What Can We Learn From the Recent CrowdStrike Debacle?

In the early morning hours of July 19, 2024, there was a major collapse of world commerce.

According to the company CrowdStrike, a defect in a content update to its Falcon cybersecurity defense software for Windows caused a world-wide crash that impacted many businesses, most notably the airline industry. According to Microsoft, the CrowdStrike IT outage affected 8.5 million Windows devices. This incident immediately resulted in work stoppages, stranded passengers, and lost revenue. No explanation has been given to justify releasing the software update without adequately testing it first.

The good news is that the Georgia-based restaurant Waffle House was not impacted![1]

What did the impacted businesses do? Unfortunately, some were paralyzed and unable to conduct business. Others instituted emergency protocols that allowed them to continue operating albeit in modified fashion. One interesting example was an overseas airline that switched to handwritten baggage claim tickets and boarding passes so that they could move passengers in spite of the computer crash. Personally, I was very lucky that my normal carrier successfully transported me out of Houston on time Friday night; although I did then spend five hours cooling my heels in Atlanta, I was very glad I did not have to rent a car, as many of my fellow travelers did, or have to wait until the next day for a flight home.

The millions of people affected by this major disruption of global commerce had one very simple thing in common—in some way, their lives were directly affected by their dependence on computers. In particular, the computers were dependent on Cloud-based resources that had stopped working.

What Is Your Level of Preparedness?

Seeing so many people face the so-called “blue screen of death” on their computers should give us all pause. Do you have any contingency plans for situations like this or other emergencies? Will your team members know how to keep your business operating? Ask your team these questions:

1. Do we have a plan in place to manage a general emergency? If not, what do we need to cement one?
2. Could our shop set up a truss without a laser?
3. What would happen if GPS systems went down? Could drivers find the delivery addresses?
4. What if our only finish roller went down?
5. Could we cut on a manual saw if necessary?
6. Do we have a way to output cutting without a terminal connection?
7. Do we have designs archived in more than one format?
8. Is our computer system or database vulnerable to malware attacks, bad actors, or other service interruptions?
9. Does our computer system have adequate backups of all our essential data? And, has anyone checked to see if our backed-up data can be restored?

Technology has helped us in many ways, but technology has also made us dependent upon computer systems. When those systems are compromised, whether it be by malware or power outages or faulty code updates, we should be able to figure out how to get back to work before we incur serious cost.

This is a great reminder that backing up job files is an important aspect of risk management. You must consider what you may need to maintain your production and operations. I may not want to go back to the days when I depended on a Rand McNally Gazetteer for my directions, but I know I still have several maps in my car. The maps may be outdated, but they would be better than nothing if ever needed.

Are you putting all your eggs in one basket? Is this a smart move? Through mergers and acquisitions, many companies have sought to centralize their entire structure, while others continue to operate as independent segments. Highly centralized companies can tout their presumed efficiencies, but looser networks may be better able to diversify their risk. What plans should you be considering to manage your risk?

An ANSI/TPI 1 3rd Party Quality Assurance Authorized Agent covering the Southeastern United States, Glenn Traylor is an independent consultant with almost four decades of experience in the structural building components industry. Glenn serves as a trainer-evaluator-auditor covering sales, design, PM, QA, customer service, and production elements of the truss industry. He also provides project management specifically pertaining to structural building components, including on-site inspections and ANSI/TPI 1 compliance assessments. Glenn provides new plant and retrofit designs, equipment evaluations, ROI, capacity analysis, and CPM analysis.