The cause of the chaos was a software update from a US-based cybersecurity firm called CrowdStrike. The incident highlights the fragility of the global economy and its reliance on unseen computer systems.

“The general public thinks that when the apocalypse comes, it will be AI taking over a nuclear power plant and cutting off the electricity,” said Costin Raiu, a longtime cybersecurity researcher. “But it’s more likely that a small piece of code in a buggy update will cause a chain reaction in interconnected cloud systems.”

Software updates are an important way to protect computers from hackers. But the update process also needs to be done properly. Trust in that process was shaken on Friday.

Many Fortune 500 companies use CrowdStrike's cybersecurity software to detect and block hacking threats. Computers running Windows, one of the world's most popular operating systems, crashed because of the way CrowdStrike's code update interacts with Windows.

CrowdStrike, a multibillion-dollar company, has expanded its influence around the world in its more than a decade of business. Many businesses and governments now rely on the company to protect them from cyber threats. However, the dominance of a handful of companies in the antivirus and threat detection market also poses its own risks.

“We rely on cybersecurity vendors in a broad way, but there is a lack of diversity; this creates fragility in our technology ecosystem,” said Munish Walther-Puri, former chief cyber risk officer for New York City.

The outage, which affected many critical infrastructure providers, could also raise new questions for US officials and corporate executives about whether new policy tools are needed to avoid future disasters.

Anne Neuberger, a senior White House official for technology and cybersecurity, spoke of the “risks of consolidation” in the tech supply chain when asked about the IT incident on Friday.

“We need to really think about digital resilience not just in the systems we operate but in the globally connected security systems, the risks of consolidation, how we deal with that consolidation and how we make sure that if something goes wrong, we can control it and recover quickly,” Neuberger said at the Aspen Security Forum in response to a question about IT incidents.

The chaotic scenario that unfolded on Friday was not related to an attack, but government officials around the world are likely looking into what might have happened.

The CrowdStrike incident “shows the serious damage that can be done by a malicious adversary if they have the intention,” said Tobias Feakin, a former senior cybersecurity and critical technology official in Australia’s Department of Foreign Affairs.

Hong Hanh (according to CNN, Reuters)