CrowdStrike prepares to face questions in US congress over global IT outage
24 September 2024, 11:04
The cybersecurity firm was at the centre of a global IT failure in July.
CrowdStrike, the cybersecurity firm at the centre of the global IT outage in July which grounded flights and delayed medical treatments, will face questions in US congress later on Tuesday.
The incident, sparked by a flawed software update rolled out by the US firm, crippled around eight and a half million computers running Microsoft software, which brought businesses and infrastructure to a standstill.
Now the company is to face questions from legislators for the first time, with Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, due to testify before the House of Representatives Committee on Homeland Security to assess the global impact of the outage.
Committee members had previously called on CrowdStrike chief executive George Kurtz to testify, but he is not currently listed as a witness for the hearing.
In the UK, the CrowdStrike outage left GPs unable to access the digital system to manage appointments or view patient records, as well as send prescriptions to pharmacies – which were also widely impacted – forcing doctors to return to using pen and paper.
Meanwhile flights were cancelled or delayed and passengers left stranded as airline systems were knocked offline or staff were forced to handwrite boarding passes and luggage tags.
Many small businesses also reported a substantial impact on their income, with some saying their websites being knocked offline by the incident cost them hundreds or even thousands of pounds in sales.
The outage sparked debate about wider online infrastructure and whether it was sustainable for so many online services to be reliant on one company, with the incident drawing the attention of regulators who want more details on what went wrong.
In its analysis of the outage, CrowdStrike said an “undetected error” in a software update sparked the problem, with a bug in the firm’s content validation system meant “problematic content data” was not spotted and then allowed to roll out to Microsoft Windows customers, causing the crash.
