Could the 'Blue Screen of Death' happen again? Some cyber experts think so
The global technology glitch that halted flights and disrupted health care operations, financial services and more starting shortly after midnight Friday won't be the last of its kind, according to some cyber experts.
Last week's problem stemmed from a faulty software update from cybersecurity firm CrowdStrike, which is tasked with protecting computers with Microsoft Windows from hackers and data breaches.
The automatic update at 12:09 a.m. Friday was a routine part of CrowdStrike’s Falcon security suite but a bug in the system allowed "problematic content data" to be sent to customers, the company said Wednesday.
The undetected error crashed millions of computers, resulting in a "Blue Screen of Death," or infinite rebooting.
"This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD)," the company added.
CrowdStrike, based in Austin, Texas, on Wednesday also detailed steps it is taking to avoid a repeat. They include improving software testing, doing a phased rollout for updates and providing customers with more information and control over planned software updates.
While the company identified and addressed the problem in less than 90 minutes Friday, some systems required information technology crews on the ground to do more time-consuming manual fixes by deleting files on affected machines.
Besides stranding travelers at airports and delaying surgeries, the software fallout also left some people unable to get cash at ATMs or complete business transactions. Some companies, like Delta Air Lines, continue to deal with the repercussions.
Four cyber experts Newsday spoke to addressed lingering questions about the issue.
Do you think this will happen again?
"We can expect these types of failures in the future at an increasing rate given our tech dependence," said Scott Jeffreys, special associate professor of computer science at Hofstra University.
Scott White, a professor and the vice chair of the Cyber Security and Privacy Research Institute at The George Washington University, had the same view.
"I believe another global technical issue, like that which we experienced with CrowdStrike, will occur. The question is, will that be a result of negligence, similar to that which we experienced with CrowdStrike, or will it be the result of a foreign adversary? My concern is, we are not creating enough cyber resilience in our systems to protect us from a catastrophic attack," White said.
What tough questions should businesses be asking to try to avoid the problem in the future?
Companies and organizations should be looking at their "resiliency, incident response, disaster recovery and business continuity planning," White said.
Lisa Plaggemier, executive director of The National Cybersecurity Alliance in Washington, D.C., said businesses should have a backup plan for extreme circumstances. She gave an example of companies that prepare to operate in disaster or hurricane zones.
"Can you still function with paper and pencil and have you planned for this?" she said, adding: "It's this whole practice of making sure you can continue to do business, regardless of the type of outage and that you can recover when systems come back online or the power comes back on."
Why do you think this seemed to take everyone by surprise?
"It was just sort of silently pushed everywhere and I think this was one of the big reasons why it took everyone by surprise," Justin Cappos, a professor in the computer science and engineering department at New York University, said of the software update. "You had no idea an update was going to happen. You had no control over it."
The sheer scale of the fallout demonstrated a high level of dependency on one antivirus company, experts agreed.
"The fact that they are so deeply deployed in so many places in our infrastructure, I think was really what took people by surprise on this," added Jeffreys, the Hofstra professor.
How can people protect their personal computers to try to avoid the "BSOD" going forward?
Cappos said there's no way for Microsoft users to independently prevent a repeat because it's up to Microsoft to have "better guardrails for antivirus vendors."
Other experts stressed it's important for people to back up their personal files and data on a cloud or a USB drive, maintain an inventory of passwords and make sure their operating systems are up to date.
"The most important thing to resiliency is that I can pick up where I left off and keep going," said Plaggemier, who also recommended that people shut down their equipment every couple of days.
How can companies like CrowdStrike avoid repeating an error of this scale?
Cappos said a better software supply chain, along with improvements to security and testing would help.
"Management should have ensured the controls were in place," he said.
White said all companies "have to do their due diligence, including the producers of the product, before they release it to the public."
Newsday Live Music Series: Long Island Idols Newsday Live presents a special evening of music and conversation with local singers who grabbed the national spotlight on shows like "The Voice," "America's Got Talent,""The X-Factor" and "American Idol." Newsday Senior Lifestyle Host Elisa DiStefano leads a discussion and audience Q&A as the singers discuss their TV experiences, careers and perform original songs.
Newsday Live Music Series: Long Island Idols Newsday Live presents a special evening of music and conversation with local singers who grabbed the national spotlight on shows like "The Voice," "America's Got Talent,""The X-Factor" and "American Idol." Newsday Senior Lifestyle Host Elisa DiStefano leads a discussion and audience Q&A as the singers discuss their TV experiences, careers and perform original songs.