Microsoft’s global sprawl comes under fire after historic outage (2024)

The system failure ricocheted across the globe, as credit card systems went down in Australia, airlines in India handed out handwritten plane tickets, and courts in the United States delayed hearings, including one in the sex crimes case of Hollywood mogul Harvey Weinstein. And the impact reverberated across the giant’s many clients in the public sector, with the Social Security Administration closing its local offices through the weekend and the Federal Communications Commission reporting disruptions to the 911 call service that forced some local dispatchers to switch to analog phone systems.

The outages were traced to a defective update from the cybersecurity company CrowdStrike, which was shipped to Windows systems across the globe, triggering the mass outages. In a blog post Saturday, Microsoft estimated that the update affected 8.5 million devices, which amounts to less than 1 percent of computers running Windows.

But the episode is resurfacing concerns that Microsoft’s grip over global systems is opening up federal agencies and businesses to unnecessary risk — raising questions about whether the power of one of the world’s most sophisticated political operators should be curtailed.

“These incidents reveal how concentration can create fragile systems,” Federal Trade Commission Chair Lina Khan, a Democrat whose agency is looking into consolidation among cloud computing services, said in a Friday post on X.

“The impact of today’s outages was defined by the reach of CrowdStrike; not the reach of Microsoft,” said Microsoft spokeswoman Kate Frischmann.

Microsoft’s email, cloud storage and video conferencing products have long been workplace staples nationwide, including within the federal government, for which the company is a major supplier. But prominent security lapses, coupled with mounting regulatory concerns about the tech giant’s power in our economy, are testing the company’s oftentimes friendly relationships in Washington.

The pervasiveness of Microsoft’s software in government IT systems reentered the spotlight earlier this year, after major hacks exposed federal officials’ emails, prompting lawmakers on Capitol Hill to haul in the company’s president, Brad Smith, to testify. A scathing report by the federal government’s Cyber Safety Review Board found that a “cascade of avoidable errors” and a security culture “that requires an overhaul” contributed to the events.

CrowdStrike CEO George Kurtz said Friday that the outages were “not a security or cyber incident” and that the company was “working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”

Microsoft CEO Satya Nadella said in a statement Friday that the company is “working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.”

But the flare-up is already fueling calls for the federal government to diversify the pool of vendors that conduct its daily operations, serving as a potential boon to Microsoft’s competitors.

The outage “is the result of a software monopoly that has become a single point of failure for too much of the global economy,” said George Rakis, executive director of NextGen Competition, whose group advocates for more stringent antitrust enforcement. He accused Microsoft of squelching competition by locking in customers and called for it to be “broken up.”

Spence Purnell, director of technology policy at the Reason Foundation libertarian think tank, said that while government officials often “ironically” complain about tech monopolies, “they help prop up Microsoft’s hold on government contracting through vendor lock-in.”

The outages are also poised to deepen scrutiny of the company’s dominance on Capitol Hill.

Lawmakers on at least three congressional panels — the House Oversight, House Homeland Security, and House Energy and Commerce committees — requested Friday that Microsoft and CrowdStrike brief members about how the outage took place and how it impacted agencies.

“This incident highlights how dependent we have become on IT for every aspect of our lives, and how a single defect can have a ripple effect across the entire economy,” Homeland Security Committee Chairman Mark Green (R-Tenn.) said in a statement.

At least one Republican committee member, Rep. Michael McCaul (Tex.), learned of the outage as he faced his own flight disruptions while returning from the Republican National Convention in Milwaukee, according to a spokesperson.

Rep. William Timmons (R-S.C.), who sits on the House Oversight Committee, called for immediate hearings on the incident, saying on X that it “lays bare the multiple choke points in our IT and Cyber infrastructure.”

Microsoft’s regulatory troubles have been piling up around the globe as it pushes more aggressively into new technologies, including artificial intelligence. Federal agencies reached a deal last month clearing the FTC to investigate its relationship with OpenAI. Regulators in Europe and the United Kingdom have been eyeing the relationship. The moves signal a shift for the company, which avoided much of the “techlash” directed at companies during the Trump presidency and first years of the Biden administration.

Microsoft has deep lobbying and public-relations resources to neutralize the fallout of the outage. Over three decades, Microsoft has built perhaps the most sophisticated public policy shop of any tech company, learning from its missteps during its antitrust battles with the U.S. government in the 1990s and early 2000s.

Under the leadership of Smith, the company has sought to portray itself as more diplomatic and willing to engage with policymakers about their concerns than tech peers. Smith’s reputation as the industry’s de facto ambassador to Washington will probably be tested by the outage fallout.

Frischman confirmed the company was briefing policymakers in D.C. on Friday about the incident, but she declined to say which government officials the company was contacting.

The White House told The Post that Biden was briefed on the incident and that his team was in touch with CrowdStrike. Microsoft was in touch with White House officials on Friday, according to a person familiar with the matter, who spoke on the condition of anonymity to describe the private conversations.

After the hacks earlier in the year, numerous congressional committees and lawmakers called on federal agencies to investigate and evaluate their reliance on the company’s tools. Those calls gained fresh urgency after Friday’s outages.

“It’s a failure that demands swift answers,” Sen. Rick Scott (R-Fla.), who in May urged federal agencies to probe Microsoft’s security lapses, said in a social media post on Friday.

Sen. Eric Schmitt (R-Mo.), who recently grilled the Pentagon over plans to invest more in Microsoft products, wrote a letter to the Defense Department on Friday warning that the outage shows that “consolidation and dependence on one provider can be catastrophic” to IT systems.

Defense Department spokesperson Jessica Anderson said the agency is monitoring its networks for possible impacts but does not comment on their status for security reasons.

The FTC itself was impacted by the outage, and employees were working to resolve issues on Friday.

Khan rose to the helm of the FTC with tough rhetoric about dismantling the power of tech giants, and under her leadership the agency brought an antitrust case against Amazon and challenged mergers in the sector, including Microsoft’s purchase of Activision. Microsoft ultimately prevailed in court, and the deal closed last year.

Khan warned on a recent episode of “The Daily Show” that some companies have become so powerful that they suffer few consequences when they harm consumers.

“Now we’re living with regular reminders of the consequences of prioritizing ‘efficiency,’ where an errant update shuts off the global economy for a day, or a hack stops millions of Americans from filling their prescriptions for weeks,” said an FTC official, who spoke on the condition of anonymity to discuss the agency’s sensitive work, which includes inquiries involving Microsoft. “The dominant firms are often too big to care because their customers have no one left to turn to for better service.”

Jeff Stein contributed to this report.