{"id":23866,"date":"2025-07-20T13:41:30","date_gmt":"2025-07-20T13:41:30","guid":{"rendered":"https:\/\/www.newsbeep.com\/us\/23866\/"},"modified":"2025-07-20T13:41:30","modified_gmt":"2025-07-20T13:41:30","slug":"the-great-it-outage-of-2024-is-a-wake-up-call-about-digital-public-infrastructure","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/us\/23866\/","title":{"rendered":"The Great IT Outage of 2024 is a wake-up call about digital public infrastructure"},"content":{"rendered":"

GeoTech Cues<\/a><\/p>\n

August 6, 2024<\/p>\n

Print this page<\/p>\n

The Great IT Outage of 2024 is a wake-up call about digital public infrastructure<\/p>\n

\n By
\n Saba Weatherspoon and Zhenwei Gao <\/p>\n

On July 19, the world experienced its largest global IT outage to date, affecting 8.5 million<\/a> Microsoft Windows devices. Thousands of flights were grounded. Surgeries were canceled. Users of certain online banks could not access their accounts. Even operators of 911 lines could not respond to emergencies.<\/p>\n

The cause? One mere faulty section of code in a software update.<\/p>\n

The update came from CrowdStrike<\/a>, a cybersecurity firm whose Falcon Sensor software many Windows users employ against cyber breaches. Instead of providing improvements, the update caused devices to shut down and enter an endless reboot cycle, driving a global outage. Reports suggest<\/a> that insufficient testing at CrowdStrike was likely the cause.<\/p>\n

However, this outage is not just a technology error. It also reveals a hidden world of digital public infrastructure (DPI) that deserves more attention from policymakers.<\/p>\n

What is digital public infrastructure?<\/p>\n

DPI, while an evolving concept<\/a>, is broadly defined<\/a> by the United Nations (UN) as a combination of \u201cnetworked open technology standards built for public interest, [which] enables governance and [serves] a community of innovative and competitive market players working to drive innovation, especially across public programmes.\u201d This definition refers to DPI as essential digital systems that support critical societal functions, like how physical infrastructure\u2014including roads, bridges, and power grids\u2014are essential for everyday activities.<\/p>\n

Microsoft Windows, which runs CrowdStrike\u2019s Falcon Sensor software, is a form of DPI. And other examples of DPI within the UN definition include<\/a> digital health systems, payment systems, and e-governance portals.<\/p>\n

As the world scrambles to fix their Windows systems, policymakers need to pay particular attention to the core DPI issues that underpin the outage.<\/p>\n

The problem of invisibility<\/p>\n

DPI, such as Microsoft Windows, is ubiquitous but also largely invisible, which is a significant challenge when it comes to managing risks associated with it. Unlike physical infrastructure, which is tangible and visible, DPI powers essential digital services without drawing public awareness. Consequently, the potential risks posed by DPI failures\u2014whether stemming from software bugs or cybersecurity breaches\u2014tend to be underappreciated and underestimated by the public.<\/p>\n

The lack of a clear definition of DPI exacerbates the issue of its invisibility. Not all digital technologies are public infrastructure: Companies build technology to generate revenue, but many of them do not directly offer critical services for the public. For instance, Fitbit<\/a>, a tech company that creates fitness and health tracking devices, is not a provider of DPI. Though it utilizes technology and data services to enhance user experience, it does not provide essential infrastructure such as internet services, cloud computing platforms, or large-scale data centers that support public and business digital needs. That said, Fitbit\u2019s new owner, Google, known for its widely used browser, popular cloud computing services, and efforts to expand digital connectivity<\/a>, can be considered a provider of DPI.<\/p>\n

Other companies that do not start out as DPI may become integral to public infrastructure by dint of becoming indispensable. Facebook, for example, started out as a social network, but it and other social media platforms have become a crucial aspect of civil discourse surrounding many elections. Regulating social media platforms as a simple technology product could potentially ignore their role as public infrastructure, which often deserve extra scrutiny to mitigate potential detrimental effects on the public. <\/p>\n

The recent Microsoft outage, from which airlines, hospitals, and other companies are still recovering, should now sharpen the focus on the company as a provider of DPI. However, the invisibility of DPI and the absence of appropriate policy guidelines for measuring and managing its risks result in two complications. First, most users who interact with DPI often do not recognize it as a form of DPI. Second, this invisibility leads to a misplaced trust in major technology companies, as users fail to recognize how high the collective stakes of a failure in this DPI might be. Market dominance and effective advertising have helped major technology companies publicize their systems as benchmarks of reliability and resiliency. As a result, the public often perceives these systems as infallible, assuming they are more secure than they are\u2014until a failure occurs. At the same time, an overabundance of public trust and comfort with familiar systems can foster complacency within organizations, which can lead to inadequate internal scrutiny and security audits.<\/p>\n

How to prevent future disruptions<\/p>\n

The Great IT Outage of 2024 revealed just how essential DPI is to societies across the globe. In many ways, the outage serves as a symbolic outcry for solution-oriented policies and accountability to stave off future disruptions.<\/p>\n

To address DPI invisibility and misplaced trust in technology companies, US policymakers should first define DPI clearly and holistically while accounting for its status as an evolving concept. It is equally crucial to distinguish which companies are currently providers of DPI, and to educate leaders, policymakers, and the public about what that means. Such an initiative should provide a clear definition of DPI, its technical characteristics, and its various forms, while highlighting how commonly used software such as Microsoft Windows is a form of DPI. A silver lining of the recent Microsoft\/CrowdStrike outage is that it offers a practical, recent case study to present to the public as real-world context for understanding the risks when DPI fails.<\/p>\n

Finally, Microsoft has outlined technical next steps<\/a> to prevent another outage, including extensive testing frameworks and backup systems to prevent the same kind of outage from happening again. However, while industry-driven self-regulation is crucial, regulation that enforces and standardizes backup systems, not just with Microsoft, but also for other technology companies that may also become providers of DPI, is also necessary. Doing so will help prevent future outages, ensuring the reliability of infrastructure which, just like roads and bridges, props up the world.<\/p>\n

Saba Weatherspoon is a young global professional with the Atlantic Council\u2019s Geotech Center.<\/p>\n

Zhenwei Gao is a young global professional with the Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs.<\/p>\n

Further reading<\/p>\n

Image: United Airlines employees wait by a departures monitor displaying a blue error screen, also known as the \u201cBlue Screen of Death\u201d inside Terminal C in Newark International Airport, after United Airlines and other airlines grounded flights due to a worldwide tech outage caused by an update to CrowdStrike’s “Falcon Sensor” software which crashed Microsoft Windows systems, in Newark, New Jersey, U.S., July 19, 2024. REUTERS\/Bing Guan <\/p>\n","protected":false},"excerpt":{"rendered":"GeoTech Cues August 6, 2024 Print this page The Great IT Outage of 2024 is a wake-up call…\n","protected":false},"author":2,"featured_media":23867,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[174,74],"class_list":{"0":"post-23866","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-internet","8":"tag-internet","9":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/23866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/comments?post=23866"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/23866\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media\/23867"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media?parent=23866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/categories?post=23866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/tags?post=23866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}