
CrowdStrike Executive Apologizes to US Congress for Software Glitch Behind July Global Outage
By David Shepardson
WASHINGTON – A senior executive from cybersecurity firm CrowdStrike expressed regret during a hearing with a U.S. House of Representatives subcommittee on Tuesday regarding a software update that led to a significant global IT outage in July.
Adam Meyers, the senior vice president for counter adversary operations at CrowdStrike, informed the House Homeland Security Cybersecurity and Infrastructure Protection subcommittee that a content configuration update for their Falcon Sensor security software resulted in widespread system failures.
"We are deeply sorry this happened and we are committed to ensuring it does not happen again," Meyers stated. He mentioned that a comprehensive review of their systems is underway, along with the implementation of plans to strengthen content update procedures to emerge as a more resilient company.
Meyers clarified that the issues experienced were not due to a cyberattack or linked to artificial intelligence.
The incident on July 19 caused disruptions globally, leading to numerous flight cancellations and affecting various sectors, including banking, healthcare, media, and hospitality. It disrupted internet services and impacted approximately 8.5 million Windows devices.
"We cannot allow a mistake of this magnitude to happen again," remarked Representative Mark Green, the chair of the House Homeland Security Committee, characterizing the situation as "a catastrophe that one would expect to see in a movie."
Meyers explained that on the day of the incident, new threat detection configurations were tested and sent to sensors running on Windows devices. However, these configurations were not correctly processed by the Falcon sensor’s rules engine, leading to malfunctions until the problematic configurations were replaced.
Delta Air Lines announced its intention to pursue legal action, stating that the outage resulted in 7,000 flight cancellations and affected 1.3 million passengers over a span of five days, costing the airline $500 million. CrowdStrike, however, did not agree with Delta’s assertion that the company should bear responsibility for the significant flight disruptions.
Recently, CrowdStrike revised its revenue and profit projections downward following the software update incident, indicating that they expect the challenging environment to persist for at least another year.