close
close

Microsoft’s global expansion under fire from regulators after Windows outage

A massive computer glitch that grounded planes, paralyzed hospitals and disrupted vital public services exposed how dependent the global economy is on one company: Microsoft.

Regulators and lawmakers from all political echelons sounded the alarm. The massive outage that took down Windows shows the dangers of concentrating so much power in the hands of one company, affecting governments, businesses and critical infrastructure around the world.

The outage spread across the globe, as credit card systems in Australia went down, airlines in India handed out handwritten airline tickets and courts in the United States postponed hearings, including one in the sex crimes case of Hollywood mogul Harvey Weinstein. And the impact hit the public sector giant’s many clients, with the Social Security Administration closing its local offices over the weekend and the Federal Communications Commission reporting disruptions to its 911 call service, forcing some local dispatchers to switch to analog phone systems.

The outages were traced to a faulty update from cybersecurity firm CrowdStrike that was pushed out to Windows systems around the world, causing the mass outages. In a blog post Saturday, Microsoft estimated that the update affected 8.5 million devices, representing less than 1 percent of computers running Windows.

But the episode has resurfaced concerns that Microsoft’s grip on global systems is exposing federal agencies and companies to unnecessary risk, raising questions about whether the power of one of the world’s most sophisticated political actors should be curbed.

GET CAUGHT

Stories to keep you informed

“These incidents show how concentration can create vulnerable systems,” Lina Khan, chair of the Federal Trade Commission and a Democrat whose agency is investigating consolidation among cloud computing services, said in a post on X on Friday.

“The impact of today’s outages was determined by CrowdStrike’s reach, not Microsoft’s reach,” said Microsoft spokeswoman Kate Frischmann.

Microsoft’s email, cloud storage and videoconferencing products have long been staples of workplaces across the country, including within the federal government, where the company is a major supplier. But high-profile security breaches, coupled with growing concerns about the tech giant’s power over our economy, are testing the company’s often-friendly relationships in Washington.

The ubiquity of Microsoft software in government IT systems came under renewed scrutiny earlier this year after massive hacks exposed the emails of federal employees, prompting lawmakers on Capitol Hill to summon the company’s president, Brad Smith, to testify. A scathing report from the federal government’s Cyber ​​Safety Review Board concluded that a “cascade of preventable errors” and a security culture “that requires an overhaul” contributed to the events.

CrowdStrike CEO George Kurtz said Friday that the outages were “not a security or cyber incident” and that the company “is working with all impacted customers to get their systems up and running again and to deliver the services their customers rely on.”

Microsoft CEO Satya Nadella said in a statement Friday that the company is “working closely with CrowdStrike and the entire industry to provide customers with technical guidance and support to get their systems back online safely.”

However, the flare-up is already prompting calls for the federal government to diversify the pool of suppliers that run day-to-day operations, a potential boon for Microsoft’s competitors.

The outage “is the result of a software monopoly that has become a single point of failure for too much of the global economy,” said George Rakis, executive director of NextGen Competition, whose group advocates for tougher antitrust enforcement. He accused Microsoft of stifling competition by locking in customers and called for the outage to be “broken up.”

Spence Purnell, director of technology policy at the libertarian think tank Reason Foundation, said that while government officials often “ironically” complain about technology monopolies, “they are actually helping Microsoft tighten the company’s grip on government contracts through vendor lock-in.”

The outages will also lead to increased scrutiny of the company’s dominant position on Capitol Hill.

Lawmakers on at least three congressional panels — the House Oversight, House Homeland Security, and House Energy and Commerce committees — asked Microsoft and CrowdStrike on Friday to brief members on how the outage occurred and what impact it had on the agencies.

“This incident shows how dependent we have become on IT for every aspect of our lives, and how a single failure can have a ripple effect across the entire economy,” Homeland Security Committee Chairman Mark Green (R-Tennessee) said in a statement.

At least one Republican committee member, Rep. Michael McCaul (R-Texas), learned of the outage when he himself experienced flight disruptions while returning from the Republican National Convention in Milwaukee, a spokesman said.

Rep. William Timmons (R-S.C.), who serves on the House Oversight Committee, called for immediate hearings about the incident, saying on X that it “exposes the many bottlenecks in our IT and cyber infrastructure.”

Microsoft’s regulatory woes are mounting around the world as the company more aggressively pursues new technologies, including artificial intelligence. Federal regulators reached an agreement last month that gave the FTC permission to investigate the relationship with OpenAI. Regulators in Europe and the United Kingdom have been keeping a close eye on the relationship. The moves mark a shift for the company, which avoided much of the “techlash” that hit businesses during the Trump presidency and the early years of the Biden administration.

Microsoft has extensive lobbying and public relations resources to offset the fallout from the outage. Over the past three decades, Microsoft has built perhaps the most sophisticated public policy shop of any tech company, learning from its missteps during its antitrust battles with the U.S. government in the 1990s and early 2000s.

Under Smith’s leadership, the company has tried to portray itself as more diplomatic and willing to engage with policymakers about their concerns than its tech peers. Smith’s reputation as the industry’s de facto ambassador in Washington will likely be tested by the fallout from the outage.

Frischman confirmed that the company informed policymakers in Washington, D.C., about the incident on Friday, but she would not say which government officials the company contacted.

The White House told The Post that Biden was aware of the incident and that his team was in contact with CrowdStrike. Microsoft was in contact with White House officials on Friday, according to a person familiar with the matter, who spoke on condition of anonymity to describe the private conversations.

Following the hacks earlier this year, numerous congressional committees and lawmakers called on federal agencies to investigate and evaluate their reliance on the company’s tools. Those calls took on new urgency following Friday’s outages.

“It’s a failure that demands swift responses,” said Sen. Rick Scott (R-Fla.), who in May urged federal agencies to investigate Microsoft’s security breaches, said in a social media post on Friday.

Sen. Eric Schmitt (R-Mo.), who recently questioned the Pentagon about plans to invest more in Microsoft products, wrote a letter to the Defense Department on Friday warning that the outage shows that “consolidation and reliance on a single provider can be catastrophic” for IT systems.

Defense Department spokeswoman Jessica Anderson said the agency was monitoring the networks for potential impact but could not comment on their status for security reasons.

The FTC itself was affected by the outage and staff worked hard on Friday to resolve the problems.

Khan came to the helm of the FTC with tough rhetoric about dismantling the power of tech giants, and under her leadership the agency filed an antitrust lawsuit against Amazon and challenged mergers in the sector, including Microsoft’s purchase of Activision. Microsoft ultimately prevailed in court, and the deal closed last year.

Khan warned on a recent episode of “The Daily Show” that some companies have become so powerful that they face few consequences for harming consumers.

“Now we live with regular reminders of the consequences of prioritizing ‘efficiency,’ when a faulty update can shut down the global economy for a day or a hack can keep millions of Americans from filling their prescriptions for weeks,” said one FTC official, who spoke on condition of anonymity to discuss the agency’s sensitive work, including investigations into Microsoft. “The dominant companies are often too big to care because their customers have nowhere to turn for better service.”

Jeff Stein contributed to this report.