Business Continuity Management / Disaster Recovery , Governance & Risk Management , Government

Federal Agencies Scramble to Fix Massive Software Outage

CrowdStrike Outage Rekindles Concerns Over Federal Cybersecurity Contingency Plans
Federal Agencies Scramble to Fix Massive Software Outage
The outage delayed passengers at major airlines worldwide. The Federal Aviation Administration helped airlines temporarily halt flights in the U.S. over safety concerns. (Image: Shutterstock)

Federal agencies rushed to provide information technology support to airlines, banks and other major institutions Friday amid one of the largest reported software outages in global history affecting Windows PCs.

See Also: Zero Trust Unleashed: Keeping Government Secrets Safer Than the Crown Jewels

Federal officials from the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency and the Federal Aviation Administration confirmed in separate statements to Information Security Media Group that they have been working with the private sector to resolve a faulty software update released by the Texas-based cybersecurity firm CrowdStrike. The outage began around 6:00 p.m. U.S. Eastern Time on Thursday, according to CrowdStrike, a cybersecurity firm widely used by government agencies and Fortune 500 companies to protect cloud-based systems.

A DHS spokesperson said in a statement to Information Security Media Group that the department and CISA "are working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages."

The outages forced U.S. airlines to ground as many as 2,500 flights within, into or out of the country by Friday afternoon, according to tracking data from FlightAware.com. A spokesperson for the FAA told ISMG the agency was "closely monitoring a technical issue impacting IT systems at U.S. airlines" and added that "several airlines have requested FAA assistance with ground stops for their fleets until the issue is resolved."

Emergency services in some parts of the country were also severely affected, and reports say dispatchers in some cities were forced to take notes by hand as false fire alarms were set off in the middle of the night in cities such as San Francisco.

Several federal agencies - including the departments of Justice and Health and Human Services - also confirmed that operations were affected by the incident, which Microsoft and CrowdStrike said was the result of a single defect found in a content update for CrowdStrike Falcon software on Windows. Experts told ISMG that although the outage was not the result of a cyberattack, it once again raises concerns about government agencies relying too heavily on a limited number of technology providers, such as Microsoft, to secure federal systems.

The recent outages "have the potential to halt critical operations such as public health systems, emergency services and administrative functions that rely on stable IT infrastructure," said Lisa Plaggemier, executive director of the National Cybersecurity Alliance.

Plaggemier told ISMG the incident underscores the need for regular updates, robust contingency plans and "diversifying reliance on single software providers to prevent widespread outages."

CrowdStrike released a temporary workaround for the faulty update Friday morning while it continues to prepare a more comprehensive fix for the "blue screen of death" that began appearing on Microsoft systems worldwide (see: Banks and Airlines Disrupted as Mass Outage Hits Windows PCs).

A White House official told pool reporters President Joe Biden had been briefed on the system disruptions by Friday afternoon, and the Social Security Administration announced it had closed its offices due to the "global IT outage." Federal employees across various agencies, including the Department of Homeland Security, also reported having issues with accessing desktop computers throughout the day.

The full extent of the outages remains unclear. NASA and the Federal Trade Commission have reported experiencing some level of impact, while the Energy Department managed to restore its website - which apparently experienced technical issues throughout the outages - by late Friday morning.

Experts say CrowdStrike will face probing questions from its investors and customers about how the software flaw led to the global disruption (see: CrowdStrike, Microsoft Outage Uncovers Big Resiliency Issues).


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.