CrowdStrike senior executive Adam Meyers publicly apologised on Tuesday during a US congressional committee hearing as he answered questions over the IT global outage that disabled millions of PCs on 19 July.
Adam Meyers said the firm was “deeply sorry” for the outage that affected millions of people and is “determined to prevent it from happening again”.
On 19 July, a faulty software update issued by the security giant resulted in a massive overnight outage that affected Windows computers around the world, disrupting businesses, airports, train stations, banks, broadcasters and the healthcare sector.
Lawmakers on the House of the Representative cybersecurity subcommittee asked Meyers how the incident occurred in the first place.
“A global IT outage that impacts every sector of the economy is a catastrophe that we would expect to see in a movie,” said chairman of the House Homeland Security Committee Mark Green in his opening remarks.
The Tennessee representative compared the far-reaching impact of CrowdStrike’s faulty content update to an attack “we would expect to be carefully executed by a malicious and sophisticated nation-state actor”.
But “the largest IT outage in history was due to a mistake”, he added.
Meyers emphasised that the company will continue to act and share the ‘lessons learnt’ from the incident to ensure that another incident does not happen again.
The 90-minute hearing saw Meyers answer a series of technical questions, part of which focused on security issues related to CrodStrike’s software and its access to key parts of global firms’ operating systems devices.
The Security Committee also enquired on the impact of artificial intelligence on cybersecurity including possible threats of AI and the repercussions new fatal crashes could have around the world.
Lawmakers on the Committee also shared concerns on the impact large-scale cyber events could have on national security amid fears of exploitation by bad actors trying to capitalize on their disastrous impacts and general panic they would widely spread.
Questioned on artificial intelligence current potential to write malicious code, Meyers said he thought the tech was not “there yet” but added that every day it “gets better”.
He also stated that AI used by CrowdStrike to detect threats to systems, was not the responsible factor causing the fatal update that crashed computers around the world.
Commenting on the hearing, congressman Eric Swalwell said the committee had not gathered to “malign” the firm, with congressman Green adding Meyers showed an “impressive” degree of humility.
CrowdStrike is still facing multiple lawsuits following the July outage. Airline company Delta has accused CrowdStrike of “negligence”, claiming to have lost $500 million due to the outage which caused thousands of flight cancellations.
CrowdStrike’s shareholders have also filed a class action lawsuit against the software company, accusing the firm of making “false and misleading statements” about its software testing procedures.
