By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    ‘Final Destination: Bloodlines’ tops box office while The Weeknd’s movie falters
    ‘Final Destination: Bloodlines’ tops box office while The Weeknd’s movie falters
    May 18, 2025
    The US Treasury just shocked Americans with a 8B surplus — its 2nd biggest monthly surplus in history
    The US Treasury just shocked Americans with a $258B surplus — its 2nd biggest monthly surplus in history
    May 18, 2025
    Fire in India’s Hyderabad kills at least 17 people
    Fire in India’s Hyderabad kills at least 17 people
    May 18, 2025
    world leaders gather as Leo to receive fisherman’s ring
    world leaders gather as Leo to receive fisherman’s ring
    May 18, 2025
    Austria wins Eurovision, as protesters ‘throw paint’ during Israel’s performance | Ents & Arts News
    Austria wins Eurovision, as protesters ‘throw paint’ during Israel’s performance | Ents & Arts News
    May 18, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    Ethereum back to K in May? Latest rebound says ETH price ‘still has more gas’
    Ethereum back to $3K in May? Latest rebound says ETH price ‘still has more gas’
    May 18, 2025
    ‘Bitcoin Standard’ author backs funding dev to make spamming Bitcoin costly
    ‘Bitcoin Standard’ author backs funding dev to make spamming Bitcoin costly
    May 18, 2025
    Retired artist loses M in crypto to Coinbase impersonator
    Retired artist loses $2M in crypto to Coinbase impersonator
    May 18, 2025
    BPEP gains steam as Eric Trump eyes cheap BTC to rival Saylor
    BPEP gains steam as Eric Trump eyes cheap BTC to rival Saylor
    May 18, 2025
    Top crypto to buy as Saudi Central Bank reveals exposure to MSTR
    Top crypto to buy as Saudi Central Bank reveals exposure to MSTR
    May 18, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Microsoft outages: The implications of downtime on the delivery of critical public services
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > Microsoft outages: The implications of downtime on the delivery of critical public services
Microsoft outages: The implications of downtime on the delivery of critical public services
Technology

Microsoft outages: The implications of downtime on the delivery of critical public services

Published August 2, 2024
Share
17 Min Read
SHARE

Contents
Not another outageOutage verses breachTiming is everything

It quickly became clear the problem was not an issue with Microsoft’s Azure service, as it first appeared, but an issue with a single software provider – named CrowdStrike – who released a faulty update to their software, which was then distributed rapidly around the world via the Azure global networks.

As reported by Computer Weekly, that “bad patch” was available online for 78 minutes, and in that time was distributed to 8.5 million Microsoft machines that got locked into a boot cycle and became unusable.

Once it became clear the source of the problems was not an organised cyber-attack from persons unknown, things settled into resolution mode.

- Advertisement -

The impact on affected businesses and the general public was in some cases major, but – when it comes to hyperscaler outages – the world has a short memory, and things quickly fell back into “business as usual” mode.

Not another outage

Except, on 30 July 2024, Microsoft’s cloud services suffered another outage, affecting businesses globally and – again – without any warning.

This outage, however, was nothing like the CrowdStrike debacle in terms of cause, impact, or even implication.

What this latest outage demonstrates is that we have one single problem: our level of reliance on cloud services which might not be all that reliable.

But first we need to dig a bit deeper into why these two outages were not the same.

IT security folks try to determine and manage risks to data and IT systems and in doing so tend to consider three key characteristics: confidentiality, integrity and availability.

Maintaining these characteristics and keeping them within defined and acceptable ranges is what cyber-security is all about.

It is impractical in nearly every case to maintain perfect equilibrium of confidentiality, integrity and availability. And, in any event, different organisations need different blends of these three things to function optimally.

It is common for IT security folks to focus on confidentiality as the biggest concern, and indeed the UK Government Security Classification Scheme is principally about assigning classifications to data confidentiality. But, in some cases, confidentiality is the least important factor, whilst integrity and availability are of very high importance.

Think of the fire brigade, as an example. When a fire is reported, the fire’s location needs to be as accurate as possible, and the firefighters on the ground need to communicate as accurately as possible to ensure they get the resources needed to fight the fire.

In this example, integrity and availability are high priorities, but keeping the fire a secret is unlikely to be.

What we do need, if IT security is to be achieved, is all of those three things in some form. And when the balance is not right, that’s a problem.

Outage verses breach

The media use two different words to describe these problems, depending on the characteristic that is compromised. A loss of confidentiality is usually referred to as a breach, while a loss of integrity or availability is often called an outage.

These describe the visible effects of the compromise, but not always the cause of the problem. And that’s why the two reports of Microsoft outages in a little over a week need to be taken separately.

They might look the same to the public’s eye and might be referred to in the same way in the press – but they’re different things and understanding that is both important and necessary for lessons to be learned from each.

The Crowdstrike incident was a loss of integrity of a single file in its software, which resulted in a loss of overall service availability.

The 30 July incident does not appear to be the same at all. And whilst it was shorter lived at just a couple of hours, after which most services came back online largely unscathed, it might actually be a lot more serious in nature.

The latest ‘outage’ was a general and widespread loss of availability of Microsoft networking services for its global Azure service, reportedly caused by a “usage spike”, which could be a Microsoft euphemism for a denial-of-service (DoS) attack by an unknown bad actor.

A DoS attack occurs when a (usually malicious) user consumes all of the available service resources and leaves nothing for anyone else.

For as long as the attacker retains those resources, the service will remain unavailable to its legitimate users. And during that time the affected business or user will typically be unable to operate or function.

Denial of Service attacks are major threats that can result in serious financial and threat-to-life situations, and a lot of money and resource is put into preventing their occurrence, which to be fair Microsoft is usually pretty good at.

This time, however, it looks like something went wrong, and that might be a failure of the security countermeasure to stop these attacks.

Or it might simply be that the bad guys found a way to throw more resources into the attack.

Timing is everything

The attack’s timing could not have been worse for Microsoft, coming as it did on a day they report their earnings to investors. 

That lends further credibility to the suggestions that this was a directed attack, not an accidental error or poor admin practice.

Microsoft had a bad day, but will no doubt put it behind them quickly enough and revert to business as usual. Most likely many of its users will too.

The issue of course is that IT systems do fail, and they fail more than many of us like to admit. For blue light responders, such failures literally are a matter of the public’s life and death, and a lot of thought has gone into the creation of resilient IT systems across those groups and organisations we rely upon for our safety.

For about 20 years that was my day job – I worked on architecting, building and assuring these services so that when everything around them fell over during a time of crisis,  these still functioned.

Up to a couple of years ago this was handled through investments in national systems and dedicated police and other 999 service networks which operated under special commercial terms from a specific pool of approved UK suppliers experienced in the provision of ‘never fail’ IT.

In addition, individual forces and services operated under a mechanism of mutual aid – whereby each police force, ambulance trust, or fire service had relationships with their neighbouring opposite numbers to ensure that if their own systems went down someone else would pick up the slack immediately and with little or no service degradation at all.

This also worked in cases where the local incident was so serious that a local responder had to commit all of its resources to handling that incident and needed to send calls for help elsewhere, and there were even a series of systems that managed these circumstances. The National Mutual Aid Telephony (NMAT) and the Casualty Bureau (CasWeb) being two examples.

Those systems were designed with failure in mind, and to ensure that when systems failed, someone would still pick up the phone and be in a viable position to respond to the emergency.

At this point I am not saying that our national capability to do this has been fully degraded – and those responsible for them today will certainly argue that they are not.

What we cannot escape is the fact that over the past five years policing (and fire and ambulance, along with other critical sectors) have been shovelling services into the hyperscale clouds of Amazon Web Services (AWS) and Microsoft with little obvious regard for the delivery of critical responder capability if those services go down.

Rather than consider the possibility of those systems failing, the decision makers have chosen to assume they will stay available under all circumstances, even though they are commodity products consumed by the general public and have no special terms or prioritisation.

This has inevitably introduced risks into our national resilience that we have never faced before.

The use of Microsoft cloud for hosting critical and public safety services is mainly down to our blue light and critical national infrastructure  IT leaders not reading the fine print of Microsoft’s Universal Licence Terms for their online services, and its acceptable use policy.

Those very clearly identify that Microsoft online services, of which Azure and M365 are part, are not designed for ‘high-risk use’ and should not be used.

“Neither customer, nor those that access an online service through customer, may use an online service in any application or situation where failure of the online service could lead to the death or serious bodily injury of any person, or to severe physical or environmental damage, except in accordance with the high-risk use section below,” its term state.

The referred to high-risk use section goes on to state: “The online services are not designed or intended to support any use in which a service interruption, defect, error, or other failure of an online service could result in the death or serious bodily injury of any person or in physical or environmental damage.”

The senior leaders who chose to use these services either failed to do their due diligence or chose to accept risks that their predecessors never would and which might even fail to meet their obligations under legislation.

This work was sanctioned at the highest level, being funded largely by the Home Office and facilitated by their programmes, and the Police Digital Service, with the support of National Police Chiefs’ Council and the Police and Crime Commissioner. 

The adoption of new public cloud services brought much-needed commodity-based capabilities for the streamlining and modernisation of police data handling.

However, in addition to the legal issues previously covered in depth by Computer Weekly, they might also have exposed the UK to critical public safety risks that were not properly taken into account.

Microsoft do not fully escape accountability here – even with their responsibility limiting acceptable use policy (AUP) clauses.

Given the company’s direct relationships with the Police Digital Service and key forces, it is clear the company knows its AUP is being breached, and may have played a part in police users doing so.

We often talk about eggs and baskets as a euphemism for exposing ourselves to critical safety risks, but there is growing evidence that in the UK we might have already done that – or at least stand on the cusp of doing so.

Two forces (Met Police, and North Wales Police) have announced in recent years that they plan to move their control room services onto Azure Public Cloud, and I’ve examined the wisdom or otherwise of that in the past.

What is clear is that whoever is now responsible for initiatives like these within our new government – and indeed for the wider general adoption of public cloud by UK Critical National Services – needs to take full notice of the problems Microsoft’s systems had on 30 July 2024.

In all key respects, if core UK services did not get hit yesterday, then that means another bullet dodged.

This time around, however, there are some indications that this one might have been fired by a malicious actor, and if so – for the first time – it needs to be considered that Microsoft’s previously assumed ‘always-up’ cloud service might be just as vulnerable to availability outages.

As it has shown itself previously to be weaker than we thought for integrity and confidentiality compromises.

The bullet dodged this time may well have come from an attacker that has just found a DOS machine gun they can let loose at Azure whenever they like.

I am certain that in the US senior Microsoft leaders will be brought into US government committees over the coming days to explain the circumstances of this global incident.

I’m equally sure that under the previous administration the UK would not have done likewise.

I hope this new government are wiser than that and realise that just like the unfolding prison overcrowding and financial status issues they claim to have uncovered on taking office, we face another possible crisis in public cloud for critical services.

Microsoft ought to be brought into a UK parliamentary or other public oversight committee as soon as practicable to explain all the things covered in the US to the new government and to the UK public.

This does not have to be a bloodletting or public-shaming exercise – it’s a lessons learned opportunity, from which we might choose to pick a different pathway for our CNI service providers.

If afterwards the UK government do not do so, then that’s ok because it will be a risk-informed decision for which the new government will have taken on the mantle of responsibility.

Today they face the greater political risk of being left holding the parcel when the music stops, and then being accountable for the failures of the previous government that they simply chose not to examine or fix, which might be worse.

Either way the loser in such a situation is the UK public, who rely on services that must not fail, but which increasingly sit on platforms unsuitable for critical service delivery.

- Advertisement -

#Microsoft #outages #implications #downtime #delivery #critical #public #services

TAGGED:CriticaldeliverydowntimeimplicationsMicrosoftoutagespublicservices
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Intel Is Cutting More Than 15,000 Jobs Despite Getting Billions From the US Government Intel Is Cutting More Than 15,000 Jobs Despite Getting Billions From the US Government
Next Article Who are the Russians freed under historic prisoner swap with the West? | World News Who are the Russians freed under historic prisoner swap with the West? | World News
- Advertisement -

Latest Post

Ethereum back to K in May? Latest rebound says ETH price ‘still has more gas’
Ethereum back to $3K in May? Latest rebound says ETH price ‘still has more gas’
Cryptocurrency
‘Final Destination: Bloodlines’ tops box office while The Weeknd’s movie falters
‘Final Destination: Bloodlines’ tops box office while The Weeknd’s movie falters
World News
‘Bitcoin Standard’ author backs funding dev to make spamming Bitcoin costly
‘Bitcoin Standard’ author backs funding dev to make spamming Bitcoin costly
Cryptocurrency
Retired artist loses M in crypto to Coinbase impersonator
Retired artist loses $2M in crypto to Coinbase impersonator
Cryptocurrency
The US Treasury just shocked Americans with a 8B surplus — its 2nd biggest monthly surplus in history
The US Treasury just shocked Americans with a $258B surplus — its 2nd biggest monthly surplus in history
World News
BPEP gains steam as Eric Trump eyes cheap BTC to rival Saylor
BPEP gains steam as Eric Trump eyes cheap BTC to rival Saylor
Cryptocurrency
- Advertisement -

You Might Also Like

Videos capture fireball meteor lighting up Colorado’s early morning skies
Technology

Videos capture fireball meteor lighting up Colorado’s early morning skies

September 2, 2023
Cartoon Trading Tournaments : ravensburger
Technology

Cartoon Trading Tournaments : ravensburger

January 27, 2024
Cyber criminals pivot away from ransomware encryption
Technology

Cyber criminals pivot away from ransomware encryption

July 28, 2023
Tim Peake: Astronauts stranded on International Space Station are in no danger | UK News
Technology

Tim Peake: Astronauts stranded on International Space Station are in no danger | UK News

July 24, 2024

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?