CrowdStrike exec to testify in September on last month’s global IT outage

CrowdStrike's offices in Sunnyvale, Calif. A senior company executive will testify before a congressional committee next month about an iil-fated software update that knocked global IT systems offline.

CrowdStrike's offices in Sunnyvale, Calif. A senior company executive will testify before a congressional committee next month about an iil-fated software update that knocked global IT systems offline. Justin Sullivan/Getty Images

Adversaries closely watched the incident unravel, a House lawmaker said.

CrowdStrike senior vice president of counter adversary operations Adam Meyers will testify before a House panel next month about a company-enabled global IT outage that crippled some 8.5 million Windows computers last month.

Meyers will testify Sept. 24, according to a House Homeland Security committee announcement made available Friday.

The outage was linked to a February overhaul of an internal system used by the cybersecurity firm to classify suspicious activity passing through customers’ devices. It affected several federal agencies, as well as banks, airlines and other essential services worldwide. Delta, an airline acutely affected by the defective software update, is threatening legal action against the company.

“While the outage was not due to a threat actor, we know our adversaries and opportunistic criminals have been watching closely. They have learned how a faulty software update can trigger cascading effects on our critical infrastructure,” said Rep. Andrew Garbarino, R-N.Y., who heads the cybersecurity subcommittee that will hold the hearing.

The recent outage already created secondary hacking opportunities being leveraged by cybercriminals, Nextgov/FCW previously reported.

CrowdStrike helped pioneer endpoint detection and response technologies that stop hackers from infiltrating systems by shielding “endpoint” devices like laptop computers or phones that often provide hackers an entryway into targets’ networks. The company’s flagship Falcon platform is designed to deter adversaries from accessing a client’s systems at all levels of a device or across devices connected to their network. 

To do this, Falcon tethers onto computers at a root level where their operating systems sit. Once installed, it has full access to the crown jewels of client devices, where it can stop threats moving about at all points. But the faulty update slipped through the cracks of a testing structure used by the company to check product code before being deployed.

Several federal entities were affected in the July 19 incident, including CISA, the Social Security Administration, Treasury Department, Customs and Border Protection and the GSA-managed Login.gov platform.

Hundreds of U.S. school systems were likely impacted in the outage, and if school districts were in full-time session outside of summer months, prolonged countrywide school closures would have likely occurred, according to a person with direct knowledge of the matter.

A new process is in development to prevent similar errors in the future, CrowdStrike said in a recent incident review.