Computer systems across Australia and overseas have failed this afternoon after an update was pushed out by global security software provider CrowdStrike.
Author
Mark A Gregory
Associate Professor, School of Engineering, RMIT University
The software affected by the update appears to be the CrowdStrike Falcon platform, which is installed by businesses or other organisations on desktop computers and notebooks to provide security monitoring.
What's happening?
The software failure has caused a major IT outage affecting organisations across Australia and around the world. The websites of the Commonwealth Bank, Telstra, the ABC and many others have been affected, according to crowdsourced outage reporting website DownDetector.
The big four banks, Telstra and major media organisations including the ABC and Foxtel have had services go offline. Customers are not able to use EFTPOS to pay for goods and services in many businesses.
Telstra has reported that the Triple Zero Emergency Call service is still operating as normal.
How bad is it?
DownDetector currently shows that a large swathe of Australian businesses are experiencing some form of outage brought on by the software failure.
DownDetector is an online outage reporting tool provided by the global network intelligence and service provider Ookla.
The number of businesses that have ceased operation is staggering.
Major airlines, banks, shops, and many other businesses have been forced to suspend trading or providing services.
Thousands of people will now be stranded at airports around the nation on a Friday evening, and bus and train services will potentially be affected.
What exactly went wrong?
The problem appears to have been caused by a software update gone wrong. A newly released version of CrowdStrike's cybersecurity software reportedly caused Windows computers to crash and display a "blue screen of death" - a standard error screen that happens when the operating system cannot load correctly.
Australia's National Cyber Security Coordinator, Michelle McGuinness, said in a post on X (formerly Twitter) that "There is no information to suggest it is a cyber security incident."
What is being done?
In a post to a Slack channel of computer administrators, a CrowdStrike representative said "the bleeding has been stopped", indicating that computers that have not already been affected are unlikely to be hit in future.
Notifications from CrowdStrike are being sent out to customers or posted to support pages that can only be accessed with a login.
However, the process of fixing affected computers might be very time-consuming. CrowdStrike advised customers that an affected machine needs to be booted into "safe mode", and then a specific file will need to be deleted.
This process is likely to need to be done manually, so there is no easy fix that can be applied to many machines at once.
Government action
More information on the CrowdStrike software outage should soon be available from the Australian Cyber Security Centre.
The National Emergency Mechanism group will meet shortly, co-chaired by the National Emergency Management Agency.
Do I need to worry about my Windows computer?
Home computers should not be affected by what's happening.
CrowdStrike typically provides its Falcon security platform to large businesses and enterprise customers.
Mark A Gregory receives funding from the Australian Research Council, auDA Foundation and ACCAN.
