In This Story
CrowdStrike’s senior vice-president for counter adversary operations, Adam Meyers, reiterated his company’s apology today during a House subcommittee hearing and went on to say that the company has launched a configuration update for its Falcon Sensor software system.
Meyers was grilled Tuesday afternoon by lawmakers from the House’s Cybersecurity and Infrastructure Protection subcommittee over the company’s failure to properly address its faulty software update that led to a global IT outage in mid-July.
Following the global outage, companies across the airlines, banking, telecommunications, and healthcare industries were deeply affected for weeks. The outage disrupted internet services, affecting about 8.5 million Microsoft (MSFT) Windows devices, per Reuters.
“We are deeply sorry this happened, and we are determined to prevent this from happening again,” Meyers said at the hearing. “We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company.”
During the grilling session, which was led by Republican Rep. Mark Green from Tennessee, Meyers said CrowdStrike (CRWD) takes “full responsibility” for the international system crashes. He also deemed that the issues were not the result of a cyberattack, nor was it induced by artificial intelligence.
“The July 19 incident stemmed from a confluence of factors that ultimately resulted in the Falcon sensor attempting to follow a threat detection configuration for which there was no corresponding definition of what to do,” Meyers said.
After the IT incident, CrowdStrike lost about $60 million in contract sales. The cybersecurity firm said that the incident scared off customers who were looking to close deals during the final weeks of the second quarter.
Meyers announced during the hearing that the company had taken several steps to sharpen its system and would prevent another outage from happening at this level again. He stated that CrowdStrike will no longer unveil its software updates internationally to all customers in a single session. The company will also allow customers to select when they receive their updates.
They have the option of waiting to be the second or third group of clients who will receive the update after it goes public.
“Mistakes can happen,” Green said. “However, we cannot allow a mistake of this magnitude to happen again. A global IT outage that impacts every sector of the economy is a catastrophe that we would expect to see in a movie. It is something that we would expect to be carefully executed by a malicious and sophisticated nation-state actor.”
