Computer users around the world have recovered from the “blue screen of death” after a software update from the cybersecurity firm Crowdstrike interfered with many versions of the Microsoft operating system. The post-mortems have begun. Photo: Maison Moderne

Computer users around the world have recovered from the “blue screen of death” after a software update from the cybersecurity firm Crowdstrike interfered with many versions of the Microsoft operating system. The post-mortems have begun. Photo: Maison Moderne

The IT systems affected by the worldwide blackout affecting Microsoft users seemed to be gradually returning to normal. All that remains now is to establish who was responsible. For the director of the US Cybersecurity and Infrastructure Security Agency, it will be Crowdstrike.

Green. Green. Green. By Sunday evening, the Microsoft ‘’ page had regained its three green checkmarks. Crowdstrike has developed a to help those who are still having problems to get everything back up and running after Friday’s global IT meltdown. The outage affected several sectors, including airlines, banks, stock exchanges, hospitals and retailers in various regions, including Asia-Pacific, the United States and Europe.

On Friday, the CEO of the US cybersecurity company, George Kurtz, published an apology letter: “I want to sincerely apologise directly to all of you for today’s outage. All of Crowdstrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.”

“We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines. While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft’s vice president of enterprise and information systems security, David Weston,  in a blog post. “This incident demonstrates the interconnected nature of our broad ecosystem--global cloud providers, software platforms, security vendors and other software vendors, and customers. It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist. As we’ve seen over the last two days, we learn, recover and move forward most effectively when we collaborate and work together. We appreciate the cooperation and collaboration of our entire sector, and we will continue to update with learnings and next steps.”

“Any company that builds any kind of software should design, test, and deliver it with a priority on dramatically driving down the number of flaws--flaws which can be intentionally exploited by bad actors or flaws that can unintentionally take down critical services across the globe,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, on her personal Linkedin account. “The other thing I know is that anyone who consumes tech (yup--that’s basically all of us) should demand that those technology and software manufactures do exactly that. Why we’ve been working with technology companies large and small, including Crowdstrike and Microsoft, to voluntarily commit to the Secure by Design .”

Easterly stated: “our nation’s critical infrastructure, the systems and services that Americans rely on every hour of every day for power, water, transportation, communication, healthcare, education, finance…and much more…is, broadly speaking: highly digitized, highly interdependent, highly connected, and highly vulnerable. And this is due, in large part, to a fragile software ecosystem that has historically deprioritized security in favor of features and speed to market. Ironically, one reason that companies like Crowdstrike and other cybersecurity vendors exist is to bolt on security to software that’s been shipped chockfull of vulnerabilities.”

As is often the case in such chaotic situations, cybercriminals take advantage of the situation to try and take advantage of certain infrastructures. Crowdstrike itself to a cyber attack on customers who speak Spanish.

In Luxembourg, as in other EU member states, it will be interesting to see what regulators take from this event. With the EU’s Digital Operational Resilience Act (Dora), financial companies have obligations not only in terms of reporting but also in terms of risk management, mitigation and information sharing. The Luxembourg financial regulator CSSF had published two press releases on Friday, the referring recommendations from the Computer Incident Center Luxembourg (Circl). The second was more explicit: The CSSF hereby reminds Luxembourg-domiciled investment managers and undertakings for collective investment (UCI) as well as all entities involved in the operation of these entities to duly assess the impacts of this IT outage and to take all the appropriate actions in order to ensure the ongoing functioning of the UCIs.

“In case UCIs encounter difficulties in determining the valuation of the assets and/or the net asset value of any UCI in accordance with their prospectus and articles of incorporation/management regulations (’fund documentation’), UCIs shall assess, based on the fund documentation, whether a suspension of the NAV calculation is necessary in view of these circumstances.”

According to our sources, various players have been affected in Luxembourg, but we have not been able to obtain confirmation from them.

Read the original French version of this report

Related articles