On July 19th, Microsoft's computer system crashed globally, also known as the "Blue Screen Incident," which could affect nearly millions of Windows devices worldwide, causing chaos in various industries such as airlines, banks, telecommunications companies, media, and healthcare.
Chinese enterprises have not been impacted by the blue screen incident
In the global shock wave brought about by the 'blue screen incident', Chinese companies have been less affected, and many industries have even remained calm.
According to aviation analysis company Cirium, there were approximately 110000 commercial flight plans worldwide on July 19th, and as of 11:00 UK Standard Time, 1390 flights have been cancelled.
Some airport operations have also been affected. For example, Hong Kong Airport announced on the afternoon of the 19th that due to a widespread malfunction in the Microsoft system, the self-service boarding facilities at Hong Kong International Airport have been affected, and airlines must switch to manual check-in procedures. However, flight operations have not been affected yet, and the airport has activated an emergency response mechanism. It is recommended that passengers arrive at the airport three hours before the flight departure to check in.
The first financial reporter learned that the Microsoft system crash was caused by the technology update of network security company CrowdStrike. CrowdStrike itself is a cloud based antivirus software that is not sold in China. Mainland Chinese airlines and airports did not purchase or deploy CrowdStrike this time, and flight operations and arrivals and departures were basically normal on that day.
In terms of the hotel industry, Zhao Huanyan, a senior hotel industry analyst and economist, said that Chinese local companies have not installed CrowdStrike, and local hotel companies such as First Travel Home and Huazhu have not been affected. However, many foreign-funded companies have installed CrowdStrike, and most of them are international hotel companies affected. Today, Marriott International Group, InterContinental Hotels Group, and others have publicly stated that their related businesses have returned to normal.
The head of information technology at a top tier tertiary hospital in Shanghai told First Financial reporters that CrowdStrike is mostly used by foreign companies in China and has limited impact on the medical industry.
The domestic software industry has its own system
The first financial reporter learned from multiple domestic airlines that the security products used by state-owned airlines are mainly domestically produced, such as antivirus software 360 (enterprise version called Tianqing). Currently, they have not encountered similar blue screen incidents, but sometimes they encounter blue screen phenomena when using Microsoft's patch upgrades.
It's the first time I've heard of such a serious impact like yesterday. The company now requires control patch upgrades and will not upgrade them uniformly, "another domestic airline's operations control personnel told reporters." In addition, most of the systems that state-owned airlines need to use during operation have been replaced by domestic ones, and some of our company's key systems are running dual systems simultaneously, such as flight planning, domestic self-developed systems, and foreign systems used in parallel
For the problems that occur at the airport check-in end, the check-in and departure systems of mainland airlines are provided by China Aviation Information Corporation, which is a state-owned enterprise specializing in air transportation and tourism information services.
A person from AVIC Information told reporters that currently the company mainly uses Linux system for producing server side, and there is almost no Windows series. Similar to the problem that Microsoft encountered yesterday, the probability of it happening on Linux is relatively low. "The services on Linux are all started by themselves. You know whether you have started them, what they have started, and what the service is for. If there is a problem, it will be quickly located. In complex systems, locating the fault often takes 80% of the time, and solving the problem may be simple
Prevent the recurrence of blue screen incidents and prepare multiple measures to diversify risks
After the Blue Screen incident, CrowdStrike's US stock closed down 11% at $304.96 per share, with its market value evaporating nearly $10 billion overnight, marking its worst single day performance since 2022. Analytical agency Marsh& McLennan Companies states that over 75 customers may file claims for network failures due to the global collapse of CrowdStrike.
Although the local software industry is developing rapidly and becoming increasingly self-contained, helping Chinese companies avoid the impact of the blue screen incident, industry insiders remind that the prevention and control of computer system risks should not be taken lightly, and continuous improvement and enhancement are needed.
For enterprises with certain strength, industry insiders suggest deploying multiple parallel systems as backup to avoid a situation of complete annihilation.
Kingsoft Antivirus security technology expert Wang Xin told First Financial reporters that it is still difficult to completely avoid similar security incidents. In terms of cloud service application systems, risk diversification settings should be implemented, such as servers being supported by different systems, including Windows, Linux, Mac systems, etc.
He Yisheng, the director of Shanshi Network Technology Security Technology Research Institute, also mentioned in an interview with First Financial News that it is recommended that enterprise terminal data be backed up regularly; Enterprises with a large number of computers can use software from different suppliers or even different operating systems in different regions to avoid the complete destruction of all terminals in the event of supply chain attacks or similar failures.
Wang Liejun, a cybersecurity incident response expert and head of the Threat Intelligence Center at Qianxin, said that especially in the era of cloud computing, the challenges faced by business system stability will be more severe than ever before. Users who have high stability requirements for their business can use multiple suppliers as backups to avoid single point of supplier failure. They can also conduct emergency drills for failures and have contingency plans and rollback measures for such scenarios.
It is not common for a company to purchase services from multiple security providers, which involves high costs. Pei Zhiyong, Director of Qianxin Industry Security Research Center, believes that the key is to have disaster recovery backup, and the system should have a backup plan that can quickly restore to an initial state or to a backup state when an emergency event occurs.
China's security level three or above systems require quick recovery when there is a problem. "Regardless of the reason, even if the device is directly damaged, the system must be quickly restored. In this case, there is actually a system with disaster recovery, and now the more advanced one is hot backup. When the system encounters a problem, the backup system can be quickly called up through hot backup, so that business can be quickly restored," said Pei Zhiyong.
An aviation industry insider pointed out that "backup includes the concept of multiple levels. First, backup business data. If the system crashes, my business data will not be lost. Second, there is hardware backup. If one is broken, it can be immediately replaced by another. Enterprises need to adopt different backup strategies according to different system levels and structures. Important systems need to have backups and redundancies. For example, the biggest feature of the China Aviation Information Departure System is local backup at large airports, simulating the disconnection between the airport and the outside world. It can also timely transmit passenger data information to the local area to ensure that passengers who have purchased tickets can apply for boarding passes and board the plane
The cost involved in disaster recovery backup will be significant, which may lead to some existing enterprises not setting up this system due to insufficient budget or attention. Security requires investment. When there are no major issues, some companies may not be willing to invest, but now that we can see more serious risks, we need to invest, "Pei Zhiyong reminded.
The blue screen incident this time was caused by CrowdStrike's software update dragging down Microsoft's operating system. Industry insiders suggest that caution should be exercised and risk response plans should be prepared for software updates that may have a global impact.
Zhao Hongbing, General Manager of AsiaInfo Security SaaS Product Department, said in an interview with First Financial reporters that at the technical level, this incident illustrates the risks faced by software updates and configuration management simultaneously on a global scale, especially when it affects enterprises and critical infrastructure. Any minor configuration errors or update failures can lead to serious consequences.
Therefore, enterprises need to take preventive measures. Any important software updates or system configurations must undergo a rigorous testing and evaluation process before being fully deployed. The IT team of an enterprise should remain highly vigilant during the update process, and important updates must be thoroughly tested in a controllable environment to ensure that all changes have sufficient security and backup plans before being launched, and to ensure that each update is as cautious as the first to prevent potential risks.
Network security experts also told First Financial reporters that in the future, on the one hand, the responsibilities of cloud infrastructure manufacturers, operating system manufacturers, and basic software manufacturers should be further clarified, and they should be required to improve software quality and strengthen the management of testing and release processes; On the other hand, for customers in various industries, emergency plans for extreme scenarios should be prepared in advance, and if conditions permit, testing should be conducted before deployment.
Zhao Hongbing believes that the Microsoft blue screen incident has also prompted the industry to reflect deeply and accelerate the pace of information and innovation, from basic operating systems to top-level applications, to build completely autonomous and controllable capabilities. (End)