A senior executive at cybersecurity firm CrowdStrike apologised at an appearance before a US house of representatives subcommittee on Tuesday for a faulty software update that caused a global IT outage in July.
Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, told the homeland security cybersecurity & infrastructure protection subcommittee that CrowdStrike released a content configuration update for its Falcon Sensor security software that resulted in system crashes worldwide.
“We are deeply sorry this happened, and we are determined to prevent this from happening again,” Meyers said. “We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company.”
He said the issues was not the result of a cyberattack or prompted by AI.
The 19 July incident led to worldwide flight cancellations and impacted industries around the globe including banks, healthcare, media companies and hotel chains. South African companies were also impacted, including Capitec Bank. The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices.
“We cannot allow a mistake of this magnitude to happen again,” said representative Mark Green, who chairs the homeland security committee, calling the events “a catastrophe that we would expect to see in a movie”.
Meyers said that on 19 July, new threat detection configurations were validated and sent to sensors running on Microsoft Windows devices but these “configurations were not understood by the Falcon sensor’s rules engine, leading affected sensors to malfunction until the problematic configurations were replaced”.
Legal action
Delta Air Lines has vowed to take legal action, saying the outage forced it to cancel 7 000 flights, impacting 1.3 million passengers over five days, and cost it US$500-million. CrowdStrike rejected Delta’s contention that it should be blamed for massive flight disruptions.
Last month, CrowdStrike cut its revenue and profit forecasts in the aftermath of the faulty software update, and said the environment would remain challenging for about a year. — David Shepardson, (c) 2024 Reuters