Home Affairs Minister Clare O’Neil says it may take one to two weeks to get all affected sectors back online following Friday’s major IT outage, caused by a software update by global cybersecurity firm CrowdStrike.
The update triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as health care or banking.
“There has been a huge amount of work over this weekend to get the economy back up and running,” Ms O’Neil said.
“However, it will take time until all affected sectors are completely back online. In some cases, we may see teething issues for one or two weeks.”
There was no impact on critical infrastructure and government services, and triple-0 and emergency services remained “completely operational”, Ms O’Neil said.
The minister confirmed the National Coordination Mechanism and CrowdStrike had convened for another meeting on Sunday morning to discuss the ongoing issues caused by the outage.
“CrowdStrike informed the meeting this morning that they are now close to rolling out an automatic fix to the issue with their update, as is Microsoft. This should increase the speed at which systems across the economy are back online,” Ms O’Neil said.
While some supermarkets were still experiencing issues, there was no fear of food shortages and no need to stockpile, she said.
Ms O’Neil warned the public to be “extremely cautious” of scammers trying to capitalise on the outage.
“Examples that have been reported include people posed as airlines offering to resolve issues with delayed flights and criminals posing as technical support offering to fix affected technology,” she said.
She urged people to look after vulnerable people in their circles, including elderly relatives, and to report any suspicious emails, texts or calls to Scamwatch.
Microsoft estimates about 8.5 million computers around the world were disabled by the outage.
In a statement, Microsoft estimated the error affected 1 per cent of Windows computers worldwide.
It is the first time a number has been put on the incident, which is still causing problems globally.
CrowdStrike caused the chaos when it sent out a corrupted software update to its customers, sending computer systems crashing.
Companies and consumers are now being warned criminals could try to take advantage of the confusion by making bogus offers for so-called “fixes”.
The number given by Microsoft means it is probably the largest-ever cyber event, eclipsing all previous hacks and outages.
The National Co-ordination Mechanism — made up of government agencies and representatives from affected sectors — is meeting to discuss the next steps in Australia’s “recovery stage” of the outage.
Assistant Energy Minister Jenny McAllister said work was ongoing between the government and sectors hit by the outage to ensure they were back up and running.
“We are still in a recovery stage … there is still more work to do to make sure that the residual issues arising from this outage are able to be addressed,” she told Sky News on Sunday.
“There will be an opportunity in time to reflect on what’s occurred over the last couple of days, whether it exposes vulnerabilities that we are able to address.”
Most companies affected by the outage were operational again by Saturday.
Australian Chamber of Commerce chief executive Andrew McKellar said businesses were unlikely to receive money for the loss in productivity.
“For many businesses, it’s going to be very difficult to secure direct compensation, but obviously, that’s something that should be looked at,” he said.
“If there are ways to consider how that might be evaluated, then obviously that’s something that should be on the table.
“It is a reminder, regrettably, for a lot of businesses this is going to be water under the bridge, it’s going to be a learning experience.”
David Cullen, from the Australian peak body for cybersecurity executives CISO, said the federal government should consider a review of cybersecurity and software systems in the wake of the outages.
Loading…
He said lessons must be learnt to ensure similar vulnerabilities were prevented.
“Once our systems and services are back to normal across the country, governments and private industry should really take the opportunity to learn as much as we can from this event to understand how we improve that national resilience and how we can reduce the risk of further disruption like those we’ve just experienced,” he said.
However, Oxford University management professor Ciaran Martin, a former chief executive of the UK’s National Cyber Security Centre, said many governments would be powerless to take steps to prevent such breakdowns “because we have become dependent on a very American version of technology”.
Shadow treasurer Angus Taylor said CrowdStrike’s failure was a warning to businesses and governments to have redundancies ready, noting the consequences could have been more dire if Australia’s adversaries launched an attack of a similar scale.
“What it certainly shows us is that our challenges in this space, enemies and challenges more broadly, they are hard and we’ve got to be continually at our best,” Mr Taylor said.
“Government and businesses have got to get smarter and better at being able to deal with these situations, that might mean having redundancy, that might mean ensuring you have got alternatives, it certainly might mean not having one organisation or one company with too much market share.”
Home Affairs Minister Clare O’Neil said yesterday that while the tech outage was caused by a mistake, bad actors had been seeking to capitalise on the failure.
Government cybersecurity agencies across the globe and CrowdStrike CEO George Kurtz are warning businesses and individuals about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage.
“We know that adversaries and bad actors will try to exploit events like this,” Mr Kurtz said in a statement.
“I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”
The UK Cyber Security Centre said it had noticed an increase in phishing attempts around this event.
Microsoft cybersecurity executive David Weston said “hundreds of Microsoft engineers and experts” were working directly with customers to resolve the issues.
In a blog post, he also said such a significant disturbance was rare but “demonstrates the interconnected nature of our broad ecosystem”.
“As we’ve seen over the last two days, we learn, recover and move forward most effectively when we collaborate and work together,” he said.
Mr Weston, vice-president at the firm, said the outage affected less than 1 per cent of all Windows machines worldwide, but “the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services”.
CrowdStrike has helped develop a solution that will help Microsoft’s Azure infrastructure accelerate a fix, Microsoft said, adding that it was working with Amazon Web Services and Google Cloud Platform, sharing information about the effects Microsoft was seeing across the industry.
The air travel industry was recovering on Saturday from the outage that caused thousands of flights to be cancelled, leaving passengers stranded or grappling with hours of delays as airports and airlines were caught up in the IT outage.
Security experts said a routine update of CrowdStrike’s widely used cybersecurity software apparently did not undergo adequate quality checks before it was deployed.
The latest version of its Falcon sensor software was meant to make CrowdStrike clients’ systems more secure against hacking by updating the threats it defends against.
“What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through,” said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.
CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code.
ABC/wires
Posted , updated