In mid-July [3] [10], CrowdStrike’s senior vice-president for counter adversary operations [3] [10], Adam Meyers [1] [2] [3] [4] [5] [7] [9] [10], issued an apology during a House subcommittee hearing for a flawed software update that caused a global IT outage [3] [10].
Description
The update [1] [5] [6] [8], a content configuration update for Falcon Sensor security software [3] [9] [10], disabled internet services on 8.5 million Microsoft Windows devices [5] [10], leading to system crashes and halted business operations [9]. Meyers clarified that the outage was not due to a cyberattack but was caused by an “undetected error” in the update. CrowdStrike acknowledged the incident and has taken full responsibility, implementing measures to prevent similar incidents in the future [1] [2] [3] [7] [10]. The company lost about $60 million in contract sales following the outage and has enhanced its deployment processes, implemented new validation checks [1], and allowed customers to select when they receive software updates [3]. Despite facing lawsuits from shareholders and impacted businesses [5], including Delta Airlines [5], CrowdStrike denied responsibility for the outage [9], attributing the blame to Delta’s response to the situation [9]. Meyers also defended the necessity of CrowdStrike’s software having Microsoft kernel access for effective threat prevention and anti-tampering measures [1]. The outage disrupted various sectors [2] [4] [5] [7], including flights [2] [4] [7], TV broadcasts [2] [4] [7], banks [2] [4] [5] [7], hospitals [2] [4] [7] [8], and retailers [2] [4] [7]. CrowdStrike has taken steps to prevent a recurrence and 99% of Windows sensors were back online by 29 July [6].
Conclusion
The company is committed to transparency [6], learning from the incident [6], and improving its procedures for the future [6].
References
[1] https://www.infosecurity-magazine.com/news/crowdstrike-apologizes-outage/
[2] https://apnews.com/article/crowdstrike-congress-outage-microsoft-windows-aa1e9c84ee34bc38aca69731d9d3b9a7
[3] https://qz.com/crowdstrike-exec-appears-in-front-of-house-subcommittee-1851656630
[4] https://abcnews.go.com/Technology/wireStory/crowdstrike-executive-apologizes-congress-july-global-tech-outage-114077761
[5] https://news.sky.com/story/crowdstrike-boss-apologises-for-mistake-that-caused-global-it-outage-13221738
[6] https://www.computerweekly.com/news/366611933/CrowdStrike-apologises-to-US-government-for-global-mega-outage
[7] https://www.voanews.com/a/crowdstrike-executive-apologizes-to-congress-for-july-global-tech-outage/7799074.html
[8] https://www.techtarget.com/searchSecurity/news/366611892/CrowdStrike-exec-apologizes-to-Congress-shares-updates
[9] https://www.cbsnews.com/news/crowdstrike-global-techn-crash-delta-apology/
[10] https://www.yahoo.com/tech/crowdstrike-exec-reveals-safety-measures-234100530.html