CrowdStrike outage highlights vulnerabilities in our economy

It was supposed to be a routine software update.

Instead it became a global technology meltdown, causing a cascading series of difficulties widely affecting businesses and consumers.

CrowdStrike, a technology firm that works with Microsoft systems to protect them from security threats and cyberattacks, said it suffered the outage due to a “defect” in a systems update.

Airlines had to cancel thousands of flights. Hospitals had to stop procedures and testing. Some 911 systems stopped working. And personal computers showed the so-called “blue screen of death.”

Once systems were back online, the dominoes of damage had fallen. Delta Air Lines particularly suffered delays and cancellations all week as it tried to rectify staffing, scheduling and baggage snarls.

It was a frightening wake-up call, providing a clear picture of the vulnerabilities in our nation’s economy, the fragility of our technological infrastructure and just how much can go wrong in an instant.

Now, we need to understand exactly what happened and why — and how to prevent it from happening again.

Transportation Secretary Pete Buttigieg already began an investigation into Delta to determine whether the airline complied with consumer protection requirements and to understand why the airline had so much trouble recovering from last week’s outages.

And Rep. Andrew Garbarino (R-Bayport) is seeking testimony from CrowdStrike officials before the congressional subcommittee on cybersecurity and infrastructure protection, which he chairs. That’s going to be critical. In the past, CrowdStrike officials have served as the experts — to explain what can go wrong and what should be done. Now, they’re the ones who made mistakes — and they’ll have to own them.

But it’s also incumbent upon our largest and most important companies, medical institutions and others examine their own systems and make sure they have backups and workarounds in place where possible. It’ll also be important to determine whether additional regulations and oversight are necessary.

And, to a point Garbarino makes often, the United States has not done enough to address the so-called “continuation of economy” issue. The notion of prioritizing agencies, systems, infrastructure and industries in the event of an even larger meltdown, or cyberattack, so the federal government has a plan for how to get the most urgent systems back up and running, isn’t discussed enough and federal officials still don’t have a thorough and fully vetted strategy.

Consumers and small business owners, too, must be aware of how to make their own systems secure and backed up.

Concern, too, has rightly mounted that malicious actors could take advantage of the CrowdStrike outage — and the holes it’s uncovered.

The damage done by a single update was stunning and scary for its broad reach and serious ripple effects. The response, from elected officials, private corporate executives and the entire tech sector, must be equally broad and equally serious.