Opinion
How close are we to chaos? Just one blue screen of death
David Swan
Technology editorIn some places, Friday’s mass tech outage resembled the beginning of an apocalyptic zombie movie. Supermarket checkouts were felled across the country and shoppers were turned away, airports became shelters for stranded passengers, and live TV and radio presenters were left scrambling to fill airtime. The iconic Windows “blue screen of death” hit millions of devices globally and rendered them effectively useless.
The ABC’s national youth station Triple J issued a call-out for anyone who could come to their Sydney studio to DJ in person. One woman was reportedly unable to open her smart fridge to access her food.
Credit: Jim Pavlidis
All because of a failure at CrowdStrike, a company that most of us – least of all those who were worst hit – had never heard of before.
It’s thought to be the worst tech outage in history and Australia was at its epicentre: the crisis began here, and spread to Europe and the US as the day progressed. Surgeries were cancelled in Austria, Japanese airlines cancelled flights and Indian banks were knocked offline. It was a horrifying demonstration of how interconnected global technology is, and how quickly things can fall apart.
At its peak, it reminded us of some of the most stressful periods of the pandemic, when shoppers fought each other for rolls of toilet paper and argued about whether they needed to wear masks.
Many of us lived through the Y2K panic. We avoided the worst outcomes but it was an early harbinger of how vulnerable our technology is to bugs and faults, and showed the work required to keep everything up and running. The CrowdStrike meltdown felt closer to what’s really at risk when things go wrong. As a technology reporter, for years I’ve had warnings from industry executives of the danger of cyberattacks or mass outages. These warnings have become real.
A Woolworths checkout in Sydney shows a dead screen during the CrowdStrike outage.Credit: Dion Georgopolous
The cause of this outage was not anything malicious. It was relatively innocuous: CrowdStrike has blamed a faulty update from its security software, which then caused millions of Windows machines to crash and enter a recovery boot loop.
Of course Australians are no strangers to mass outages, even as they become more common and more severe.
The Optus network outage that froze train networks and disrupted hospital services just over six months ago was eerily similar to the events on Friday, not least because it was also caused by what was supposed to be a routine software upgrade.
The resignation of chief executive Kelly Bayer Rosmarin did little to prevent another Optus outage a month later. If anything, Friday’s CrowdStrike outage highlights how many opportunities there are for one failure to cripple millions of devices and grind the global economy to a halt. So many of the devices that underpin our economy have hundreds of different ways that they can be knocked offline, whether through a cyberattack or human error, as was likely the case with CrowdStrike.
The incident would likely have been even worse were it a cyberattack. Experts have long warned about the vulnerability of critical infrastructure – including water supplies and electricity – to malicious hackers. Everything is now connected to the internet and is therefore at risk.
And yet the potential damage of such attacks is only growing. We are now more reliant than ever on a concentrated number of software firms, and we have repeatedly seen their products come up short when we need them to just work.
In the US, the chair of the Federal Trade Commission, Lina Khan, put it succinctly.
“All too often these days, a single glitch results in a system-wide outage, affecting industries from healthcare and airlines to banks and auto-dealers,” Khan said on Saturday.
“Millions of people and businesses pay the price.”
Khan is right. The technology we rely on is increasingly fragile, and is increasingly in the hands of just a few companies. The world’s tech giants like Microsoft and Apple now effectively run our daily lives and businesses, and an update containing a small human error can knock it all over, from Australia to India.
The heat is now on CrowdStrike, as well as the broader technology sector on which we rely so heavily, and some initial lessons are clear. Airlines have backup systems to help keep some flights operational in the case of a technological malfunction. As everyday citizens, it’s an unfortunate reality that we need to think similarly.
Keeping cash as a backup is a smart idea in the event of a payment systems outage, as is having spare battery packs for your devices. Many smart modems these days, like those from Telstra and Optus, offer 4G or 5G internet if their main connection goes down. We need more redundancies built in to the technology we use, and more alternatives in case the technology stops working altogether.
For IT executives at supermarkets, banks and hospitals, the outage makes it clear that “business as usual” will no longer cut it, and customers rightly should expect adequate backups to be in place. Before the Optus outage, a sense of complacency had permeated our IT operations rooms and our company boardrooms, and it still remains. No longer.
The “blue screen of death”, accompanied by a frowny face, was an apt metaphor for the current state of play when it comes to our overreliance on technology. Our technology companies – and us consumers, too – need to do things differently if we’re to avoid another catastrophic global IT outage. There’s too much at stake not to.
David Swan is the technology editor for The Age and The Sydney Morning Herald.
The Opinion newsletter is a weekly wrap of views that will challenge, champion and inform your own. Sign up here.