In the year 2000, everyone was paranoid that computers around the world would all crash simultaneously because no one knew what would happen when computers that stored the year of date in just two digits as “99” clicked over to “00”. Months were spent preparing and panicking, and then….nothing bad happened.

Well the Y2K bug may finally have arrived - 24 years too late.

Yesterday, on Friday 19th July 2024, the world experienced a sudden and widespread internet outage that disrupted services across hundred of major websites and platforms. Social Media, News outlets, E-commerce sites, Airlines, Banks and emergency services were all affected. Over 5,000 flights were grounded globally.

The outage had an extremely broad impact, affecting individuals, businesses, and even governments. From people unable to check their social media accounts to businesses losing potential sales, the ripple effects were significant. Information websites, streaming services, and e-commerce platforms all faced interruptions, highlighting the pervasive nature of our reliance on the internet. Even this morning, I still couldn’t log into my New Zealand Internet banking site.

How one bad software update caused cascading faults

When millions of people around the globe found themselves unable to access various online services, initial fears pointed to a possible cyber-attack - but it was soon revealed that the cause was a software bug within a company called Crowdstrike's infrastructure. The outage was triggered by a software update gone wrong. A bug in the update caused a cascading failure, leading to the temporary unavailability of numerous online services. This wasn't a hack or a cyber-attack, but rather a technical glitch.

Only a handful of times has a bug in a single piece of software managed to take down large portions of the Internet - this is one of those times, and it seems the biggest so far.

The software in question was a “kernel driver”. Something that gives Crowdstrike deep access into the security layer of Microsoft Windows machines, and that under normal circumstances allows Crowdstrike to protect against bad actors.

So in this case, software that was designed to prevent bad things from happening, caused bad things to happen - Crowdstrikes share price was pummelled immediately, as you would expect!

Unfortunately, once the faulty kernel driver is installed, a machine will reboot constantly in a “Blue Screen of Death” (BSOD), and will need to be manually fixed by a technician. We could potentially be talking millions of computers, and getting them all fixed could take weeks, although much critical infrastructure is back online already.

Crowdstrike, a relatively obscure yet critically important company in the internet ecosystem, provides cloud services, security, and content delivery networks that help websites load faster and manage large amounts of traffic. This incident highlighted just how interconnected and dependent we are on these behind-the-scenes players in the digital world.

Parallels with "Leave the World Behind"

Interestingly, this real-world incident has an eerie parallel with the recent Netflix movie "Leave the World Behind," produced by Barack and Michelle Obama. The film explores themes of societal collapse and the fragility of modern conveniences. In the movie, all networks fail at once, Self driving Teslas start driving into each other, and even more creepy, the move starts with a Ship going off course and crashing - and the movie was released *before* the Baltimore Bridge ship accident.

I’m NOT at all suggesting that the movie is a conspiracy, but it sure is a strange co-incidence that the movie had a scene of a ship being taken off course and crashing, followed by a global cyber outage, and we’ve now had both those things happen in short succession.

Commentary on Our Hyper-Connected World

I’m sure that many nations - as well as the general public - will be alarmed to have suddenly become aware that a single software bug in a single piece of code, from a company most people have never heard of, could take down large portions of the Internet like this.

Elon Musk went on twitter and said that they are ripping out Crowdstrike across all their organisations, as since they caused the very thing they are supposed to protect against, what is the point of the company.

I currently personally own New Zealand's 6th largest Internet company - Voyager - and many of our systems rely on providers such as Google, Microsoft, Cloud Flare (not Crowdstrike), and many others. These days often even things as simple as a companies billing system is stored in the cloud - i.e. Xero - and so if those companies are disrupted, then all the companies that rely on their software will be disrupted too.

In conclusion, while the Crowdstrike outage was a temporary glitch, it serves as a wake-up call for all of us. Our reliance on the internet and the companies that support it requires robust safeguards and a deeper understanding of the potential risks. As we navigate this hyper-connected era, it’s crucial to prioritize the stability and security of our digital infrastructure to prevent future disruptions from having even more severe consequences.