CrowdStrike is under sharp interrogation after a global IT outage in July knocked millions of devices offline and caused disruptions across various industries worldwide.
On Sept. 24, senior executive Adam Meyers with CrowdStrike testified to a US congressional committee about concerns over the software update that precipitated the outage.
'Bugged' Software Update Halts Global Access to Devices
On July 19, CrowdStrike pushed out a buggy software update that caused mass system crashes worldwide, reaching payment services, airlines, hospitals, and many others. Millions of computers were brought to a standstill, some even forcing hospitals to cancel appointments and airlines' ground flights.
Meyers showed much remorse throughout the hearing, stating he was "deeply sorry" and assured that such an error would be prevented.
"We are deeply sorry this happened and we are determined to prevent this from happening again. We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company," Meyers said.
The firm admitted that the outage is a kind of a "perfect storm," acknowledging that it did wreak havoc on the world's infrastructure. According to Meyers, CrowdStrike is geared towards ensuring no such occurrence happens again as the company learns from its failure.
Read Also: Meta Bans Russia State Media Amid Growing Concerns Over Propaganda: Here's How Kremlin Responds
Constituents Demand Answers on IT Outage
In Reuters' report, the House of Representatives cybersecurity subcommittee members questioned Meyers on just how the failure occurred.
Representative Mark Green, chairman of the House Homeland Security Committee, said that the scale of IT disruption was akin to the kind one might expect after a sophisticated cyberattack by a hostile nation-state. Instead, he said, "The biggest IT outage in history came from a simple mistake".
Green further spoke on the seriousness of the incident, referring to it as a "catastrophe" that nearly reached every aspect of the economy. The emotion welled up towards the much-needed uptight security and accountability measures so such incidents would not have a chance to happen again in the future.
Role of AI in Cybersecurity: Safety Concerns
During the 90-minute hearing, Meyers was asked technical and more general questions about cybersecurity and artificial intelligence (AI).
Representative Carlos Gimenez voiced his worries about the growing presence of AI in cybersecurity and the new looming danger represented by malicious, AI-generated code.
Meyers admitted that AI technology is improving but has not matured to a point where it can independently generate hostile code. Instead, he said the improvement of AI constantly creates new challenges for the business.
Furthermore, the AI did not contribute to the configuration update error, as CrowdStrike attempted AI to address threats regularly.
According to Meyers, the company usually sends out 10 to 12 configuration updates per day, but this one had an error in its configuration, causing global shutdowns.
Impact on National Security and Future Collaboration
The lawmakers also have deeper concerns over the broad implications of large-scale cyber events on national security. Their main concern is about the possibility of such an incident getting into the hands of malicious actors who exploit confusion, according to BBC.
Less confrontational than other high-profile sessions, it remains a reminder that the government needs collaboration with the private sector to strengthen its defenses against cybersecurity.
Congressman Eric Swalwell clarified that the hearing is not about bashing CrowdStrike. Congressman Green commended Meyers for his humility being "impressive." Still, the evidence ended with some ways to prevent such incidents and improve further on cybersecurity work.
Legal Fallout and Financial Consequences
The congressional hearing is cooperative in tone, but CrowdStrike still has several lawsuits pending against it about the July outage. Some affected individuals and businesses have filed claims on grounds of financial loss or personal disruption.
Several people told BBC News that their vacations were "totally ruined" and that some lost business opportunities.
Delta Airlines, one of the organizations that faced severe damage from the outage, has filed a lawsuit against CrowdStrike for neglect. Delta stated that $500 million went up in the air due to canceled flights, after which thousands of passengers were stranded.
Apart from businesses and people, CrowdStrike's stockholders are also filing lawsuits against the company, making it tougher for the company to return to its old self.
CrowdStrike Back on Track
CrowdStrike now appears set on rebuilding trust and assuring security following the global IT blackout. In this respect, Meyers said that the firm had drawn from the lesson of experience and would not allow the same to haunt it in its wake again.
The readiness of CrowdStrike to work with government agencies and cybersecurity professionals will be fundamental in ensuring that its future endeavors never embark on a journey of this nature. The firm is, however, faced with other consequences it must work to overcome: legal and financial.
Related Article: Microsoft Claps Back at Delta for Refusing Help During CrowdStrike Outage
