Photo: VCG

A software update from American cybersecurity technology company CrowdStrike caused a global technical havoc on Friday, leading to suspended flights, disrupted public services, and paralyzed payment systems worldwide. The incident highlights the significant security risks associated with global dependence on a handful of US corporations, experts warned.

According to an announcement by CrowdStrike on Saturday, the global computer outage primarily stemmed from an update pushed to its Falcon Sensor software, which caused devices running Windows systems globally to suffer from a bug check or blue screen error associated with the software.

 “We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on,” CrowdStrike said in the statement. 

CrowdStrike’s apology for the outage did not alleviate global concerns over tech dependency. In the wake of the global IT outage, CrowdStrike's stock suffered significantly, dropping 11.1 percent to close at $304.96 per share on Friday. 

The technological disaster that swept through the US, Japan, and Europe had a significantly lesser impact in China. Key infrastructure across the Chinese mainland such as airports, banks, government services, and payment systems remained unaffected by the tech failure.

Experts note that China experienced minimal damage in this incident, largely due to the minimal reliance of Chinese companies and public service sectors on US software, opting domestically developed cybersecurity systems. The self-reliance helped China to avoid similar security risks.

With the current prevalence of Windows operating systems globally, the widespread IT outage was only triggered by an issue with third-party antivirus software utilized by Microsoft. Theoretically, as long as computers are connected to the internet, Microsoft could cause all Windows systems to crash overnight, which would halt all internet-dependent infrastructure, and that could severely damage enterprises, railway systems, airlines, hospitals, schools, bond trading systems and governments, Kong Xiangyan, Head of 360 Endpoint Security department, told the Global Times on Saturday.

In China, the limited impact of this incident can be largely attributed to our early initiation of a substitution plan involving domestic hardware, operating systems, and application software, Kong said.

Most internet terminals in China use Chinese security software like 360. The primary impact of this recent global technology outage in China was likely felt among multinational companies and industries with significant overseas operations, according to documents sent to the Global Times by Chinese digital cybersecurity company 360 on Saturday.

China boasts a considerable array of domestically developed security products, including PC scanners, antivirus software, and security tools. They are now widely used among businesses, government entities, and regular consumers, reducing reliance on American security products. This has allowed China to incur almost no damage from the cyber outage, Cao Yan, an expert from the Cyber Security Association of China, told the Global Times on Saturday.

Experts warn that global dependence on American companies could pose potential security risks, and domestically developed software products could provide nations with a secure backup.

Whether due to human error or technical reasons, the incident caused by CrowdStrike represents a global security threat. The widespread use of software developed by a few American companies, from governmental to civilian sectors, might constitute a security risk, Cao added.

If we must use products from the US, we need to enhance security oversight and backdoor detection, and prepare domestically developed software backups. At the same time, we should continuously improve domestic software by strengthening oversight and testing, Cao said.

The release of an unverified version that led to such extensive impacts also highlights significant management issues within top international security firms, according to 360.

As of press time, the specific economic losses caused by the incident have not yet been quantified.