CrowdStrike’s Head of Intelligence apologized to a US House Homeland Security Committee in Washington on Tuesday, taking the blame for the company’s release of a faulty software update that led to the worldwide failure of millions of Microsoft Windows-run computers in July.
Senior Vice President of Counter Adversary Operations Adam Meyers appeared before the US House Homeland Security Cybersecurity and Infrastructure Protection subcommittee to answer questions about the events leading up to the July 19th global tech outage.
The cybersecurity firm’s threat intelligence leader explained that an untested content configuration update for its Falcon Sensor security software was the trigger behind the meltdown of 8.5 million computers around the world.
"We are deeply sorry this happened and we are determined to prevent this from happening again," Meyers said.
Calling the event "a perfect storm of issues," Meyers testified that the new configurations had been validated but that the "configurations were not understood by the Falcon sensor’s rules engine, leading affected sensors to malfunction until the problematic configurations were replaced," according to a Reuters report.
Meyer’s reiterated the CrowdStrike outage was not caused by a cyberattack or prompted by AI.
Using a chess analogy, Meyers likened the outage to "trying to move a chess piece where there is no square," BBC technology editor Zoe Kleinman described on X.
Adam Meyers uses a chess analogy to describe what went wrong with the outage: says it was like undefinedtrying to move a chess piece where there is no squareundefined - the sensor was unable to process the rule it was given and froze each machine running both Windows and this particular version…
undefined Zoe Kleinman (@zsk) September 24, 2024
The Falcon Sensor endpoint protection system is used by thousands of CrowdStrike customers worldwide to thwart malware and other cybersecurity threats.
Hours after its release, reports of crashing systems showing the infamous Blue Screen of Death (BSOD) began to sweep across entire industries, causing havoc for the airlines, hotel, banking, media, healthcare, and emergency services sectors.
Meyers told House members on Tuesday that the cybersecurity giant has since “undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company."
IT outage labeled 'catastrophic'
Republican Congressman and House Homeland Security Committee chairman Mark Green of Tennessee had sent a letter to CrowdStrike CEO George Kurtz days after the outage, requesting the Capital Hill appearance, citing “the urgency and global scale of this incident.”
“To add insult to injury, the largest IT outage in history was due to a mistake," Green said as he opened the meeting on Tuesday, calling the outage "a catastrophe that we would expect to see in a movie."
"Mistakes can happen. However, we cannot allow a mistake of this magnitude to happen again," Green said.
WATCH: @RepMarkGreen opens a hearing on CrowdStrike’s global IT outage:
undefined House Homeland GOP (@HomelandGOP) September 24, 2024
“To add insult to injury, the largest IT outage in history was due to a mistake. Mistakes can happen. However, we can't allow a mistake of this magnitude to happen again.” pic.twitter.com/2KEcJPd07l
Green and fellow Republican Subcommittee Chairman Andrew Garbarino of New York had previously said the massive outage highlights the “national security risks associated with network dependency” and that America's adversaries were closely monitoring "our response to the incident."
Meanwhile, Delta Air Lines, which had to cancel thousands of flights due to its systems being down for nearly a week, filed suit against CrowdStrike in August to try to recoup an estimated $500 million in losses. The outage was said to have forced Delta to cancel 7,000 flights, causing disruptions for 1.3 million passengers.
CrowdStrike has publicly rejected Delta's accusations stating that the lawsuit contributes to a “misleading narrative” that the cybersecurity firm was solely responsible for the airline’s response to the outage.
Back in July, insurance industry analysts had estimated company losses from the outage could top over $1 billion. Last month, CrowdStrike cut its revenue and profit forecasts drastically until next year, according to Reuters.
Earlier this month, Microsoft held its own security summit at its headquarters in Washington state to discuss lessons learned from the CrowdStrike outage. Microsoft said the summit also included government representatives for transparency.
Your email address will not be published. Required fields are markedmarked