White House responding to massive IT outage

The Biden administration is racing to assess the fallout from a massive IT outage that is ricocheting across the globe, grounding airplanes, ripping through health systems and snarling IT networks at federal agencies and Fortune 500 companies.

Anne Neuberger, deputy national security adviser for cyber and emerging technology, said during a panel at the Aspen Security Forum Friday that she had spent the morning assessing the impact of the outage on all U.S. critical infrastructure sectors, which had included a 4 a.m. wakeup call from the White House Situation Room on the issue. Neuberger said she spoke with George Kurtz, the CEO of cybersecurity giant CrowdStrike, and convened interagency calls to understand the impact of the errant software update, and had reached out to foreign partners to offer assistance as well.

Kurtz said in a post on X that the outage was not due to “security incident or cyberattack,” something Neuberger confirmed.

Neuberger said government agencies were working “first to assess what’s the impact on U.S. government critical services, second, to assess sector by sector what’s the impact to power in the country, to hospitals in the country, to 911 systems, the national suicide hotline.”

Millions of Windows computers which run CrowdStrike software displayed an error message emblazoned against a blue restart screen — colloquially known as the "blue screen of death" — Friday morning. Many security researchers warned within hours that the incident requires manual fixes at each individual computer, and will likely be one of the largest cyber incidents in history.

The outage is drawing instant scrutiny on the Hill.

Rep. Ritchie Torres (D-NY) sent a letter Friday to CISA Director Jen Easterly urging that the federal government’s Cyber Safety Review Board conduct an investigation of the outage. Sen. Eric Schmitt (R-MO) also plans to ask the Pentagon’s Chief Information Officer for a briefing on the impact of the outage within the DOD, according to a draft letter viewed by POLITICO.

DHS, which oversees the CSRB, did not immediately respond to a request for comment about the Torres letter.

As of Friday morning, one of the most immediate and visible impacts of the outage was at airports across the globe, where flights were grounded and passengers were left stuck for hours on the tarmac. The Federal Aviation Administration said Friday it was “closely monitoring” the issue and that travelers should expect “ground stops and delays” at various airports Friday.

The FCC also said on X it is “aware of reports” of disruptions affecting 911 emergency services.

Authorities in the European Union were grappling with the fallout at European airports and financial institutions early Friday. Spokespeople for the U.K. Prime Minister’s office and the The European Commission told POLITICO they were both looking into it.

The U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency are “working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages,” DHS said in a statement. The Department of Energy is also working with CrowdStrike and Microsoft on assessing and addressing outages, DOE said in a separate statement.

Crowdstrike’s software is meant to protect individual computers from viruses and hackers, and requires special IT privileges to operate on each of those devices. It also must be updated constantly to account for new security threats, a feature that sets it apart from other types of enterprise software.

DHS did not respond to a question on whether its systems were impacted by the outage, but a senior official within the Department of Homeland Security said their desktop crashed last morning around 1:30AM and they have not been able to restart it as of Friday morning.

The outage “is screwing me,” lamented the individual, who was granted anonymity because they were not authorized to speak publicly on the outage.

Kemba Walden, the White House's former acting national cyber director, said it was “a fair assumption” to think other federal agencies are impacted given how widespread both CrowdStrike and Microsoft software is. Officials at the Treasury and Justice Departments told POLITICO that some computer systems were affected, and the Social Security Administration said on its website that it prompted it to close all its offices to the public.

Secretary of State Antony Blinken said at Aspen that the outage showed “we have to diversify” software providers.

The Republican leadership of the House Homeland Security Committee posted on X that the outage “demonstrates how we depend on IT for every aspect of our daily lives,” and noted that the committee “will be monitoring the impacts closely.”

Already, there are signs the incident has also swept in other critical infrastructure sectors. John Riggi, national adviser for cybersecurity and risk at the American Hospital Association, said Friday that the outage was affecting “some hospitals and health systems.”

“We are in touch with the hospital field and the federal government and [are] monitoring the situation closely to better understand its scope and impact,” Riggi said.

Multiple security researchers and some government officials said the outage highlights both the risk of corporate concentration in information technology — and ironically, some of the unique vulnerabilities baked into cybersecurity software.

This ”is a good reminder that software is hard and even the appearance of competence is regularly deceiving,” said Trey Herr, the senior director of the Atlantic Council’s cyber statecraft initiative.

It’s also a harbinger of what could come if cyber adversaries took drastic action.

“This is a good wake up call or a practice run for a major cyberattack,” Lisa Plaggemier, executive director of the non-profit National Cybersecurity Alliance, said Friday. “If we’re struggling this much with an outage from a major security provider, I mean, this is very much what a cyberattack would look like.”