In our first blog post, we discussed technological independence as the key to better IT solutions. Ironically, shortly afterward, an event of enormous scale, with global repercussions, underscored the importance of this discussion: the CrowdStrike crisis, described by experts as the"largest IT outage in history."„.
What Happened?
On July 19, 2024, CrowdStrike released an update for its Falcon security tool, which caused massive problems on Windows systems. This faulty update led to crashes and IT outages worldwide. At least 8.5 million devices were affected, though the actual number may be higher, as only devices that submitted error reports were counted.
Background of the Crisis
The error resulted from an incompatibility between the update and Windows kernel components. The kernel is the central part of an operating system that has direct access to hardware. Security software that interacts deeply with the kernel significantly increases complexity and the risk of errors. The problem was so severe that many devices entered an endless restart cycle, and users were confronted with the infamous "Blue Screen of Death" (BSOD).
A significant factor enabling this crisis was a court ruling that required Microsoft to make its kernel accessible to external security software. This decision was intended to weaken Microsoft’s monopoly and foster competition. Ironically, this also allowed for deeper interactions with the operating system, increasing the likelihood of critical errors .
Scale of the Impact
In just one day, the crisis caused global disruptions affecting fundamental sectors such as healthcare, finance, government, transportation, and media. Hospitals like Kaiser Permanente and Providence Health had to revert to manual operations. In Alaska, the 911 emergency call system was affected, and railway companies in several countries experienced significant operational disruptions. In Germany, there were severe repercussions as well: Eurowings had to temporarily suspend all domestic and UK flights. The aviation industry was massively affected, resulting in significant financial losses. The supermarket chain Tegut had to close over 300 stores because their checkout systems stopped working. Cloud monitoring firm Parametrix estimates that Fortune 500 companies in the U.S. alone lost around $5.4 billion, with healthcare bearing the greatest direct financial losses . According to Cybcube, the total cost of the disruption could reach $10 billion.
Dependencies and Risks
Heavy reliance on major IT providers increases vulnerability. A single error in a central software component can have global repercussions. Security software that interacts deeply with the kernel significantly increases complexity and the risk of errors . This crisis highlights how dependent many companies are on a small number of major providers. A single failure at one provider can trigger a chain reaction, paralyzing entire networks and disrupting critical services.
Power of Major Tech Corporations
The concentration of power among large tech corporations is influenced by legal and regulatory factors that often bolster their market dominance. Microsoft’s integration into many corporate networks demonstrates how such companies occupy central positions in IT infrastructure and exert significant influence. This concentration of power and dependencies poses substantial risks, as a single error can have far-reaching consequences . Despite regulatory constraints, Microsoft remains obligedto improve its security infrastructure and minimize risks.
Critical Analysis and Solutions
While CrowdStrike is a major player in its sector, it does not have a monopoly; its Falcon tool is installed on only about 1% of all PCs, primarily in business environments and on critical Windows devices, which is why the impact was particularly severe here. Microsoft, on the other hand, provides about 70% of desktop operating systems globally, amplifying the effects of the outage and impacting millions of people worldwide .
The House Committee thanked CrowdStrike for its coordination but expressed concerns about the "global dimension of this incident" and its implications for national security, as malicious actors could exploit such vulnerabilities könnten. Lina Khan, FTC Chair, commented on X (formerly Twitter), "These incidents demonstrate how concentration creates fragile systems."
Microsoft’s Security Chief David Weston emphasized the importance of secure provisioning and disaster recovery, reminding everyone how crucial it is to remain vigilant across the entire technology ecosystem. Cloudflare-CEO Matthew Princewarned that Microsoft might favor its own security products if it continues to harden Windows, which could lead to new problems and further market concentration.
Regulatory pressures may limit Microsoft’s ability to take drastic security measures. A Microsoft spokesperson explained that the company cannot secure its operating system in the same way as Apple due to a 2009 agreement with the European Commission aimed at fostering competition. CrowdStrike CEO frequently criticizes Microsoft’s security record, highlighting that alternatives become easier to sell as long as Microsoft continues to face security issues.
This incident underscores the dependence on existing monopolies in the IT landscape. Open-source solutions offer transparency, flexibility, and security benefits. They can help companies reduce reliance on major IT providers. We encourage our clients to adopt open-source technologies to promote technological independence and retain control over their infrastructure. Successful implementation of these technologies is essential to prevent similar crises in the future.
In conclusion, the CrowdStrike crisis highlights the risks of dependence on large tech corporations. A stronger focus on technological independence and open-source solutions could help make the IT landscape more resilient and secure .
EN 
DE