoft’s Windows operating system, rendering devices worldwide inoperable.
CrowdStrike has one of the largest shares of the highly competitive cybersecurity market, leading some industry analysts to question whether control over such operationally critical software should remain in the hands of just a few companies, many of which operate from India.
The outage has also raised concerns among experts that many Indian organizations are not well-prepared to implement contingency plans when a single point of failure, such as an IT system or a piece of software within it, goes down.
As the world faces more potential digital disasters, the looming “2038 Problem,” the biggest global IT challenge since the Millennium Bug, is just under 14 years away. This time, the world is infinitely more dependent on computers, and IT experts have predicted that the stakes are higher.
It is crucial for global regulators to address this issue. There is limited competition worldwide for operating systems and large-scale cybersecurity products like those provided by CrowdStrike.
We must look to the global IT industry to see how it will handle such a sensitive matter.