When China and Apple are "immune" to global network incidents

The CrowdStrike incident is a costly reminder of the dark side of technology, even software designed to protect us can become a source of unpredictable risks.

In the early morning of July 19, a serious technical incident caused the Microsoft 365 system to be paralyzed on a large scale, affecting a range of large and small organizations worldwide, from banks, airlines, television stations to healthcare systems.

This incident caused widespread chaos, with thousands of flights and rail services canceled, including more than 1,800 flights unable to take off in the U.S. alone. Additionally, many public and retail services were also disrupted, significantly impacting people's lives.

The initial cause was identified as a technical issue arising after the global cybersecurity company CrowdStrike conducted a software update. According to information from Microsoft shared with CBS News: "CrowdStrike's update inadvertently caused some IT systems worldwide to crash."

The dominance and risks from software "giants"

Founded in 2012 by a former director of the renowned antivirus software company McAfee, CrowdStrike quickly rose to become one of the leading names in the field of next-generation security. Known for its strong protection against ransomware and other cyber attack threats, CrowdStrike is trusted by most major corporations worldwide. However, the recent serious incident has exposed the downside of this dominance: a faulty update from CrowdStrike caused widespread paralysis affecting the operations of countless customers from corporate banks to healthcare systems.

The stock market reacted quickly to this incident, with CrowdStrike's shares plummeting by 15% in trading on the New York Stock Exchange, wiping nearly $8 billion off the company's market value. The incident raised alarm bells about the risks of over-reliance on a single software provider. CrowdStrike currently controls 18% of the market share in the $12.6 billion endpoint protection software market, second only to Microsoft with 25.8%, according to data from market research firm IDC. This means that a small error from CrowdStrike could have far-reaching consequences for numerous organizations worldwide.

The clearest evidence was the chaos at airports, as the systems of many airlines were paralyzed. According to Reuters, many airlines had to switch to manual check-in for passengers and even allowed passengers to board with just printed electronic tickets. This large-scale network outage once again showed that many organizations, whether large or small, are still not well-prepared for emergency situations when technology systems fail. Over-reliance on a single software provider can become a fatal weakness, making organizations vulnerable to unexpected incidents.

When CrowdStrike's guardian inadvertently caused a global incident

According to Bloomberg, the security software provided by CrowdStrike operates on a completely different mechanism compared to traditional antivirus software. While older software focuses solely on detecting signs of malware that have become outdated against increasingly sophisticated cyber attacks, CrowdStrike has developed advanced endpoint detection and response (EDR) technology. EDR works by continuously scanning computer systems to detect any suspicious activity and automatically respond. To do this, the software needs deep access permissions to the operating system, allowing it to intervene in system operations.

However, this extensive intervention capability suddenly became a double-edged sword in the effort to protect the system; EDR can also inadvertently cause serious errors. The global network outage on July 19 was an example. CrowdStrike confirmed that a faulty software update caused millions of Windows computers in companies and governments worldwide to crash, displaying the infamous blue screen of death. Although CrowdStrike asserted that the incident was due to an error in the update for Windows servers and not a cyber attack, the consequences it caused were extremely serious.

Although it is considered an effective solution against ransomware, the high cost, which can exceed $50 per machine, has prevented EDR from being deployed on all devices within an organization. Instead, it is only installed on the most critical computers that hold key data and applications. This means that when these VIP computers encounter issues, the entire system will be severely affected. According to Bloomberg, the ability to quickly recover from the incident depends on whether CrowdStrike can automatically deploy a patch. If not, restarting each computer will be an incredibly time-consuming and labor-intensive effort.

In an interview with CNBC, CrowdStrike CEO George Kurts stated that the company is working to automate the patching process as many customers are struggling with manual methods. However, according to cybersecurity professor Alan Woodward from the University of Surrey, organizations affected from banks to airports may take several days to return to normal operations. Professor Woodward warned about the scale and severity of the incident, imagining ransomware simultaneously attacking the largest organizations in the world, such as ports, hospitals, and train stations, all paralyzed at the same time due to a small file; the economic consequences would be enormous.

The CrowdStrike incident is a costly reminder of the downsides of technology; even software designed to protect us can become a source of unpredictable risks. When closed ecosystems bring unexpected benefits, although the incident caused by CrowdStrike affected millions of computers worldwide, it is noteworthy that the error only appeared in the update for Windows servers. This means that Mac and Linux servers were completely unaffected. According to Dan Ives, an analyst at Wedbush Securities, the fact that 2.2 billion Apple iOS devices remained unscathed during this cybersecurity incident is a clear testament to the advantages of the closed ecosystem that the company pursues.

Everything is tightly controlled within the four walls of Apple Park, Ives shared with CNBC. Unlike Windows, Apple's operating system is designed to be closed, with absolute control resting with Apple; from iPhones, Macs to all other products, Apple directly manages the security and software update processes. In contrast, Windows has a more open ecosystem, leading to more frequent updates and a much larger software library compared to Apple. Linux, with its separate operating system, was also unaffected by the CrowdStrike incident, confirmed CEO George Kurts. Ironically, the closed nature, often criticized for limiting user experience, became a steel shield protecting Apple in this case. Unlike Microsoft, Apple rarely collaborates with third parties like CrowdStrike; according to Ives, this helps Apple minimize reliance on external cybersecurity companies, thereby reducing risks when incidents occur.

China immune to the global incident

Although China has made remarkable strides in technology, Microsoft's Windows operating system still holds a dominant position in this billion-person market. According to Rates of World, Windows currently accounts for up to 80% of the operating system market share in China. Because of this widespread popularity, the Windows error causing the blue screen of death quickly became a focal point on Chinese social media platforms like Weibo. Countless foreign business offices across the country have been severely affected by this rare incident.

However, alongside the inconveniences, a small number of employees expressed gratitude to Microsoft for inadvertently helping them end their workweek earlier than expected, even thanking Microsoft for the early holiday, which became a hot trend on Weibo along with numerous screenshots of the blue screen error. On Xiaohongshu, a social media platform similar to Instagram in China, many users complained about difficulties in checking in at international hotels like Sheraton, Marriott, and Hyatt in many major cities. But surprisingly, China's public services were hardly affected by this global network outage; Microsoft's website and social media channels in China did not issue any emergency announcements.

As of 6 PM local time that day, there were no reports of infrastructure incidents in China, while many airports in the Asia-Pacific region, from Hong Kong to Australia, reported operational disruptions. The South China Morning Post noted China's remarkable immunity to the global internet incident, indicating that the country has minimized its reliance on Western service providers like Microsoft or CrowdStrike.

In recent years, China has implemented a systematic strategy, encouraging government departments and critical infrastructure operators to replace foreign hardware and systems with domestic products from tech giants like Alibaba, Tencent, and Huawei. This is a testament to China's strategic approach to foreign technology operations. Josh Kennedy White, a cybersecurity expert in Singapore, noted that in China, Microsoft operates through a local partner, 21Vianet, which is responsible for managing services independent of the global infrastructure. This setup has helped essential services in China, such as banking and aviation, avoid widespread disruptions.

Users who liked