Outages such as the one triggered by a fault in a little-known Microsoft software package operated by US-based CrowdStrike have the potential to bring the world to a standstill, an IT expert has warned.
The problem continues to disrupt flights, banks, media outlets and companies across the world, with problems continuing for many hours after Microsoft said it was gradually fixing an issue affecting access to apps and services.
Sky News was taken off the air, Parliament reported only being able to take cash, while problems were also reported in the NHS.
The chief executive of CrowdStrike, the California-based cybersecurity company at the heart of the problem, said it was working to fix the defect, which was sent out in a Windows update, and which it emphasised was not a cyberattack.
Nevertheless, Dr Harjinder Lallie, a cyber security expert from the University of Warwick, told Express.co.uk the outages had nevertheless underlined a significant worldwide vulnerability.
He explained: “We would not have known this until this incident happened, but we are hugely reliant on the Microsoft-CrowdStrike combination.
“A problem with one or the other leads to these catastrophic outages – the full extent of which will take a few days or weeks to discover.”
He asked: ”What other ‘hugely reliant’ vendor/supplier combinations exist out there? How intrusively have their resilience plans been tested? Have they been tested wholly internally, or has there been any external scrutiny?
“We also have an issue here of ‘third party reliance’ where it is the third party that seems to have caused the issue.”
The worldwide IT outage was “unprecedented in the range and scale of systems it has impacted”, Dr Lallie continued.
Dr Lallie said: ”This IT ‘catastrophe’ highlights the need for greater resilience, a greater focus on backup systems, and possibly even a need to rethink whether we are using the most resilient operating systems for such critical systems.”
Rebecca Parry, a Professor at Nottingham Law School with a background in tech, said: “This outage shows how dependent we all are on services that we won’t know about until they fail. IT services are interconnected and risk can be difficult to predict.
“The worst case scenario is a single point of failure, which could be catastrophic, although the present outage is only likely to be temporary. There are often temporary outages but not normally ones of the scale of this one, causing public disruption and impacting on passengers, patients and customers of other services.
“Alternative arrangements will be made for those unable to travel, patients at surgeries may be seen but under old ways of taking notes on paper and other services such as banks will have backlogs to deal with.
“There will be economic loss for businesses such as bookmakers which will have lost custom during the outage.”
The risk of a total collapse was not likely, Prof Parry stressed, but added: “In the unlikely occurrence of a ‘black swan’ event, the likely impacts are worsening due to services like cloud computing are increasingly used and increasingly being concentrated in the hands of a small number of global players.”
A CrowdStrike spokesman said it was “actively working with customers impacted by a defect found in a single content update for Windows hosts”.
They added: “Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
“We further recommend organisations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilised to ensure the security and stability of CrowdStrike customers.”