An unprecedented IT outage caused by a simple software update that brought down businesses and services across the country has demonstrated how vulnerable Australia's security infrastructure can be to malicious attacks.
Banks, media outlets, airports, supermarkets, retailers, government facilities and even hospitals were left in turmoil by the power outage, which occurred shortly after 3pm (Australian Eastern Standard Time) on Friday.
Australian authorities confirmed that the outage was linked to major cybersecurity company CrowdStrike and was not the result of a malicious cyberattack.
While many breathed a sigh of relief that no malicious actors were responsible for the incident, cybersecurity experts warned that the incident exposed a vulnerability in the country's IT systems.
And not just in Australia, but worldwide. Companies all over the world are affected in the same way.
“This is not just a mistake or an error. This is the worst thing that can happen,” said Richard Buckland, professor of cybercrime at UNSW's School of Computer Science and Engineering.
“This is more serious than a cyberattack because it shows that our systems are not even protected against randomness.”
Nigel Phair, a professor of cybersecurity at Monash University, described the incident as “unprecedented in its scale” and said the outage highlighted organisations' dependence on the internet and related online technologies.
The system failure forced the federal government to convene a short-notice emergency meeting of the National Coordination Mechanism on Friday evening.
“Crowdstrike attended the meeting and we can confirm that there is no evidence to suggest that this was a cybersecurity incident,” Home Office Secretary Claire O'Neil said on Friday evening.
“This is a technical issue caused by a Crowdstrike update for its customers.”
The company said it has released a fix for the issue that will allow affected companies and organizations to restart their systems.
Ms O'Neil said Crowdstrike had told ministers that most of the issues should be resolved by the solution they provided.
“But given the scale and nature of this incident, it may take some time to resolve,” she said.
Prime Minister Anthony Albanese said there had been no impact on critical infrastructure, government services or emergency supplies as of 7pm on Friday.
Nevertheless, numerous flights were cancelled across the country, hundreds of people were stranded at airports and many shoppers were forced to leave their shopping carts full of goods at supermarket checkouts.
Crowdsourcing website Downdetector listed Telstra, Microsoft, Google, Foxtel, National Australia Bank, ABC, Uber, ANZ and Bendigo Bank as companies affected by outages.
Qantas, Virgin Australia and Jetstar, as well as police forces across much of the country and the federal and NSW governments were also affected.
Cash registers in stores such as Coles and Woolworths were unable to process customer transactions, leading to the closure of at least six Woolworths stores.
The financial costs are expected to be tallied up by economists over the weekend as they estimate the amount lost to businesses.
George Kurtz, CEO of Crowdstrike, said the company is continuing to work with customers “affected by a defect found in a single content update for Windows hosts.”
“This is not a security incident or cyber attack,” he said in a statement.
“The issue has been identified, isolated, and a fix has been deployed.”
He confirmed that only Microsoft systems were affected.