Adam Meyers, a senior vice president at CrowdStrike, appeared before a House Homeland Security subcommittee on Tuesday to address questions from lawmakers about a widespread technology outage in July.
The outage, caused by a flawed software update from CrowdStrike, impacted critical systems globally, including airlines, hospitals, and government agencies, leaving businesses scrambling to restore operations.
The malfunction, triggered by a faulty update to CrowdStrike’s Falcon Sensor software running on Microsoft Windows, caused devices to crash and display the infamous “blue screen of death.” The systems were unable to reboot properly until the flawed file was removed. Meyers, representing CrowdStrike, expressed deep regret for the disruption and assured the subcommittee that the company had implemented new safeguards to prevent similar incidents in the future.
“We let our customers down,” Meyers told the panel.
He acknowledged the widespread chaos caused by the outage. He added that CrowdStrike had taken steps to ensure that future updates would undergo more rigorous testing before deployment. He also emphasized that customers could now choose when to receive updates to avoid immediate rollouts.
The outage, which affected large corporations rather than individual consumers, highlighted the global dependency on a few key tech companies for essential services. Travelers were stranded as airlines canceled thousands of flights, and some hospitals had to delay medical procedures. Representative Andrew Garbarino, a Republican from New York, pressed Meyers on the company’s accountability, asking how CrowdStrike planned to prevent such an event from happening again.
Meyers explained that the software update was initially cleared by internal screening processes, but it failed to catch the flaw that led to the malfunction. He said the company has since overhauled its testing procedures. Lawmakers, while praising CrowdStrike’s overall response, raised concerns about the broader vulnerability of critical infrastructure to such failures, citing the potential for exploitation by malicious actors.
Delta Air Lines, one of the companies most affected by the outage, reported losses of $500 million and has initiated legal claims against CrowdStrike and Microsoft. While CrowdStrike has allocated $60 million in credits to affected clients, it disputes Delta’s claims, pointing to the airline’s response during the incident as a contributing factor.
The hearing also touched on concerns about artificial intelligence (AI) in cybersecurity. Meyers clarified that AI had no role in the faulty update, although he acknowledged the growing capabilities of AI in cybersecurity, both in detecting threats and potentially being used for malicious purposes.
Lawmakers emphasized the need for continued collaboration with tech companies to ensure national security and minimize the risks of future large-scale outages. While Meyers faced tough questions, the overall tone of the hearing leaned toward finding solutions to prevent similar incidents, rather than assigning blame.
CrowdStrike continues to face lawsuits from businesses and shareholders affected by the July outage. The company, which serves many of America’s Fortune 1000 companies, has lost significant market value since the incident.
The New York Times, BBC, the Guardian, and CBS News contributed to this report.
