← Back to House of Commons Debates
CrowdStrike: IT Outage
22 July 2024
Lead MP
Ellie Reeves
Debate Type
Ministerial Statement
Tags
NHSEconomyEmploymentTransport
Other Contributors: 15
At a Glance
Ellie Reeves raised concerns about crowdstrike: it outage in the House of Commons. A government minister responded. Other MPs also contributed.
How the Debate Unfolded
MPs spoke in turn to share their views and ask questions. Here's what each person said:
Government Statement
On Friday, 19 July, a global IT outage occurred due to a flawed CrowdStrike software update on Microsoft systems. The incident caused significant disruptions in the transport sector with flights grounded and delays in Europe and the US. UK train services faced issues during rush hour while media outlets had difficulties providing live coverage. Local healthcare saw impacts on test results and appointment information, impacting GP services but NHS contingency plans were quickly enacted to manage recovery. Small businesses suffered due to disrupted card-only payment systems and ATMs. Officials from the National Cyber Security Centre determined that the incident was not a security breach or cyber-attack but rather a flawed software update causing Windows machines to crash. CrowdStrike issued guidance for manual fixes, which are now being replaced by an automated solution. The Government has been coordinating closely with Microsoft and CrowdStrike since Friday morning, with Cabinet Office officials leading the response across all sectors. Cobra meetings were held on Friday and officials continuously monitored recovery over the weekend. Most impacted sectors have mostly recovered, with UK transport systems operational again and NHS services expected to return fully within days. Minor disruptions may continue but should be resolved soon. The Government will review lessons learned from this incident and work with partners across government to implement improvements in response plans for technical resilience and cyber threats. They aim to strengthen defences through legislation included in the King’s Speech, focusing on expanding regulation and reporting requirements for cyber threats. This underscores the importance of preparedness for IT system outages.
Richard Graham
Con
Gloucester
Question
Given the reliance on CrowdStrike software across critical sectors of the UK economy, what reassurance can the Minister give that this incident will not happen again and how does she plan to collaborate with major IT companies such as Microsoft and CrowdStrike to ensure the security of their products in future?
Minister reply
The Government has been working closely with CrowdStrike to address the issue following Friday's incident. The Cabinet Office, alongside other departments, is reviewing the situation and will be engaging further with key technology providers like Microsoft and CrowdStrike to enhance security measures and prevent similar occurrences in the future.
Liam Fox
Con
Wealden
Question
The Minister mentioned that contingency plans were put into place for NHS services but did not detail what these would be. Can she give more specific information about these contingency measures, including any alternative service provision arrangements?
Minister reply
NHS contingency plans included the activation of backup systems and manual processes to ensure continuity of care during IT outages. Staff were instructed on how to manage patient appointments and records offline until full restoration could be achieved.
Robert Neill
Con
Croydon South
Question
What is the Minister’s view on the role played by the Cabinet Office in leading the response and whether there are any lessons to be learned for improving the speed and effectiveness of such responses?
Minister reply
The Cabinet Office has been pivotal in coordinating a swift and effective response across impacted sectors. The Government will review this incident thoroughly to identify areas for improvement, particularly focusing on enhancing technical resilience and response times.
Brecon and Radnorshire
Question
Given the reliance on third-party software in public services, what specific steps is the Minister taking to ensure that such critical systems are protected against similar incidents in the future?
Minister reply
The Government will be working closely with the National Cyber Security Centre and other partners across government to review lessons learned from this incident. Improvements to response plans will cover technical resilience features as well as cyber security, ensuring better protection of essential digital services.
Oliver Dowden
Con
Hertsmere
Question
Welcomed the Minister's role, thanked her for advance sight of the statement, acknowledged challenges in cyber-security due to threats like CrowdStrike’s incident on Microsoft devices globally affecting critical national infrastructure. Called for a timetable for the Bill and mandatory cyber-resilience targets for UK public sector, engagement with technology firms.
Minister reply
Acknowledged shadow Minister's points, stated that the Government will strengthen defences through expanding regulatory oversight, increasing reporting requirements and reviewing resilience measures in light of recent incidents.
Chi Onwurah
Lab
Newcastle upon Tyne Central and West
Question
Reassured by steps taken to mitigate the impact but worried about small businesses and consumers' protection. Asked if people should have to reboot from a blue screen for tech benefits.
Minister reply
Acknowledged concerns, stated that lessons learned will feed into Bill development.
Daisy Cooper
Lib Dem
St Albans
Question
Asked about impact on NHS patients requiring urgent care and those needing anti-virals for covid. Requested assurances from the Department of Health and Social Care.
Minister reply
Reported no impact on emergency services, GPs issued paper prescriptions when patient records were inaccessible.
Pamela Nash
Lab
Motherwell, Wishaw and Carluke
Question
Asked about the impact in Scotland and conversations with Scottish Government.
Minister reply
Passed concerns to Department of Health and Social Care for review.
David Mundell
Con
Dumfriesshire, Clydesdale and Tweeddale
Question
Condemned the events as showing we are far from a cashless society. Asked if Government will support continued use of cash for vulnerable people.
Minister reply
Commits to providing 350 banking hubs for access to cash.
Mark Ferguson
Lab
Gateshead Central and Whickham
Question
Asked about resilience efforts in a defence context.
Minister reply
Began immediate steps upon election to legislate better protection, cyber-security and resilience Bill will come before Parliament.
Jim Shannon
DUP
Strangford
Question
Welcoming the Minister and congratulating her on her role, Jim Shannon highlights the impact of recent system outages on flights, banking services, and healthcare in Northern Ireland. He questions the necessity for better cyber-resilience and preparedness to mitigate such disruptions.
Minister reply
Ellie Reeves thanks the MP for his kind remarks and acknowledges the difficulties faced by his constituents. She confirms that the Government will expand cyber-resilience measures, strengthen regulators, and obtain a clearer understanding of cyber-threats.
Kit Malthouse
Con
North West Hampshire
Question
Kit Malthouse raises concerns about the impact on government services and seeks clarity on which specific services were affected. He also asks for a report detailing the sectors impacted, their level of disruption, and future resolution strategies.
Minister reply
Ellie Reeves informs that while some GP services faced issues, emergency services remained unaffected. She states that lessons are being learned from the incident and assurances will be provided once the analysis is complete.
Joshua Reynolds
Lib Dem
Maidenhead
Question
Highlighting the impact on GP services in his constituency, Joshua Reynolds seeks assurances that patients will continue to receive necessary care as lessons are learned from the incident.
Minister reply
Ellie Reeves thanks GPs for their efforts and assures that a lessons-learned exercise is underway. She also mentions a forthcoming Bill aimed at enhancing cyber-resilience.
Kirsty Blackman
SNP
Aberdeen North
Question
Suggesting the continuation of annual statements on civil contingencies and risks, Kirsty Blackman asks the Minister to assess potential widespread use of software or hardware that could cause mass outages.
Minister reply
Ellie Reeves expresses willingness to consider the points raised by the MP regarding cyber-security and resilience.
Shadow Comment
Oliver Dowden
Shadow Comment
Welcoming the hon. Minister to her role, Oliver Dowden acknowledged the challenges in ensuring robust cyber-security amid various threats including human error and design flaws. He paid tribute to those working tirelessly over the weekend to restore services and highlighted previous government measures such as creating the National Cyber Security Centre, introducing secure by design policies, setting cyber-resilience targets, launching GovAssure, and transforming oversight of governmental cyber security. Dowden inquired about the timetable for the upcoming cyber-security Bill, proposed mandatory targets for UK public sector resilience against common causes like this incident, and sought reassurances regarding full recovery timelines and potential impacts on payroll. He noted Britain's leading position in the global cyber industry with over 60,000 employees and £12 billion annual revenue, partly due to a £5.3 billion national cyber-security strategy investment. Dowden urged for continued government support and engagement with technology firms to address shared challenges through partnership, ensuring public confidence in technological reliability.
▸
Assessment & feedback
Summary accuracy
About House of Commons Debates
House of Commons debates take place in the main chamber of the House of Commons. These debates cover a wide range of topics including government policy, legislation, and current affairs. MPs from all parties can participate, question ministers, and hold the government accountable for its decisions.