Similar incidents to Friday’s global IT outage— which disrupted banking, healthcare, and caused flight cancellations—have occurred in the past. Unless networks are equipped with more robust contingencies and organizations implement better backup plans, such events are likely to recur. The outage was triggered by an update from U.S. cybersecurity firm CrowdStrike that was pushed early Friday morning, which conflicted with Microsoft’s Windows operating system, rendering devices worldwide inoperable.
CrowdStrike holds a significant share of the highly competitive cybersecurity market, leading some analysts to question whether control over critical operational software should be concentrated in the hands of just a few companies. Additionally, the outage has highlighted concerns that many organizations are inadequately prepared to execute contingency plans when a single point of failure, such as an IT system or its software, encounters problems.
At the same time, more manageable digital challenges are on the horizon. One of the biggest looming IT threats is the “2038 Problem,” which is less than 14 years away and may pose a significant global challenge, especially given the world’s growing dependence on computers.
Ciaran Martin, the former head of Britain’s National Cyber Security Centre (NCSC), noted, “It’s tempting to react to these incidents by calling for a more diverse market. Ideally, that would be the case. However, it’s crucial to remember that while these issues are serious, there are also more immediate and solvable digital threats we need to address.”
Ciaran Martin, former head of Britain’s National Cyber Security Centre, remarked, “We excel at ensuring the safety of tech in areas like cars, trains, and planes, but we struggle with service provision.” He pointed to the recent ransomware attack on the London health system, which caused numerous operation cancellations and highlighted the physical dangers involved.
Martin emphasized the importance for organizations to review their IT systems and implement sufficient failsafes and redundancies to maintain operations during outages. He noted that Friday’s outage was exacerbated by the dominance of both Microsoft and CrowdStrike in the market, suggesting that regulators are likely examining the situation. According to Nigel Phair, a cybersecurity professor at Monash University, limited competition exists globally in both operating systems and large-scale cybersecurity products like those offered by CrowdStrike.
Friday’s outage severely impacted airlines, causing significant disruption as many struggled to process check-ins and board passengers who depended on digital tickets. Travelers shared photos on social media of handwritten boarding passes issued by airline staff, while some could only board if they had printed tickets.
Phair emphasized the importance for organizations of all sizes to reassess their risk management strategies and adopt a comprehensive all-hazards approach.
EPOCHALYPSE NOW
Friday’s outage serves as a stark reminder of our dependence on computers and IT systems for essential services. In about 14 years, we will face another significant challenge similar to the Millennium Bug, known as the “2038 Problem.”
The Millennium Bug, or “Y2K,” arose because early computers used only the last two digits of the year, which caused many systems to confuse the year 1900 with 2000, leading to critical errors. Addressing this issue cost hundreds of billions of dollars globally before the turn of the millennium.
The 2038 Problem, or “Epochalypse,” is set to begin at 0314 GMT on January 19, 2038. It involves a similar issue: many systems track time by counting the seconds since midnight on January 1, 1970—the “Epoch.” These counts are stored as a limited number of bits, and in 2038, many systems will reach the maximum value that can be stored, potentially causing failures.
Ciaran Martin, former head of the NCSC, commented, “We are currently experiencing significant global disruption due to administrative challenges. While we can handle safety issues, our ability to maintain service provision when key networks fail is inadequate.”