© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
A major disruption in Microsoft Corp’s cloud services caused service disruptions to a number of businesses around the world, including in India.
Microsoft said that a preliminary cause for the disruption was a configuration change “in a portion of [its] Azure backend workloads”, which resulted in connectivity failures that affected Microsoft 365 services dependent on these connections. Azure is Microsoft’s cloud computing platform.
At the heart of the issue was a software update issued by US cybersecurity firm CrowdStrike for Windows systems, which ended up malfunctioning and caused system downtimes. The issue was specific to Falcon, one of the company’s main software products, which is deeply embedded with the Windows operating system. Major corporations across the world use software developed by CrowdStrike, which is why all their systems faced the outage at the same time.
In cybersecurity parlance, Falcon is described as “endpoint detection and response” (EDR) software. It is a complex software, but its basic job is to monitor activity on computers on which it is installed, and constantly scan them for any potential threats such as malware. All major businesses around the world, including several Fortune 500 companies, are understood to use the service.
To carry out its job, Falcon first gets access to deep details of a system. This includes, among other things, the communications that computers are sending over the internet, what programs they are running, and the files that are being opened.
In that sense, Falcon is a ‘privileged software’ given its deep rooted integration at the operating system level. Since a number of businesses use systems which run on Windows, Falcon is deeply embedded within those systems — this was the major reason why a faulty code in the Falcon update primarily impacted Windows PCs.
In India, the impact of the outage was most pronounced in the aviation sector. Hundreds of flights were delayed, and several cancelled, as airline operators found their systems inoperational, forcing them to switch to manual processes.
Indigo said that its systems “across the network” were impacted by the issue with Microsoft Azure, “which has resulted in increased wait times at our contact centres and airports”. Akasa Air temporarily suspended online services, like booking and check-in, and reverted to manual operations. Air India Express said the outage had impacted its airport operations, as well those of multiple airlines and airports globally. Spicejet said that it was facing “a technical issue in providing updates on flight disruptions”.
The Ministry of Civil Aviation, in collaboration with the Airports Authority of India, implemented manual backup systems to maintain operational continuity. Extra staff was deployed to assist passengers, and address their concerns, the ministry said.
The aviation sector saw major disruptions worldwide. Major US carriers like Delta, United, and American Airlines had flights grounded by authorities. Airlines in Europe and the Asia-Pacific also reported disruptions.
In India, at least ten banks and NBFCs faced minor disruptions, which have either been resolved or are being resolved, the Reserve Bank of India said. It added that overall, the financial sector in India remained insulated from the global outage since critical systems of most banks were not in the cloud, and only a few banks are using the CrowdStrike tool.
Unlike the London Stock Exchange, the BSE was not impacted due to the Microsoft issue. “Our operations are running normal,” a spokesperson for the stock exchange said.
A number of Windows PC-users were also greeted with the infamous ‘blue screen of death’, where their systems simply did not start up beyond a blue screen displaying an error message. According to Microsoft, a Windows device displays blue screen errors if the operating system has encountered a serious problem that has forced it to shut down or restart unexpectedly.
Union IT Minister Ashwini Vaishnaw said that the Ministry of Electronics and IT (MeitY) was in touch with Microsoft, which in turn was working with impacted entities.
India’s nodal cyber agency, Indian Computer Emergency Response Team (Cert-In) also issued an advisory regarding workarounds to the issue. Vaishnaw said that Cert-In was coordinating with chief information security officers of critical infrastructure entities. “All impacted entities are working to bring up their systems. In many cases, systems are partially up,” Vaishnaw said. He clarified that the National Informatics Centre’s (NIC’s) operations were not impacted.
