A senior executive at CrowdStrike has apologised on behalf of the company for a mistake that disabled millions of PCs and caused outages across the world.
The cybersecurity firm unwittingly rolled out a faulty update package in July this year, causing flights to be grounded, payment systems to fail and even resulted in some hospitals having to postpone operations.
Among the worst affected by this issue was Delta Airlines, which claimed it had lost $500m (£374m) from cancelled flights – accusing CrowdStrike of “negligence” and beginning legal proceedings against the company. Delta isn’t the only one suing CrowdStrike – so too are its own shareholders.
Now, in an appearance in front of a congressional committee in the US, CrowdStrike’s Adam Meyers has said the company is “deeply sorry” for the outage and “determined to prevent it from happening again”.
Giving insight into how the company operates, Meyers explained that it could release between 10 and 12 minor configuration updates every day. He also covered CrowdStrike’s use of AI to help detect threats – though was at pains to note that its machine learning system was not at fault for the outage in question. When pressed on whether AI could write malicious code to bring down IT systems, Meyers acknowledged that whilst the technology “gets better” every day, it was “not there yet”.
Despite this congressional hearing being in response to one of the biggest IT outages in recent memory, many of those in attendance noted that Meyers didn’t face quite the same scrutiny as other representatives from big tech firms when they had previously found themselves in front of US lawmakers.
Instead, the emphasis was more on learning, understanding and working together, in the hope of avoiding similar incidents from occurring again. It also addressed ways in which members of the public could be protected in the case of future system failures, when ‘bad actors’ look to capitalise on the confusion, panic or lack of understanding that would ensue.
For CrowdStrike itself, Meyers said the company had undertaken “a full review” of its systems and the “perfect storm” of factors that drove this outage, to prevent it from happening again.