A Simple Update Glitch Disrupts Global Software Systems

A simple update glitch has caused widespread disruption to global software systems, impacting numerous industries worldwide. Faculty members at Istinye University have assessed the ramifications of this global cyber crisis. 

 

Sedat Akleylek, a faculty member in the Faculty of Engineering and Natural Sciences at Istinye University (ISU), explains that a minor update error in an application designed to provide security support to global companies triggered the crisis. Şebnem Özdemir, Head of the Data Science Department at Istinye University, highlights the role of artificial intelligence systems in exacerbating the situation.

The global technical glitch has brought business operations to a standstill across various sectors, including banking, transportation, payment terminals, airport check-in systems, and supermarket checkout systems, all of which have become inoperable due to error messages. Professor Dr. Sedat Akleylek reiterates that this situation stems from a simple update error and further elaborates:

Solutions to These Types of Problems Are Known But implementing Them Takes Time

 

 IT systems are in constant communication with one another, necessitating updates to resolve issues. Think of an IT system as a chain of links; for it to function efficiently and without problems, it must be internally coherent. The issue we are facing today can be summarized as a straightforward update error in an application that provides security support to large-scale companies or institutions. Microsoft CrowdStrike is employed to detect and prevent real-time attacks. A faulty update in this application led servers to attempt to shut down or restart due to their security policies or operational protocols. While the theoretical solutions to such problems are known, practical implementation requires time. The remedy involves rolling back the update and reinstalling a secure version of the system.

The key lesson here is that even the smallest optimization in a well-functioning system should be tested in various environments for security and reliability. Computers and servers affected by the faulty update are automatically taken offline, forcing them into recovery or boot mode, which disrupts system accessibility and renders the main system unresponsive to requests.

Interestingly, These Types Problems Can Create New Opportunities for Our Country.

 

In today's fast-paced environment, we need to complete transactions instantly. Delays in money transfer activities, such as wire transfers and EFTs can lead to mutual grievances. Our information systems are composed of modules, each consisting of sub-modules or functions, designed to address specific problems. These functions must work in harmony, underscoring the importance of seamless integration activities.

Moreover, it is possible to mitigate such global issues by developing local and national alternatives to the commercial products currently in use. Reports indicate that the impact of this crisis is minimal in countries like China and Russia, where reliance on these types of products is limited. It is important to clarify that this situation does not constitute a cyber-attack."

 

A Chain Is Only as Strong as Its Weakest Link

The primary issue at hand is that the impact of the update on the application has not been adequately tested. When we examine the software development life cycle, it becomes clear that testing and quality management activities are crucial at every stage. While the updated CrowdStrike application aims to improve cyber-attack detection and prevention, it has been reported that the application issued warnings at inappropriate times. As a result, it would be inaccurate to categorize this situation as a cyber-attack. Cyber-attacks can also cause web and mobile applications, which we rely on daily, to fail in providing their intended services and functions.

In the realm of system security, the concepts of privacy, accessibility, and integrity are paramount. Both online and offline systems can be targeted by various types of cyber-attacks. Offline systems—those not connected to the internet—can be compromised through malicious software introduced via infected memory devices. The adage “a chain is only as strong as its weakest link” serves as a reminder that every module and function in information systems must undergo thorough testing and analysis. It is crucial to implement necessary precautions to safeguard personal information and protect against malware on used devices. Personal devices should not be shared with others; in other words, following the principle of “personal cyber hygiene” is essential.

Prof. Dr. Sedat Akleylek from the Faculty of Engineering and Natural Sciences has stated:

There is no risk for those with money in the bank

The aforementioned issues do not threaten the confidentiality and integrity of the system, so there is no associated risk in that regard. The most prudent course of action for end users would be to refrain from using the applications until they receive confirmation from the relevant institutions that the issue has been resolved.

Assoc. Prof. Şebnem Özdemir, Head of the Data Science Department at İstinye University, commented on the situation, noting that it remains unclear whether the problem arose from an unforeseen error or is inherent to the program itself:

“The occurrence of this issue now does not imply that it has never happened before or that it will not happen in the future. The digital landscape is evolving in ways we do not yet fully understand. We lack a clear understanding of the capabilities of different actors, and as the number of interconnected systems grows, the mechanisms for decision-making and action between these systems may become increasingly complicated. Consequently, whether due to cyber-attacks or systemic failures, such incidents are likely to multiply. The integration of artificial intelligence systems can either strengthen or weaken both defense and attack capabilities. We are beholden to every system we do not create ourselves; we cannot predict what services will yield or fully uncover their limitations. For instance, while we can see the waiter bringing our food in a restaurant and the dish itself, we cannot know how that food is prepared behind the scenes. Every product sourced externally is akin to a ready-made meal that we did not cook ourselves. Currently, it is suggested that the source of the problem is not a cyber-attack.”

 

The inability of a tech giant like Microsoft to respond effectively to a cyber-attack would be a significant embarrassment on the global stage. Consequently, I believe we will never hear an official statement confirming the occurrence of a cyber-attack. It has been reported that the source of the attack was another program within the system. However, there is currently no information on whether this incident arose from an unforeseen error, commonly referred to as a bug, or from the inherent nature of the program itself.”

Head of Data Science Department Assoc. Prof.  Şebnem Özdemir