A House panel will hold a hearing on Sept. 24 with a top CrowdStrike executive to examine the impact of the cybersecurity company’s faulty software update that caused a global technology outage in July.
Adam Meyers, CrowdStrike’s senior vice president of counter-adversary operations, will testify before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
“This hearing will be an important opportunity to learn more about what steps the company has taken in the aftermath of the outage to ensure it doesn’t happen again,” Rep. Andrew Garbarino, New York Republican who chairs the subcommittee, said in a statement.
The CrowdStrike outage on July 19 caused global disruptions that grounded thousands of airline flights and took hospitals, banks, retailers and other services offline.
George Kurtz, the company’s founder and CEO, said at the time that the outage was not due to a cyberattack but caused by a defect found in a content update for CrowdStrike’s Falcon cybersecurity platform on Windows-hosted computers. He acknowledged that adversaries and bad actors would try to exploit such events, which is a key reason the House panel is holding a hearing on the matter.
“While the outage was not due to a threat actor, we know our adversaries and opportunistic criminals have been watching closely,” Mr. Garbarino said. “They have learned how a faulty software update can trigger cascading effects on our critical infrastructure. It’s important the public and private sectors work together to mitigate risk going forward.”
Rep. Mark Green, a Tennessee Republican who chairs the full Homeland Security Committee, said the CrowdStrike incident “demonstrates the urgency of promoting cyber hygiene and resiliency amid increased threats.”
“Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident for some time, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking to avoid the cascading impacts of outages like this across sectors,” he said in a statement.
In addition to questions from lawmakers about the vulnerability the July outage exposed, CrowdStrike has been in the hot seat with its investors and customers who remain outraged over the incident.
CrowdStrike investors who bought company stock in the past year have filed a class action lawsuit alleging the company violated federal securities laws by withholding critical information about its procedures for updating the Falcon platform that allowed stocks to be traded at an artificially high price.
The company claims the investor lawsuit is meritless. But CrowdStrike is trying to make right by its customers, saying in its recent earnings report that while it has a 98% retention rate following the July outage, it will provide about $60 million in credits to customers who remain with the company, according to CNN.
• Lindsey McPherson can be reached at lmcpherson@washingtontimes.com.
Please read our comment policy before commenting.