How the CrowdStrike global technology outage affected colleges
Harun Ozalp/Anadolu/Getty Images
colleges and universities were and continue to be affected by massive technology outages caused by an update to CrowdStrike, a cybersecurity software, on Friday. Many U.S. institutions are currently on break, but some had to cancel summer classes Friday after the outage shut down networks and Microsoft computers.
Two institutions in Texas, Texas A&M University and the University of Houston at Victoria, canceled classes in the wake of the outage. Even so, Texas A&M’s leaders wrote in a message to campus that the campus remained open and a new student event would go forward as planned. The university instructed IT resources to prioritize supporting that event through the outage. Late Friday afternoon, the university announced that 81 percent of its servers had been restored and classes would resume as normal today.
Websites that run on Microsoft’s cloud software went down as well. Del Mar College, a community college located in Texas, said in a post on X that the outage had shut down its online student portal, WebDMC, where student academic and financial records are stored.
Higher ed institutions aren’t alone; industries around the world experienced significant difficulties due to the outage. Several major airlines, banks and even emergency services had to shut down temporarily, in what experts have called one of the largest and most debilitating outages in history. In the wake of the incident, IT professionals are urging companies to implement solutions that might make them less vulnerable in the future.
In some cases, institutions’ online learning arms were impacted more than their in-person campuses. The University of Arizona’s chief information officer, Barry Brummund, told Inside Higher Ed that while the university’s “enterprise information technology services have not been impacted by [Friday’s] global technology outages,” its online institution, the University of Arizona Global Campus, “experienced issues with employee workstation logins, which they are working to resolve.”
Though CrowdStrike released a solution to the shutdowns within hours of the flawed update, the process is too complicated for many who aren’t IT professionals, according to Dominic Sellitto, a professor of management science and systems at the University at Buffalo. As a result, many institutions have requested that employees bring their devices to the campus IT team for fixing. The outage will most likely have the direst effect on universities where faculty and staff work remotely and can’t easily get their computers looked at in person, he said.
“A lot of the organizations that took the most time to resolve and are still trying to resolve are the ones that had dispersed computing environments, work-from-home employees and things like that,” Sellitto said. Some companies have even had to send their remote employees new devices and asked them to ship back their current devices to be repaired, he noted.
There is no way to fix the problem en masse, meaning that on a campus with thousands of impacted devices across various classrooms, computer labs, offices and libraries, it could take the IT team many hours to resolve the problem on every computer. In its update Friday afternoon, Texas A&M shared that 2,800 out of 10,000 workstations had been restored.
Luckily, students were less likely to be impacted by the outage on their personal computers, as the technology that caused the outage, a CrowdStrike product called Falcon, is generally targeted at organizations and companies rather than individual consumers.
University medical systems were among the many hospitals also affected by the outages. The University of Rochester Medical Center posted on X that “multiple computers that support clinical functions are down,” adding that some urgent care facilities, lab draw stations and patient call centers would open late. The University of Miami Health System announced on Facebook that it would do everything by paper and pen until its computers came back online. Others, including Penn Medicine, the University of Pennsylvania’s hospital system, paused nonemergency appointments altogether.
Lessons for the Future
Even though academe was impacted less severely than other industries, there are still lessons university IT leaders can take away to avoid being debilitated by future outages, Sellitto said.
The reason the outage impacted so many computers worldwide is because many companies that use CrowdStrike downloaded the Falcon update automatically. Typically, it is IT best practice not to automatically download software updates for this very reason: to avoid inadvertently downloading something that could be flawed, according to Sellitto. But IT professionals often set this rule aside when it comes to cybersecurity software, as updates to those technologies aim to address the latest security threats.
“A lot of companies go, ‘No, no, no, the risk of a hack supersedes the risk of an update,’” he said.
Institutions would be wise to re-evaluate that mindset and think critically about how to resolve what he called a “tug-of-war” between this best practice and cybersecurity worries.
He also said that the outage has prompted more companies to consider how they can continue to operate even if their computers are down.
“Organizations are increasingly going to need to focus their efforts on this concept that we refer to as business continuity,” he said. There needs to be a “fallback.”
(This story has been updated to remove the Rochester Institute of Technology as an example; their temporary technical issues were not related to the CrowdStrike outage.)
link