CrowdStrike exec apologises before US Congress for glitch behind global outage
United Airlines employees wait by a departures monitor displaying a blue error screen, also known as the “blue screen of death” inside Terminal C in Newark International Airport, after United Airlines and other airlines grounded flights due to a worldwide tech outage caused by an update to CrowdStrike's "Falcon Sensor" software which crashed Microsoft Windows systems, in Newark, New Jersey, US, Jul 19, 2024. (Photo: Reuters/Bing Guan)
WASHINGTON: A senior executive at cybersecurity firm CrowdStrike apologised at an appearance before a US House of Representatives subcommittee on Tuesday (Sep 24) for a faulty software update that caused a global IT outage in July.
Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, told the House Homeland Security Cybersecurity and Infrastructure Protection subcommittee that CrowdStrike released a content configuration update for its Falcon Sensor security software that resulted in system crashes worldwide.
He said the issues were not the result of a cyberattack or prompted by AI.
The Jul 19 incident led to worldwide flight cancellations and impacted industries around the globe including banks, health care, media companies and hotel chains. The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices.
Meyers said that on Jul 19 new threat detection configurations were validated and sent to sensors running on Microsoft Windows devices but the "configurations were not understood by the Falcon sensor’s rules engine, leading affected sensors to malfunction until the problematic configurations were replaced."
Delta Air Lines has vowed to take legal action, saying the outage forced it to cancel 7,000 flights, impacting 1.3 million passengers over five days, and costing it US$500 million. CrowdStrike rejected Delta's contention that it should be blamed for massive flight disruptions.
Last month, CrowdStrike cut its revenue and profit forecasts in the aftermath of the faulty software update and said the environment would remain challenging for about a year.
