Y2K finally came — albeit it was called Crowdstrike

Posted on by Gerlinde Zibulski

And it came more than 24 years later.

When I was really young (:-)!) right before I graduated from university, I worked as a student intern and Y2K project assistant for an aircraft supplier producing emergency turbines. The year was 1998. Y2K was all over the place including dooms day scenarios. The whole shebang, but that’s probably the story for another blog.

The Y2K dooms day scenarios about what could and would go wrong were far and wide and dominated the news reports. No flights would leave an airport. Trains would collide having received wrong signalling. The waterworks would stop, so you better had a big supply of water at home. Phones would not work, so no checking in with family and friends, etc etc.

The millennium arrived and — nothing happened.

A few weeks ago, Y2K finally came. Due to a bug in an update to a cloud computer software called Crowdstrike, vast system outages happened leaving air travellers stranded for days, people in distress were unable to call emergency or even worse urgently needed operations had to be cancelled… Apparently an input mismatch caused servers to crash. Seems as if the crowd was struck by Crowdstrike.

Puzzled employees and system admins were left with blue screens. Luckily, a mitigation was quick at hand. All you had to do was delete a single file. Unfortunately spreading the good news without email access and an accompanying explanation how to boot your Windows computer in safe mode was not that easy. That of course only brought the windows computers out of their blue screens. For the affected Crowdstrike sensors, recovery of bit locker keys and whatnot open this link and scroll down to the remediation part.

Although the vendor develops software securely and thoroughly tests updates before release, a simple bug and not an evil hacker brought the world to a standstill.

What should customers learn? Here is a small set of suggestions: Having a disaster and recovery plan is key. This plan should be tried and executed on regular intervals. Switching quickly to fall-back or backup systems that do not contain the latest updates. Offering quick access to additional laptop computers for end-users.

And lastly a golden oldie: Read the terms and conditions carefully. Crowdstrike recommended to not operate its software in critical infrastructures. It’s written in ALL CAPS font for a reason.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.