The Korea Herald

피터빈트

[Editorial] Global IT failure

Massive crashes hit Windows PCs, services across the globe, highlighting vulnerability

By Korea Herald

Published : July 22, 2024 - 05:31

    • Link copied

A global IT failure, caused by a flawed software update, paralyzed several Microsoft Windows PCs used by airlines, hospitals and retailers around the world Friday, sending alarms over the growing vulnerability of closely and extensively interconnected technology systems.

The software update that wreaked unprecedented IT havoc has been traced to US-based cybersecurity firm CrowdStrike, which provides software to companies to protect against hackers and cyberattacks. Microsoft and CrowdStrike have rolled out fixes to help affected systems recover, but the incident has raised concerns that similar global crashes originating from a single software defect may happen more frequently.

CrowdStrike CEO George Kurtz said in a post on social platform X on Friday that the massive outage is “not a security incident or cyberattack” and the company’s “customers remain fully protected.” Despite his efforts to minimize the impact, what has happened is now being called “the most spectacular IT failure” in history -- far more damaging than major cyberattacks in recent years.

Airline flights were canceled in the US, Australia, Germany and other nations. Financial systems in Hong Kong and elsewhere were disrupted. Communications, broadcasts, health care and online games were also hit by the IT glitch. Given the scale and depth of the catastrophic IT outage across the globe, experts forecast that the economic damage could be enormous.

South Korea was not safe from the cyber glitch. Three low-cost airlines -- Jeju Air, Eastar Jet and Air Premia -- had to conduct check-ins by hand after ticketing systems, based on Microsoft’s cloud service, went down. They fully restored check-in and booking systems Saturday afternoon.

Game developers Pearl Abyss and Gravity said that their systems suffered disruptions due to “sudden failure” in their equipment, temporarily preventing users from accessing their websites and games.

There were many posts on social media in which people using Windows PCs reported “the blue screen of death,” often referred to by the acronym BSOD, a frustrating blue screen that pops up when Windows operating system stops due to a serious error.

The global IT breakdown, mainly linked to CrowdStrike’s software issue, affects a wide range of online platforms, including Microsoft 365, Azure, Amazon Web Services and even some social media services.

As a number of companies and governments are closely interconnected via internet and cloud services, a heavy dependence on a couple of dominant software services, even from a tech giant like Microsoft, can lead to a catastrophic failure on a global scale. The underlying reason is that Microsoft and other big IT firms maintain tight cyber security, but they cannot always spot and block software defects in updates provided by smaller partner vendors. This is why a growing number of hacking groups are targeting small IT vendors in an attempt to exploit the structural weak link in a way that orchestrates large-scale online disruptions.

The latest outage is also a chilling reminder that even a minor software problem happening on the other side of the world can bring down systems at major infrastructure systems and critical solutions in real time, largely because companies involved use the same cloud system from a single company.

South Korea remains vulnerable to such mass IT outages. According to the Ministry of Science and ICT, Amazon Web Services accounted for 60.2 percent of cloud service usage in the country last year, followed by Microsoft’s Azure with 24 percent. Last year, the Korean government’s administrative, court and education computer networks were disrupted. The country’s biggest mobile messenger operator KakaoTalk suffered a series of outages in recent years.

The latest global IT failure has exposed the vulnerability of a hyperconnected society where most services are connected to a handful of cloud systems. The government must use this as an opportunity to review IT and communication infrastructure and fix potential security flaws, while companies should explore ways to minimize risks related to heavy dependence on a single cloud service.