Business

How a single failure can take down a fragile web of global commerce

Pinterest LinkedIn Tumblr

A software failure in the web that makes up the global supply chain threatens to disrupt daily commerce for an indefinite period, showing how widespread reliance on the same system can create a worldwide crisis when that system goes down.

It was still not known Friday morning how long it would take to address the issue, which cybersecurity firm CrowdStrike attributed to an improperly executed update on Microsoft systems.

Although Microsoft itself was not directly responsible for the outage, the worldwide reliance on a single common operating system and a major cybersecurity company, while useful when everything is running smoothly, creates the potential for a single point of failure to take down the entire planet, experts say.

In addition to many major airlines being unable to clear flights for takeoff, everything from port authorities and train systems to hospitals and banks were affected.

Wesley Miller, a research analyst and former Microsoft employee who writes about IT issues, said the outage shows the price of interconnectedness and the dangers of market concentration.

Not only was there an overreliance on Microsoft, he said, but Friday’s outage could also be blamed on the consolidation of vendors in the cybersecurity space. Backed by Google and one of the most valuable cybersecurity firms in the world, CrowdStrike has made a number of strategic acquisitions in recent years.

“At end of the day, everyone is operating with one thing, and they’re trying to move faster than bad guys to avoid getting attacked,” Miller told NBC News.

Miller also placed some blame on the lingering staffing challenges created by Covid.

“Teams everywhere are really stretched thin; IT staff, testing staff, everyone is pulled to their max,” he said. “Everyone is still pretending everything is fine, when there’s been massive changes all around us.”

Ironically, high-profile examples of companies not affected by the outage have previously faced their own issues because they weren’t using state-of-the-art technology. Notably, Southwest and Frontier airlines appeared to be the only large U.S. air carriers operating without incident Friday. Two years ago, Southwest’s entire system shut down as a result of its reliance on an antiquated scheduling system.

“This will happen and keep happening as long as everything is built around fragile supply chains where the same companies turn up time and time again,” Jennifer Cobbe, assistant professor of law and technology at the University of Cambridge, posted on X Friday.

“This means no resilience: One of them goes down, potentially everything goes down — with widespread and unforeseeable consequences.”

The speed at which companies must now move to compete with one another creates inherent instability, Miller said.

“We’re clearly operating faster than the systems we’ve built can handle,” he said. “We need to start taking a look at more fail-safes.”

Miller is not optimistic they will be easily implemented.

In the wake of the pandemic, there was a great amount of discussion about how to make global supply chains more resilient. In 2021, President Joe Biden held what was billed as the Summit on Global Supply Chain Resilience alongside European Union nations and 14 other countries. Last fall, the White House released a new issue brief on the topic, noting: “Economic research has long been clear that deeply intertwined supply chains can turn micro disruptions into macro-level effects.”

The brief noted that the Bipartisan Infrastructure Law, the Biden administration’s CHIPS and Science Act and the Inflation Reduction Act were all designed to help boost supply-chain resiliency.

But Miller believes companies’ requirements to maximize profits means the global commerce system will continue to be vulnerable indefinitely, he said.

“There’s so little shareholder value in taking a little extra time to do the right thing,” he said.

This post appeared first on NBC NEWS