A top CrowdStrike executive has apologized for causing a global software outage that crippled operations at hospitals, airports, payment systems and personal computers around the world in July.
Adam Meyers, senior vice president of counterattack operations at CrowdStrike, testified before Congress on Tuesday. Meyers will speak before the House of Representatives subcommittee on cybersecurity and national security infrastructure protection. testimony“I’m here today because, just over two months ago, on July 19, we let our customers down… On behalf of everyone at CrowdStrike, I want to apologize,” he said. He said the company has conducted “a full review of our systems” to prevent the cascade of errors from happening again.
The global software outage, which delayed flights and medical procedures and caused computers around the world to display Microsoft’s infamous “blue screen of death,” was initially thought to be the result of a sophisticated and malicious cyberattack against the Windows maker. However, the real explanation got me thinking about Hanlon’s razor:CrowdStrike had released an update to its Falcon sensor software, intended to detect and contain cybersecurity threats, that crashed an estimated 8.5 million Windows computers.
Meyers said the company was taking full responsibility for the Accidents: “The July 19 incident originated from a confluence of factors that ultimately resulted in the Falcon sensor attempting to follow a threat detection configuration for which there was no corresponding definition of what to do.”
Meyers said the company has implemented some changes that should prevent an outage on this scale from happening again. For example, CrowdStrike will no longer push its software updates to all customers globally in one sitting. The company is also allowing customers to select when they receive their updates — they can wait to be among the second- or third-round customers who receive the update.
They may even choose to postpone an update, although that could make them more vulnerable to security attacks because they won’t have the most up-to-date threat assessment, Meyers warned.
After the newsletter promotion
CrowdStrike’s products are among the most widely used cybersecurity software in the world. The company boasted on its website that it protected more than half of the Fortune 1000 companies in the United States. But after the disastrous, botched update, it lost tens of billions of dollars in market value and its CEO went on a months-long apology tour.
