U.S. and Canadian railroads appear to be relatively unaffected by the global tech outage that grounded flights and disrupted businesses today, although Union Pacific and Canadian Pacific Kansas City did experience some computer issues.
“The CrowdStrike software outage has had varying levels of impact across Union Pacific’s network,” spokeswoman Clarissa Beyah said on Friday morning. “Our backup protocols enable us to communicate with our teams and dispatchers. We are doing everything possible to keep freight moving, but there have been some processing delays in customer shipments as we address targeted areas impacted on our network.”
But by Friday afternoon UP had cleared computer issues. “Union Pacific’s network is open for business. The vast majority of our customers’ freight is moving and full fluidity is returning to our network after this morning’s CrowdStrike software outage,” Beyah said. “In response to the outage, our teams swiftly implemented protocols and communication plans, which allowed us to safely keep our trains running.”
A faulty overnight software update from CrowdStrike, a cybersecurity firm, affected systems running Microsoft Windows. Airlines, banks, television networks, and other industries that rely on the software to protect their systems against hacking and cyberattacks said their systems are gradually recovering from the incident.
CPKC spokesman Patrick Waldron said the outage has had some impact on its systems but that the rail network was operational.
Amtrak’s passenger operations were not affected, spokesman Marc Magliari said. In an alert at 7 a.m. Eastern time, Amtrak said the outage was preventing it from processing credit card transactions this morning. Digital wallet transactions, however, were unaffected.
BNSF Railway, Canadian National, and CSX said their systems were not affected and that operations were normal. Norfolk Southern did not immediately respond to requests for comment.
A check of live video feeds from around the U.S. this morning showed Amtrak and freight trains moving on all of the Class I systems.
Commuter rail systems around the U.S. largely reported that service was unaffected aside from technical glitches such as real-time train status information and platform boarding announcements that affected the MBTA in Boston and the Long Island Railroad in New York.
Two container terminals at the Port of New York and New Jersey were scheduled to open late today due to the outage, according to the port authority. Port Houston’s two container terminals had a delayed opening as well.
Note: Updated at 2 p.m. Central with additional comment from UP.
This suggests that BNSF, CN, and CSX don’t use Crowdstrike at all. I wonder what their cybersecurity strategy is, and who their vendors are, since Crowdstrike is the 800-pound gorilla in that market.
And to clarify for folks not immersed in tech, Crowdstrike sells software and services that protect all kinds of different operating systems, and overnight they sent out an update to the Windows-protecting product that blew everything sky-high. Blaming Microsoft for this would be like blaming GM if you poured diesel fuel into the tank of your Corvette and it stopped working…
Maybe these railroads use Linux, a mainframe or a midrange platform. They all still exist in quantity.
Also Crowdstrike has several different service types, some corporations only use their firewalls and early warning appliances. Since Windows is one of the more weaker operating systems, they can run a Crowdstrike agent on their Windows Servers to detect and report on hack attempts. These typically tie in with a Crowdstrike reporting center to coordinate the responses.
No upgrade shall go unpunished
Software updates can be brutal. One line of wrong code, out of millions of lines of perfectly written code can be the proverbial monkey wrench.
How does this even happen? The affected corporations should sue Microsoft for every penny Microssoft has ever seen. And then some.
Atlas shrugged. Ayn Rand saw this coming fifty years ago. It’s happening as we speak.
“Who is John Galt …?”
Just FYI, it wasn’t Microsoft, but Crowdstrike, a major cybersecurity software company.
How does this happen? A company doesn’t have or skips the proper testing that would have caught the trivial bug (that any computer/software engineer learned in school about) in the code any day of the week. And then they ship it. Carelessness at best really.