Microsoft outage disrupts aviation in India; other services unaffected

Cascading effects of the IT outage spooked equity investors in India and played part in nearly a Rs 8 trillion market capitalisation wipe-out, said analysts. Though National Stock Exchange and BSE issued statements that it was business as usual for them, global exchanges like the London Stock Exchange and Singapore Exchange witnessed disruptions.

In India, many Windows users faced a “blue screen of death” error while booting up their machines because of the issue. The issues coincided with disruptions of Microsoft’s Azure cloud and 365 office software services.

The impact was, however, limited to enterprises in India that were using the services of Crowdstrike, a security services firm.

The Indian financial and payments systems remained largely unaffected, though the Reserve Bank of India said about 10 banks and NBFCs faced minor disruptions which have either been resolved or are being fixed.

A Microsoft spokesperson said: “Earlier today, a Crowdstrike update was responsible for bringing down a number of IT systems globally. We are actively supporting customers to assist in their recovery.”

In a post on X late in the evening, Microsoft CEO Satya Nadella wrote: “We are working closely with Crowdstrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.”

With the buzz on this being a cyberattack getting stronger, Crowdstrike’s global CEO, George Kurtz, in an X post said: “The issue has been identified, isolated and a fix has been deployed.” He stressed: “This is not a security incident or cyberattack.” 

It was later reported that a bug update caused by CrowdStrike’s Falcon Sensor led to malfunction and conflict with the Windows system.

This would be one of the biggest outages that have happened in recent times that impacted businesses across continents. The incident has put cybersecurity officials and the government on high alert.

Sundareshwar K, partner & leader-Cybersecurity, PwC India, said: “This is a black swan event impacting not just businesses but the overall national machinery, and underscores how safeguarding entities against risk involves much more than technology. This development highlights how it is a misnomer that enhanced technology deployment alone will help organisations become more secure and ensure business continuity.”

The government was quick to react to the situation and issued an advisory suggesting steps to resolve the issue.  IT Minister Ashwini Vaishnaw in a post on X said: “Meity is in touch with Microsoft and its associates regarding the global outage. The reason for this outage has been identified and updates have been released to resolve the issue.”

 The government’s apex cybersecurity agency — CERT-In — classified the severity rating as critical and suggested steps to manually override the glitch. 

Bhavish Aggarwal, founder and CEO of Ola Electric, said: “Outages are momentary with no deliberate intent to cause harm, and can happen once in a while to any company. But it represents an outcome that could also happen due to deliberate action by bad actors and intentions. And since 80 per cent of our data is stored outside India, we won’t be able to do anything. The government needs to recognise the risk of our data residing globally and bring more stringent data localisation norms and action to address these risks.”

Most of the IT firms said that they weren’t affected a lot and in several cases, the business disaster recovery (BDR) plan took care of the disruption. Some employees, IT firms said, did see a blue screen but that was resolved within a few minutes.  However, several employees on platforms, such as Grapevine, said that their systems were down for hours and work had stalled for the day.

Wipro’s CEO Srini Pallia, said: “Wipro has not been affected by the Microsoft outage. We are reaching out to every client that uses Crowdstrike and ramping up ourselves to help them.”

Emails sent to TCS, Infosys, HCLTech, and Tech Mahindra remained unanswered.

Cybersecurity experts said that information security vendors must be highly responsible for the quality of the updates they release.  “It is also important to adhere to the principle of a granular release of updates. This means that they are not distributed globally to all customers simultaneously, but gradually, so that in case of any unforeseen failure, it is possible to localise and fix it quickly,” said Alexander Liskin, head of threat research, Kaspersky.

 Car manufacturer Maruti Suzuki said it had to halt production at its facility for a short while due to the glitch. The company in its submission to the National Stock Exchange said that it did not anticipate any material impact on its performance.

Healthcare services in a few big hospitals were impacted. Apollo Hospitals and PD Hinduja Hospital said they remained unaffected by the outage, while Max Hospital and Fortis Healthcare revealed that their software applications used for patient care and other processes were impacted briefly.

Amazon Web Services’ health dashboard also faced connectivity issues. It was working on resolving the issues. 

 “We had to switch to manual processes to service our patients as an alternative mechanism. After implementing the recovery process provided by Crowdstrike, our systems have been fully restored, and we have resumed regular operations,” said a Max Healthcare spokesperson.

(Ashutosh Mishra, Deepak Patel, Shivani Shinde, Sohini Das, Subrata Kumar Panda, and Khushboo Tiwari) 

First Published: Jul 19 2024 | 11:56 PM IST