‘A global IT outage that impacts every sector of the economy is a catastrophe that we would expect to see in a movie,’ committee chair Mark Green said.
A senior executive at the cybersecurity firm CrowdStrike apologized during a congressional hearing on Sept. 24 for a faulty software update that caused a worldwide IT outage in July.
Meyers said that the Austin-based company is “deeply sorry this happened” and that it is “determined to prevent this from happening again”
July’s global outage occurred due to an undetected error in a software update issued for Windows in a security system called Falcon, which is produced by CrowdStrike, the company has said.
It caused millions of computers running Microsoft Windows to crash, impacting multiple industries around the globe, including banks, healthcare, media companies, and hotel chains. It also led to flight cancellations worldwide.
“We have undertaken a full review of our systems and begun implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company,” Meyers said.
As of July 29, approximately 99 percent of customers’ systems were back up and running, the CrowdStrike senior exec stated.
Lawmakers during the hearing referred to July’s incident as the largest IT outage in history and said it demonstrates how global networks are increasingly interconnected.
“A global IT outage that impacts every sector of the economy is a catastrophe that we would expect to see in a movie,” Rep. Mark Green (R-Tenn.), who chairs the House Homeland Security Committee, said. “It is something that we would expect to be carefully executed by a malicious and sophisticated nation-state actor.”
Meyers said the incident was caused by a CrowdStrike “rapid response content update” and it “was not a cyberattack from foreign threat actors.”
The Tennessee representative said that while “mistakes can happen” we “cannot allow a mistake of this magnitude to happen again.”
“In this case, CrowdStrike’s Content Validator used for its Falcon Sensor did not catch a bug in a channel file,” Green said. “It also appears that the update may not have been appropriately tested before being pushed out to the most sensitive part of a computer’s operating system.”
Companies must implement the strongest cybersecurity practices possible, Green said.
“I can assure you that we will take the lessons learned from this incident and use them to inform our work as we improve for the future,” Meyers told the hearing.
That lawsuit also notes that CrowdStrike’s share price fell 32 percent in the 12 days that succeeded the outage, wiping out $25 billion of market value.
When the lawsuit was filed, CrowdStrike said the case lacks merit.
Speaking at the time of the outage, CrowdStrike chief executive George Kurtz said: “We identified this very quickly and remediated the issue.”
He added that its systems were constantly being updated to ward off “adversaries that are out there”.
CrowdStrike’s chief executive officer and co-founder, George Kurtz, said the company emerged more resilient in the wake of July’s outage and will continue to aggressively invest in innovation.
“Our vision and mission of stopping breaches remains unchanged,” Kurtz said.
Stephen Katte and Reuters contributed to this report.
Original News Source Link – Epoch Times
Running For Office? Conservative Campaign Consulting – Election Day Strategies!