news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Source: Global Times

[Global Times Special Correspondent in the United States Li Jun, Global Times Reporter Guo Yuandan, Global Times Special Correspondent Chen Xin] "A little-known security company issued a defective software update, causing airlines, TV stations and people's daily lives in many countries around the world to come to a standstill." This sentence from AFP is rich in information. On the 19th, Microsoft Windows systems in many parts of the world crashed due to security software updates from the US company CrowdStrike, and "blue screens" appeared. Many industries such as aviation, medical, media, finance, retail, and logistics were affected. US officials criticized it as a "major accident" and US media called it "one of the largest downtime incidents in history." Microsoft officials announced on the 20th that according to an assessment, the incident affected 8.5 million Windows devices worldwide, accounting for less than 1% of all Windows devices. Xiao Xinguang, chairman of the China Cyber ​​Security Industry Alliance, said in an interview with the Global Times on the 21st: "Statistical percentage is a way to assess risks at a macro level, but for victims of system accidents, the loss they face is 100%." ​​The British Broadcasting Corporation (BBC) said that in this "global outage" that affected most countries, "China basically escaped the predicament unscathed because China is not as dependent on Microsoft as other countries in the world. Domestic companies such as Alibaba, Tencent, and Huawei are the leading cloud service providers." "Beijing sees avoiding dependence on foreign systems as a way to strengthen national security." This incident has triggered thinking in the West, and "avoiding dependence on a few technology companies" has become a consensus.

Microsoft officially announced on the 20th that according to the assessment, the "Microsoft Blue Screen" incident affected 8.5 million Windows devices worldwide, and it will take some time for all to return to normal. The picture shows passengers being forced to stay at Madrid Barajas International Airport in Spain on the 19th. (Oriental IC)

The US company involved became famous overnight

Microsoft Windows is the most widely used personal computer operating system in the world. Starting at 19:00 GMT on the 18th (03:00 Beijing time on the 19th), Microsoft Windows systems in many parts of the world experienced "blue screens" and the operating system was paralyzed. Deutsche Welle said that this caused many national institutions around the world to be paralyzed, supermarkets were closed, flights were cancelled, hospitals were unable to retrieve patient records, and TV programs could not be broadcast normally. After the incident, Kurtz, CEO of the US computer security technology company "Crowdstrike", apologized, saying that the fault had been identified and repaired, but "some systems may take some time to resume operation."

According to the British Independent on the 21st, three days after the incident, dozens of holiday flights were canceled across the UK. Australian Home Affairs Minister Claire O'Neill said on the same day that Crowdstrike informed the Australian government that it would now update and launch a program to automatically fix the problem. However, IT experts warned that it may take weeks for the global technology infrastructure to fully recover.

Agence France-Presse said that the protagonist of the incident, Zhongji, became famous overnight. The company is headquartered in Austin, Texas, and listed in New York. It has been favored by investors recently. Its stock price has doubled in the past year and fell 11% on the 19th. According to reports, Zhongji is a leader in this field and has nearly 30,000 customers worldwide, including many Fortune 500 companies. Dan Ives, an analyst at Wedbush Securities, said: "Today, 'Zhongji' has become a household name, but this is not a good sign." He also said that fortunately, the problem was caused by software updates, not hacker attacks or network security threats.

According to Bloomberg, Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said on social media on the 20th that this was a major accident that had a serious impact on the operation of critical infrastructure around the world. Although the "Crowd Attack" company was not malicious, it was still a serious mistake. She said that the problem with this accident was not Microsoft, but any company engaged in software development should give priority to designing, testing and then delivering software to reduce defects.

Xiao Xinguang said in an interview with the Global Times on the 21st that the severity of the accident is not only the large number of devices affected, but also affects all customers who rely on these services, such as the paralysis of a large number of airlines. The accident cannot be recovered by restarting the system, and each node must be manually operated one by one, which is very time-consuming. The modern economy and society are highly dependent on digital infrastructure. Accidents in digital infrastructure will be transmitted and amplified in a chain, and will be superimposed on the physical space and social system, forming a domino-like disaster chain effect.

Agence France-Presse also mentioned this issue. The report said that although Crowdstrike launched a fix, many experts questioned the ease of the process. Ollie Buckley, a professor at Loughborough University in the UK, said: "While experienced users can implement the workaround, it is unrealistic to expect millions of people to do so."

'China is largely unscathed'

"While much of the world is struggling with the 'Microsoft Blue Screen', China has largely escaped unscathed," the BBC reported on the 20th. The reason is simple: Zhongji's software is rarely used in China. The faults reported by Chinese users mainly come from foreign companies or organizations, such as being unable to stay in foreign-owned hotels in Chinese cities.

The South China Morning Post reported on the 21st that after the "Microsoft Blue Screen" incident, many Chinese cybersecurity companies spoke out, emphasizing the importance of using domestic security software. The article said that China's critical infrastructure was basically not affected by the incident, and China's efforts to be self-sufficient in science and technology in recent years have paid off. "Faced with increasingly stringent export restrictions and sanctions from the United States, Beijing is seeking technological self-reliance, and this incident has given Beijing more reasons to seek to get rid of foreign technology."

Xiao Xinguang said that looking at the world, the most significant thing in reducing the dependence of global technology on oligopolistic enterprises is the development and rise of national industries represented by China. Although most of the digital fields in China, especially in the fields of government and enterprise services and government and enterprise security, are still in the fragmented and small-scale production stage, China's Internet information industry system is developing rapidly. By learning from the experience of outstanding Chinese companies in the manufacturing, communications and other industries, and withstanding the pressure of foreign suppression and blocking, other countries in the world, especially developing countries, have an additional option in digitalization and network security protection. China's network security industry system already has a preliminary industrial foundation and can undertake this mission with the support of the state.

But this incident still has a strong warning significance for China. Xiao Xinguang said that domestic government and enterprise organizations have a huge user base of Windows hosts. We were almost unaffected by such a large-scale incident because Chinese users can choose their own security products. For the Chinese cybersecurity industry, although this disaster occurred overseas, we cannot think that we have passed the test. The real risks that we need to deal with are still lurking in the near future. "This incident also made the domestic government and users realize the great significance of China's cybersecurity industry and technological self-reliance."

How to avoid the perfect storm

Singapore's Lianhe Zaobao reported on the 21st that cybersecurity experts said the incident once again exposed the risk of global technology relying on a few companies. As more and more activities are carried out on cloud computing or a few applications and platforms, discussions have emerged about Internet giants controlling the increasingly digital global economy. In an interview, Chopra, director of the U.S. Consumer Financial Protection Bureau, said that a few large cloud companies now play an important role in the economy. "I think this time we have just tasted some of the potential impacts of the financial sector and the entire economic sector relying on a few cloud companies and other critical systems." Reuters mentioned that Microsoft and "Crowdstrike" both have extremely high market shares, and the market is also very dependent on their products. The outage on the 19th occurred in such a "perfect storm."

Regarding how to balance the concentrated risks caused by large companies or everyone using the same system, Xiao Xinguang analyzed that behind all monopolies is oligopolistic capital. The rapid development and rise of "CrowdStrike" to become the second largest security company in the United States by market value has its own characteristics and leading advantages in products, technologies, services, etc., but it is also the result of continuous empowerment and promotion by international financial and industrial capital.

Lianhe Zaobao quoted industry insiders as saying that although most companies do not have alternatives to Microsoft, they do have alternatives in terms of security. This incident may prompt many companies to reconsider which security products they should use and whether they need to adopt different products to prevent such incidents.

"Lessons must be learned," the British newspaper The Guardian wrote, saying that the good news about the "epic IT crash" that temporarily brought the Western world to a standstill was that it was the product of human error, not a "cyber attack from Russia." The article said that if a mistake by a technology company could cause such damage, imagine what "a determined adversary" would do. "This mistake by CrowdStrike should trigger a reassessment of our cyber world."