Tech Outage in UAE: How the CrowdStrike Crash Disrupted Daily Life and What Comes Next?

It was not a cyberattack, but the world nearly came to a standstill after a massive IT outage wreaked havoc on computer systems worldwide on Friday.

Planes were grounded, airports crowded with passengers waiting for their flights, ATMs ceased dispensing cash, supermarkets and petrol stations declined digital payments, and companies were forced to reboot after their computers crashed, displaying only the so-called 'blue screen of death'.

The system glitch stemmed from a defect found in a single content update for Microsoft Windows. The Falcon Sensor by US-based cybersecurity technology firm CrowdStrike, supposedly “purpose-built to stop breaches and prevent all types of attacks”-- including malware and more -- caused the outage. Systems restarted or shut down automatically.

George Kurtz, CrowdStrike CEO, has apologised for the global outage. “This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed," he said in a post on social media platform X on Friday.

Microsoft stated it had fixed the underlying cause of the outage that affected its 365 apps and services, while Mac and Linux hosts were not impacted.

How Bad Was the Situation?

Air travel was the most severely affected, with airports and major airlines around the world reporting delays following issues with their system networks.

According to preliminary data released at 2 pm on Friday (UAE time) by aviation analytics company Cirium, out of more than 110,000 scheduled commercial flights that day, 1,390 were cancelled globally, and the numbers were rising.

Across Asia, airports in Singapore, Bangkok, Hong Kong, India, and Manila were among those affected, with long queues seen at check-in counters. Major US air carriers, including Delta, United, and American Airlines, also grounded all flights, according to the US Federal Aviation Administration.

Bank transactions, hospital services, and financial markets were also disrupted.

How Was the UAE Affected?

Some online services by the UAE Government were affected, and Dubai International Airport (DXB) confirmed that their operations were temporarily impacted.

UAE residents, however, were assured that no hacks or cyberattacks were detected amid the large-scale technical failure on Friday. The UAE Cyber Security Council issued an alert urging users of CrowdStrike software to be wary of any software updates.

The Dubai Electronic Security Centre (DESC) also issued a statement assuring that it "acted quickly to avoid any impact on Dubai government services".

The General Civil Aviation Authority (GCAA) said the global technical glitch “had minor impacts on the operation of the country's airports and airlines. Minor delays were reported in the check-in processes for a limited number of flights, as an alternative system was used by the airlines, allowing the check-in operations to resume normally.”

Some residents were surprised as they did not expect some shops to switch to "cash-only" payments due to technical issues. Those buying groceries or refuelling their cars had to scramble for instant cash as card payments were not working. Others were unable to withdraw from ATMs.

Dubai-based IT expert Rayad Kamal Ayub, managing director of Rayad Group, said: “Tech experts in the coming days will analyse if this was a cyberattack or a blunder on the part of the company to have deployed an update without following the complete protocols of testing.”

“This is a wake-up call for most governments and multinationals about their vulnerabilities. This is a case of complete dependence on one company for their cybersecurity requirements,” he underscored. “In the next few weeks and months, cybersecurity experts and security professionals will have to look at backup options if the enterprise software and cybersecurity company get compromised again,” he added.

Irene Corpuz, founding partner and board member at Women in Cybersecurity Middle East, said, “I can sense that CrowdStrike will be called by the US Senate to explain.” “It was not a cyberattack, but businesses and companies were heavily affected. Residents also felt the impact. The card payment system crashed in some stores, and not everyone is carrying cash nowadays,” she added.

Corpuz said tech companies normally do testing in a test environment before deploying patches in a live environment. “However, we do not know the case of the update on CrowdStrike and the patch management policy (methodology used to ensure hardware and software on a corporate network are regularly maintained) used before it was deployed to a live environment.”

One thing is for sure, as Ayub pointed out the irony of the situation: “What was supposed to be a protector for cybersecurity has compromised us.”

For any enquiries or information, contact ask@tlr.ae or call us on +971 52 644 3004. Follow The Law Reporters on WhatsApp Channels.