Today’s CrowdStrike outage has caused unprecedented disruptions in a number of sectors around the world, and there are also indications this could impact Canada’s tech sector.
The disruptions have grounded flights and disrupted hospitals, emergency services, and countless businesses. Troy Hunt, the cybersecurity expert known for creating the password-breach monitoring service HaveIBeenPwned, described the current disruption as “the largest IT outage in history.”
While it’s too early to quantify the impact on Canada’s tech sector, some organizations have reported disruptions.
The Business Development Bank of Canada (BDC), the Crown corporation that provides funding and consulting to Canadian entrepreneurs, announced on X (formerly known as Twitter) at 8:36 AM EDT that it was experiencing “some technology interruptions” owing to the CrowdStrike global outage.
BDC’s risk arm, BDC Capital, claims to be Canada’s largest and most active venture capital investor, with more than $6 billion in assets under management.
At approximately 11:30 AM EDT, BDC confirmed it was able to “manually execute transactions” and was prioritizing urgent disbursements scheduled for today. The Crown corporation instructed its clients to call their BDC representatives for more information.
“We have had no impacts to date,” Phil Taylor, director of communications at BDC, told BetaKit in an email statement. “We have been able to establish a workaround process to expedite urgent disbursements manually.”
RELATED: The Indigo hack is bad. Will AI make cyber threats worse?
Roy Pereira, CEO of Toronto-based Unified API Inc., noted on LinkedIn that his company was also experiencing interruptions. “Several of our top integrations were experiencing network issues this morning,” he noted. “We scrambled with a bunch of support tickets until we realized that it was ‘bigger than us.'”
The outage is also believed to have affected banks, but the extent of this impact to Canadian banks and their technology and innovation arms is not yet clear.
According to a report from The Globe and Mail, TD Bank experienced interruptions to its WebBroker online trading platform, while CIBC issued a notice to users of its online trading platform Investor’s Edge that quotes and research are temporarily unavailable due to the outage.
For its part, National Bank said in a statement to CBC News that it was aware of the issue, but noted its online and mobile services, debit and credit cards, and ATMs were “fully functional.”
BetaKit reached out to CIBC and RBC for information on whether the outage has impacted their respective innovation banking arms, CIBC Innovation Banking and RBCx. A spokesperson for CIBC told BetaKit the bank has seen no effect “as far as we know.”
‘A tiny failure is now an enormous one’
The global outage appears to have stemmed from a software update issued by cybersecurity firm CrowdStrike for Microsoft Windows operating systems. Earlier today, CrowdStrike’s CEO George Kurtz said a fix has been deployed, and Microsoft said the underlying cause has also been fixed.
“The system was sent an update, and that update had a software bug in it and caused an issue with the Microsoft operating system,” Kurtz told hosts of NBC’s Today show. “We identified this very quickly and remediated the issue.”
“If there’s a negative interaction with the way some of these operating systems work, in this particular case, it was only [the] Microsoft operating system that was impacted,” Kurtz added.
Also this morning, Microsoft said some users solved the CrowdStrike issue by rebooting their computers up to 15 times.
Some in Canada’s cybersecurity sector are beginning to weigh in on what may have led to today’s outage. Ian Paterson, CEO of Vancouver-based cybersecurity startup Plurilock, called the situation “very unfortunate” in an email to BetaKit.
“On the one hand, guidance from cybersecurity authorities like CCCS [the Canadian Centre for Cyber Security] and CISA [the Cybersecurity and Infrastructure Security Agency] push vendors and customers to adopt patches very quickly, as the average time for bad guys to exploit a vulnerability can be measured in minutes,” Paterson said.
“This causes other risks, as we’re seeing today, where fast deployment of updated software may cause glitches to the systems that vendors are designed to protect,” Paterson added.
When asked whether he feels the situation should have been prevented or may reoccur, Paterson said it is currently too early to say. “We need to look at the technical details once they become known,” he added.
It isn’t the first time we’ve seen hyper-connected systems fail. The SolarWinds incident in 2020 impacted 18,000 customers due to malicious code that allowed hackers to infiltrate the supply chain of SolarWinds.
In a post on X, Brian Klaas, associate professor in global politics at University College London, noted that the outage speaks to a systemic problem he has warned of in the past. “We’ve engineered social systems that are extremely prone to catastrophic risk because we have optimised to the limit, with no slack, in hyper-connected systems,” Klaas wrote. “A tiny failure is now an enormous one.”
With files from Alex Riehl and Douglas Soltys.
Feature image courtesy freeimageslive.co.uk