How the CrowdStrike outage made IT supply chains the new big issue in tech

29 December 2024, 00:04

An information screen in the South Terminal at Gatwick Airport (PA)
IT outages. Picture: PA

The CrowdStrike outages, which brought infrastructure around the world to a standstill, placed new focus on IT supply chains.

The CrowdStrike outage – which caused massive disruption in the NHS, transport, banking and wider infrastructure – means the state of global IT supply chains became one of the big tech talking points of 2024.

The unlikely talking point came to the public’s attention in July, when a far-reaching global IT outage saw transport links shut down, parts of the NHS revert to pen and paper, and even TV broadcasters unable to get on the air.

It soon emerged the issue was a defect in a software update for Microsoft Windows users from cybersecurity firm CrowdStrike, with the flaw knocking systems offline.

The widespread nature of the issue was astonishing – transport hubs around the world went offline, as did systems linked to online banking, healthcare and media organisations.

Once it was established that the incident was not security-related or a cyber attack, attention quickly turned to just how vulnerable global IT systems were to widespread problems such as this, with many experts warning that one of the root causes was an over-reliance on small numbers of firms for IT systems.

They argued that this meant that a single issue with one provider, in this case CrowdStrike, meant millions of computers around the world could be knocked offline.

At the time of the outage, experts suggested there was an element of businesses sticking with what they know in using operating systems such as Microsoft’s Windows, and also concerns about the cost of training staff to use a new and different system could be part of the issue.

Industry expert Dafydd Vaughan, chief technology officer at consultancy Public Digital, said the Government needed to do more to boost competition within supply chains.

Taking the example of the NHS, which was badly impacted by the CrowdStrike outage, he said: “EMIS – a major provider of services to GP surgeries, handling health records, appointment bookings and more – is used in more than 60% of GP surgeries in England and Wales.

“The Government needs to consider the risk that comes with so few companies controlling so much of our essential infrastructure.

“In all industries, Government should see the value of more competition in their supply chains, and work to increase the number of companies that provide these essential services and avoid monopolies controlling our national infrastructure.”

That specific issue could be something raised in 2025, but in the meantime, the Government has already taken steps to boost the protection around IT infrastructure by announcing the designation of data centres as critical national infrastructure (CNI).

This means data centres are now on the same footing as vital utilities such as energy and water, and therefore receive additional support should a major incident affecting them occur.

This decision comes in a year where another wave of notable outages – beyond just CrowdStrike occurred – including a number of repeated issues and outages linked with banking apps in the UK, other Microsoft server issues, social media platform glitches and others.

The threat of cyber-attack also remains high, with industry and security experts warning that bad actors are increasingly looking at ways to disrupt infrastructure through cyber-attacks as a way of waging modern warfare.

After coming to power in July, the Labour Government said it would introduce the Cyber Security and Resilience Bill, which would give greater power to regulators to push more firms to implement better cybersecurity defences by expanding the remit of existing regulation and put regulators on a stronger footing, as well as increasing the reporting requirements placed on businesses to help build a better picture of cyber threats to the UK.

That Bill is set to be introduced to Parliament in 2025.

By Press Association

More Technology News

See more More Technology News

A Barclays sign outside a branch

Barclays to hand share award to staff after yearly profit surges by a quarter

A bin of seized knives. A new AI tool from the University of Surrey has been unveiled which could help police forces more quickly identify and trace knives.

New AI tool to identify knives could ‘transform’ policing of knife crime

Former executive chairman of Google Eric Schmidt

Former Google boss warns of ‘extreme risk’ from terrorists posed by AI

A laptop displaying a ‘Matrix’-style screensaver

MPs: Ministers must give protections to creative sector amid AI copyright fears

French President Emmanuel Macron addresses the audience in a closing speech at the Grand Palais during the Artificial Intelligence Action Summit in Paris

Refusal to sign AI declaration was ‘based on what’s best for British people’

Someone at a computer keyboard

Airbnb issues warning over holiday scams fuelled by AI and social media

An HSBC branch

HSBC online and mobile banking working again after service outage

HSBC on growth across the UK

HSBC hit by outage as users complain of being unable to log on

The summit in Paris (Michel Euler/AP)

UK did not sign AI communique over ‘opportunity and security’ concerns – No 10

Sky Glass Gen 2

Sky unveils second generation Sky Glass TV promising ‘better picture and sound’

Technology Stock

UK announces sanctions against Russian cyber crime network

Participants in the AI Action Summit pose for a group photo at the Grand Palais in Paris

UK appears not to have signed leaders’ declaration at AI summit

OpenAI CEO Sam Altman

Sam Altman reiterates OpenAI ‘not for sale’ after Elon Musk-led bid

A young girl uses the TikTok app on a smartphone.

Data of dead British children may have been deleted, TikTok boss says

Elon Musk

Elon Musk offers $97bn to buy ChatGPT-maker OpenAI

Alesha Dixon (Jordan Pettitt/PA)

Alesha Dixon working ‘super hard’ to stop children having phones