Rebounding from the "blue screen of death"

Adapted from the GCADA Newsletter

Last month, we encountered a term that was new to us: "the blue screen of death."

In what has been described as the biggest IT failure in history, 8.5 million computers running Microsoft Windows were hit with the dreaded blue screen. Although Microsoft stated that less than 1 percent of its global footprint was affected, the global outage wreaked havoc. From the U.S. to China and Australia, basic services in nearly every business category came to a screeching halt. Where possible, hotels and other businesses reverted to using pen and paper.

Sound familiar?

Rudimentary business tools weren’t nearly enough to prevent the postponement of elective surgeries or the cancellation of 3,400 flights that Friday and an additional 2,000 flights on Saturday.

Our GCADA Downtown License Bureau's state system computers were also among the victims of the now-infamous Tidy Bowl blue message. Fortunately, the bureau was back online by noon the following Monday. We extend a big thank you to our 55 dealer desk customers for their patience and to the Ohio BMV for quickly restoring our capabilities.

The outage also temporarily affected Ohio dealers' ability to issue 45-day temporary tags. However, because the dealer portal for issuing tags is separate from the deputy registrar system, the Ohio BMV was able to restore the dealers' portal by that Friday afternoon.

All this turmoil was caused by a bug in a Windows security update, ironically implemented by the cybersecurity service CrowdStrike.

While Microsoft did not directly cause the massive upheaval, one could argue that the company is indirectly to blame. Since Microsoft became the dominant software provider for business applications and email in the 1990s, its vulnerability to attack has been well documented. The use of decades-old software and its open-design format only adds to the problem. In contrast, Apple operates a closed ecosystem that, while sometimes criticized as anti-competitive, ensures good security practices from application developers and when customers upgrade equipment.

As a result of Microsoft's system design, an entirely new category of cybersecurity software providers emerged. “If they (Microsoft) had a security-first culture, it would either be safer for products like these to exist, or these products wouldn’t be needed at all,” said Dustin Childs, a former Microsoft cybersecurity specialist, to The Wall Street Journal (WSJ). Childs now heads up threat awareness for Trend Micro, which competes with Windows Defender and CrowdStrike.

Microsoft has responded to security criticism by pointing out that it “cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint.”

If you hadn’t previously heard of CrowdStrike, you probably weren’t alone. Founded in 2011 by three McAfee alumni, CrowdStrike designs and supplies software that protects large and small companies from cybersecurity attacks. According to a WSJ article, CrowdStrike Falcon software is utilized by 300 of the Fortune 500 companies, and a flawed update caused the massive service disruptions it was designed to prevent.

WSJ reported that CrowdStrike's type of security software has access to the very core of an operating system. “You get this cascading breakdown," said Robert Graham, chief executive of Atlanta-based Errata Security. The article describes how the faulty update took out the "brains" of the Microsoft operating system, leading to catastrophic failure.

CrowdStrike also offers cyber incident response services. In a world where protecting intellectual property has become increasingly important on an international scale, the company is a major global security player, serving more than 15 percent of the market through 8,000 employees. CrowdStrike went public in 2019 and joined the S&P 500 Index two months ago. Despite this, the company's market cap took a hit, dropping to $65.5 billion after its stock fell 11 percent last month, followed by an additional 13 percent the following Monday.

While outage problems persist and companies like Delta Airlines continue to report service interruptions, the worst may be over. However, Anderson Economic Group CEO Patrick Anderson estimates that the economic losses from the incident total $1 billion. It’s clear that CrowdStrike’s previously unblemished reputation has taken a short-term hit, and lawsuits are likely on the horizon.

In the past month, we’ve certainly witnessed how even the best systems and networks can succumb to inherent vulnerabilities, leading to massive service outages across essential industries.

It may be time for the IT industry to do some serious self-reflection.