The latest:
- Cybersecurity firm CrowdStrike blames software update for global tech outage.
- Company reports services being restored after outage affected systems using Microsoft Windows.
- Tech failures hit airlines, government agencies, hospitals and more.
- Some 4,400 flights cancelled globally, as of early Friday evening.
- Delays at borders as Canadian, U.S. agencies experience issues.
- Federal government warns Canada Child Benefit payments may be delayed.
Canadians weren’t spared the headaches of cancelled flights, delayed medical appointments and other problems caused by a failed cybersecurity software upgrade that caused a host of cascading issues around the globe on Friday.
According to an alert sent by the global cybersecurity firm CrowdStrike to its clients and reviewed by Reuters, the company’s Falcon Sensor software caused Microsoft Windows to crash and display a blue screen, known informally as the “blue screen of death.”
The problem crashed Windows machines and servers, sending them into a loop of recovery so that they couldn’t restart.
- Just Asking wants to know: What questions do you have about the global IT outage that brought businesses around the world to a halt? Fill out the details on this form and send us your questions ahead of our show on July 20.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” company CEO George Kurtz said in a message posted on social media.
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
David Shipley, CEO of cybersecurity firm Beauceron Security, said a majority of the world’s computers use Windows systems, and that is a vulnerability that Canada and other governments should think about addressing.
“So, maybe we need to have a deep conversation about where government’s role is in regulating tech companies to make sure all of our eggs — in every single critical industry — are not concentrated in so few companies,” Shipley told CBC News on Friday.
“This an abject lesson in capitalism run amok and government asleep at the switch.”
Disruptions hit health services
Canadian airlines, business, government agencies, hospitals and media outlets — including CBC — suffered the effects of the outage, which began overnight.
David Shipley, CEO of Beauceron Security, a New Brunswick-based cybersecurity software firm, says Canadians frustrated by the CrowdStrike outage should ‘get mad’ and make sure federal party leaders know about their frustration to mitigate future incidences.
British Columbia health authorities say the disruption affected its networks and computers across all systems. Adrian Dix, the province’s health minister, said that the tech issues had left hospital workers “briefly” using pen and paper to do some of their work on Friday.
Toronto’s University Health Network said the outage was affecting some of its systems, but advised later Friday that it was “returning to normal operation after the global IT outage.”
Hamilton Health Sciences (HHS) also said some of its operations were affected but specified all of its hospitals remained open. HHS said some non-urgent appointments and procedures may be delayed and that affected patients would be contacted.
The outage also affected the availability of some health-care services in Newfoundland and Labrador, according to a statement from N.L. Health Services. The organization later said its Meditech system — used to manage patient and finance information — was running normally by the mid-afternoon.
Domestic, international airlines affected
Airports across Canada advised customers to check with airlines about flight status before heading to the airport for travel or to pick up family and friends.
The impacts varied “airline to airline,” according to a spokesperson for Toronto’s Pearson airport.
Toronto-based Porter Airlines said all flights would be cancelled until at least 3 p.m. ET. In the mid-afternoon, the airline reported being in the “early stages” of restoring normal services.
Porter customer Jennifer Quintyne told CBC News that she was supposed to be headed east with her son to visit family members. Instead, Quintyne joked she found herself “vacationing at the airport.”
For some, the flight issues had more dire consequences.
In Nova Scotia, Mark Rutherford said a cancelled flight from Halifax to Montreal meant that he would not be able to attend a pending funeral for two relatives.
“It would have been nice to be there and it’s not happening now,” Rutherford, who had booked his flight with Porter, told CBC’s Canada Tonight.
He said an alternate flight with another airline was too expensive for him to consider.
Other Canadian airlines did not appear to be affected, Pearson airport said in a separate statement, but major U.S. air carriers were having problems.
Many travellers are scrambling to find alternative routes, after Porter Airlines cancelled flights on Friday due to the global outage of CrowdStrike cybersecurity software. CBC’s Chris Glover speaks to those in Toronto affected by the cancellations.
In the U.S., American Airlines, Delta Air Lines, United Airlines, Spirit Airlines and Allegiant Air had all their flights grounded for varying lengths of time. Airlines said the outage affected many systems, including those used to check in passengers, calculate aircraft weight and communicate with crews in the air.
By early evening on the East Coast, nearly 2,800 U.S. flights had been cancelled and almost 10,000 others were delayed, according to tracking platform FlightAware. Worldwide, about 4,400 flights were cancelled.
Snags, delays at Canada-U.S. border
Representatives from the international airports in Montreal and Vancouver told CBC News that U.S. customs officials could not process U.S.-bound passengers. U.S. Customs and Border Protection released its own statement indicating the CrowdStrike outage-related issue had been resolved.
Montreal-Trudeau International Airport said “the problem has been resolved and passenger processing is gradually resuming.”
Traffic delays at points of entry on land between Canada and the U.S. were also reported — including at the bridge and tunnel crossings between Windsor, Ont., and Detroit on Friday morning. By 8 p.m. ET, wait times to cross the border varied between 30 and 45 minutes, according to data posted online.
The Canada Border Services Agency (CBSA) said it had experienced a partial systems outage of its telephone reporting system that was resolved. The statement did not refer to CrowdStrike and Microsoft issues.
Airports globally are facing issues caused by a CrowdStrike update that caused Windows systems to crash. In Fredericton, the issue has delayed several Porter flights.
CEO ‘deeply sorry’
Kurtz, the CrowdStrike CEO, appeared on NBC’s Today show to apologize for the company’s software failure.
“We’re deeply sorry for the impact that we’ve caused to customers, to travellers, to anyone affected by this,” he said.
Kurtz said that while some systems won’t automatically recover, the company would ensure “every customer is fully recovered.”
The issue affected Microsoft 365 apps and services. The website Downdetector, which tracks user-reported internet outages, recorded growing outages in services at Visa, ADT security and Amazon.
Microsoft said on Friday that the underlying cause for outage of its 365 apps and services has been fixed, but the residual impact of cybersecurity outages continued to affect some customers.
CrowdStrike says it has more than 20,000 subscription customers around the world, with over half of Fortune 500 companies using its software, according to company promotional materials from this year.
As a result, a number of companies across sectors were affected.
FedEx Corp. said on Friday it experienced substantial disruptions to deliveries throughout its networks. It warned of “potential delays” for packages expected on July 19.
The CBC experienced some issues with automated broadcasting processes that were resolved after a few hours.
Scale of outage concerns experts
Even as companies and institutions began restoring regular services, experts said the cyber outage revealed the risks of an increasingly online world.
“This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” Ciaran Martin, professor at Oxford University’s Blavatnik School of Government and former head of the U.K. National Cyber Security Centre, told Reuters.
“I’m struggling to think of an outage at quite this scale,” said Martin.
Ritesh Kotak, cybersecurity and tech analyst, told CBC News Network that clients and consumers will have to be patient.
“A lot of these systems have redundancies that are built into them. So, for example, when one system fails, it can piggyback off another system; it just literally passes the baton,” said Kotak.
“It’s not as smooth sometimes as one may think … but depending on the scale of the servers impacted sometimes it takes just a little bit of time to pass over that baton and then fix the problem and then bring those services back on to the original servers.”
