A senior executive from cybersecurity firm CrowdStrike is set to testify before the US Congress on 24 September following the global IT outage in July that caused widespread disruption across multiple industries, including aviation and healthcare.
The incident, which stemmed from a faulty update to CrowdStrike’s “Falcon Sensor” software, resulted in the crash of millions of Microsoft Windows systems and led to severe operational disruptions worldwide.
Adam Meyers, CrowdStrike’s senior vice president for counter adversary operations, will appear before the House Homeland Security Cybersecurity and Infrastructure Protection subcommittee to provide detailed testimony on the events that led to the outage. The House committee had initially invited CrowdStrike’s chief executive officer, George Kurtz, to testify. However, Kurtz is not scheduled to appear, with the company instead putting forward Meyers as the “appropriate witness” to discuss the incident.
The July 19 outage had a profound impact globally, grounding flights, halting manufacturing, and disrupting internet services. One of the most affected sectors was aviation, with Delta Air Lines reporting the cancellation of 7,000 flights, affecting 1.3 million passengers and costing the airline $500 million.
Delta has since indicated plans to pursue legal action, holding CrowdStrike responsible for the financial losses incurred. CrowdStrike, however, has contested these claims, asserting that the company should not be blamed for the extensive flight disruptions.
The forthcoming congressional hearing will provide an opportunity for lawmakers to probe the circumstances surrounding the outage and to assess the measures CrowdStrike has implemented to prevent similar incidents in the future.
Representative Andrew Garbarino, who chairs the subcommittee on cybersecurity and infrastructure protection, emphasised the importance of the hearing, stating, “This is an important opportunity to learn more about what steps the company has taken in the aftermath of the outage to ensure it doesn’t happen again.” Garbarino also noted that while the outage was not caused by a cyberattack, the event demonstrated how critical infrastructure could be vulnerable to cascading failures from internal errors.
Committee Chair Mark Green highlighted the broader implications of the incident, noting the growing risks associated with the increasing reliance on interconnected IT systems. He stressed the urgency of promoting stronger cyber hygiene and resilience, stating, “Americans deserve to know in detail how this incident happened and the mitigation CrowdStrike is taking to avoid such widespread impacts across sectors.”
The incident has also attracted the attention of government authorities, who have begun inquiries into the events leading to the outage. Meanwhile, CrowdStrike has acknowledged the challenging environment it faces in the wake of the incident, recently cutting its revenue and profit forecasts for the upcoming year.