CrowdStrike Outage Updates

CrowdStrike Blames 'Confluence of Factors' for Global Outage

CrowdStrike Executive Testifies on Faulty Update That Caused Historic July Outage
CrowdStrike Blames 'Confluence of Factors' for Global Outage
Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, testified before the House Homeland Security cybersecurity subcommittee on Sept. 24, 2024.

A senior executive from CrowdStrike on Tuesday blamed "a confluence of factors" for the cybersecurity firm's devastating July outage that affected 8.5 million Microsoft Windows devices worldwide.

See Also: OnDemand | When AI Becomes Doctor, Nurse, and Security Guard

Adam Meyers, senior vice president for counter adversary operations at CrowdStrike, told the House Homeland Security cybersecurity subcommittee that the company used "a long-standing, routine process" to deploy a faulty update which led to what is now considered the largest global IT outage in history. According to Meyers, CrowdStrike's decade-old validation and testing processes failed to identify an "unexpected discrepancy" in the updated threat detection configurations, causing thousands of systems across various industries to experience significant outages and operational disruptions.

Lawmakers described the outage as a "catastrophe" while seeking assurances that CrowdStrike revised its deployment processes for certain software updates. Meyers said the company stopped sending updates immediately to all customers. In response to a question, he said that artificial intelligence had no part in the decision-making that led to the faulty update being pushed out at the same time to customers.

Microsoft previously reported the CrowdStrike-caused outage affected less than 1% of active Windows systems, though a wide variety of critical infrastructure sectors - including hospitals, airlines, railways and financial institutions - were among those affected (see: CrowdStrike Disruption Restoration Is Taking Time).

"At the end of the day, even the best security product on the market won't do any good if it bricks a customer's operating system," said Rep. Eric Swalwell, D-Calif. He said the Cyber Safety Review Board report published earlier this year on the 2023 Microsoft Exchange Online hack said the incident "could have been prevented had [Microsoft] adopted the security controls its competitors implemented following similar incidents that occurred nearly 15 years prior."

Meyers told lawmakers the new methodology for testing updates involves a series of internal assessments and that updates similar to the one that caused the disruption are currently evaluated and pushed out 10 to 12 times a day.

"It was not a lack of following the process. This was an issue with a content validator," Meyers said. "We've subsequently ensured that there are now steps in place so that this cannot happen again."

Concerns from lawmakers and industry regarding the federal government's heavy reliance on Microsoft loomed over the subcommittee hearing, as CrowdStrike depends on Microsoft for its security software deployments. NetChoice, a technology trade association funded by Google and Meta, sent a letter to the House Homeland Security committee ahead of the hearing, saying that Microsoft provides 85% of the U.S. government's productivity software.

"While the July outage wasn't Microsoft's fault, the government's overreliance on Microsoft's Windows Server allowed the outage to inflict widespread problems on America’s critical IT infrastructure," the letter says.

CrowdStrike CEO George Kurtz told investors in August the company largely blunted the business fallout from the outage and implemented a series of safeguards designed to prevent a similar future incident. The company has not seen a wave of lawsuits, which some expected, in the wake of the outage, though organizations such as Delta Air Lines have previously threatened to sue both Microsoft and CrowdStrike over the disruption (see: CrowdStrike Has Yet to See Any Customer Lawsuits Over Outage).


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.