House lawmakers press CrowdStrike exec on global outage
A group of House lawmakers Tuesday grilled an executive with cybersecurity firm CrowdStrike, who said the company is “deeply sorry” for causing the global technology outage that grounded thousands of flights and impacted various industries last July.
“On behalf of everyone at CrowdStrike, I want to apologize. We are deeply sorry this happened and are determined to prevent it from happening again,” CrowdStrike Senior Vice President Adam Meyers said during opening remarks.
Meyers’s appearance before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure marked the only hearing so far scheduled to discuss CrowdStrike’s botched July 19 update, which crashed computers running Windows software and prompted a global outage.
Hundreds of flights were canceled or delayed due to the outage, while hospitals, emergency services and some government offices were also impacted. The incident sparked scrutiny of the cybersecurity firm and how foreign adversaries could take advantage of these sorts of vulnerabilities.
“The sheer scale of this error was alarming. A routine update could cause this level of disruption – just imagine what a skilled and determined nation-state actor could do,” subcommittee chair Rep. Andrew Garbarino (R-N.Y.) said in opening remarks.
“We cannot lose sight of how this incident factors into the broader threat environment. Without question, our adversaries have assessed our response, recovery and true level of resilience.
“It is clear that this outage created an advantageous environment ripe for exploitation by malicious cyber actors,” he added.
Subcommittee ranking member Rep. Eric Swalwell (D-Calif.) noted Tuesday’s hearing was not intended to “malign” CrowdStrike, but rather to understand the circumstances behind the outage.
Meyers emphasized the July outage was not a cyberattack from foreign threat actors.
“This incident was caused by a CrowdStrike rapid response content update that was focused on addressing new threats,” he said, adding the company is focused on increasing transparency and “learning” from the failed update.
“We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company,” he said. “I can assure you that we will take the lessons learned from this incident and use them to inform our work as we improve for the future.”
Changes to the platform include a new option for customers to opt in and choose when they receive content updates, Meyers said. Extensive internal training programs and conferences are also provided to CrowdStrike staff, Meyers told Rep. Mike Ezell (R-Miss.).
Rep. Morgan Luttrell (R-Texas) put Meyers on the spot for CrowdStrike’s failure to collectively test content updates on the internal side before it is pushed out.
“That’s where we are now, the new methodology is to test all of the content updates internally before they’re released to the early adopters,” Meyers rebuked.
“I’m still trying to figure out how this thing got launched, with it not being absolute,” Luttrel said at one point, prompting Meyers to go into greater detail about where the process failed.
Homeland Security Committee Chair Rep. Mark Green (R-Tenn.) brought up the hot-button issue of artificial intelligence (AI), asking the executive who made the decision to launch the update and if AI played a role.
Meyers confirmed AI was not responsible for any decisions in the process, noting the update was part of a group of 10 to 12 updates released every day by the firm. He said the firm is no longer fielding updates simultaneously to all customers in the same session to avoid a similar situation.
When pressed by Rep. Troy Carter (D-La.) if CrowdStrike has a way to allow for greater cooperation between the firm, Microsoft and other “good actors,” Meyers said the firm began “working closely” with Microsoft the weekend of July 19 and a sit down between the two companies was later held to discuss future improvements.
Meyers said “awareness is a key factor” in incidents like the global outage, for both the customers on their platform and the general public.
He later said the company would “fully cooperate” with an investigation into the incident by the Cyber Safety Review Board and other reviews “to ensure that we have provided transparency and visibility” into the firm.
Date: |
-
The New York Times - Tech
CrowdStrike Executive Questioned by Lawmakers Over Global Tech Outage
Adam Meyers, a senior vice president of the cybersecurity firm, testified in front of a House Homeland Security subcommittee about the July mishap.5 hours ago -
BBC News - Top stories
CrowdStrike boss apologises for global IT outage
Adam Meyers, a senior vice president with the IT firm at the heart of July's mass outage, faced a grilling by US lawmakers.5 hours ago -
The Guardian - World
CrowdStrike apologizes for global IT outage in congressional testimony
Faulty update from cybersecurity company ground hospitals, airports and payment systems to halt in July . A CrowdStrike senior executive apologized for causing a global software outage that ...8 hours ago -
BBC News - Top stories
Company behind global IT outage to face questions in US
Cancer delays, holidays ruined, businesses out of pocket - the CrowdStrike outage examined.Yesterday -
The Hill - Politics
CrowdStrike exec in the hot seat
Welcome to The Hill's Technology newsletter {beacon} Technology Technology The Big Story CrowdStrike exec in hot seat Lawmakers grilled an executive from cybersecurity firm CrowdStrike, who said ...4 hours ago -
CBS News - Top stories
CrowdStrike executive to apologize for global technology crash
In an appearance on Capitol Hill, senior executive is set to deliver an apology for IT meltdown behind mid-July havoc.12 hours ago
More from The Hill
-
The Hill - Politics
Pelosi says CNN shouldn’t air Trump remarks on Harris's 'cognitive problems': 'Why would you even cover that?'
Rep. Nancy Pelosi (D-Calif.) fired back at Former President Trump, condemning media coverage of his shots at the Vice President during a CNN appearance on Tuesday after he said Harris had "bigger ...30 minutes ago - Donald Trump -
The Hill - Politics
Nebraska GOP lawmaker: Other states should shift to our electoral college system
Rep. Don Bacon (R-Neb.) said on Tuesday that other states should shift to Nebraska’s electoral system, but since they likely won’t, the Cornhusker State should look to alter its system to a ...1 hour ago -
The Hill - Politics
New York City Schools Chancellor David Banks to step down amid federal investigations
New York City Schools Chancellor David Banks, head of the largest school system in the U.S., submitted his resignation effective at the end of the calendar year on Tuesday. Banks's decision to step ...2 hours ago - New York -
The Hill - Politics
Harris, Trump agree to separate town halls on Univision
Vice President Harris and Former President Trump have agreed to two separate town halls in October hosted by Univision. Journalist Enrique Acevedo will field audience questions from undecided ...3 hours ago - Donald Trump -
The Hill - Politics
Trump suspect charged with attempted assassination, case lands in Cannon's court
A federal grand jury on Tuesday indicted the man accused of showing up at one of former President Trump’s golf courses with a rifle on charges of attempting to assassinate a major presidential ...3 hours ago - Donald Trump