CrowdStrike exec apologizes before US Congress for software glitch behind July global outage

October 2, 2024 - 1:28 PM
1618
Travelers walk past a monitor displaying a blue error screen, also known as the “Blue Screen of Death” inside Terminal C in Newark International Airport, after United Airlines and other airlines grounded flights due to a worldwide tech outage caused by an update to CrowdStrike's "Falcon Sensor" software which crashed Microsoft Windows systems, in Newark, New Jersey, U.S., July 19, 2024. (Reuters/Bing Guan)

 A senior executive at cybersecurity firm CrowdStrike CRWD.O apologized at an appearance before a U.S. House of Representatives subcommittee on Tuesday for a faulty software update that caused a global IT outage in July.

Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, told the House Homeland Security Cybersecurity and Infrastructure Protection subcommittee that CrowdStrike released a content configuration update for its Falcon Sensor security software that resulted in system crashes worldwide.

“We are deeply sorry this happened and we are determined to prevent this from happening again,” Meyers said. “We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company.”

He said the issues was not the result of a cyberattack or prompted by AI.

The July 19 incident led to worldwide flight cancellations and impacted industries around the globe including banks, health care, media companies and hotel chains. The outage disrupted internet services, affecting 8.5 million Microsoft MSFT.O Windows devices.

We cannot allow a mistake of this magnitude to happen again,” said Representative Mark Green, who chairs the House Homeland Security Committee calling the events “a catastrophe that we would expect to see in a movie.”

Meyers said that on July 19 new threat detection configurations were validated and sent to sensors running on Microsoft Windows devices but the “configurations were not understood by the Falcon sensor’s rules engine, leading affected sensors to malfunction until the problematic configurations were replaced.”

Delta Air Lines DAL.N has vowed to take legal action, saying the outage forced it to cancel 7,000 flights, impacting 1.3 million passengers over five days, and cost it $500 million. CrowdStrike rejected Delta’s contention that it should be blamed for massive flight disruptions.

Last month, CrowdStrike cut its revenue and profit forecasts in the aftermath of the faulty software update, and said the environment would remain challenging for about a year.

—Reporting by David Shepardson; Editing by Mark Potter and David Gregorio