A CrowdStrike executive testifying before U.S. representatives on Tuesday issued a formal apology for the global IT outage caused by a faulty update that affected airlines, hospitals and even government agency data access in July. He also laid out changes CrowdStrike has made to its content updates.
Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, apologized on behalf of the company during Tuesday's hearing, held by the House Subcommittee on Cybersecurity and Infrastructure Protection. Meyers said the company is "deeply sorry" and determined to prevent a similar incident from happening again.
"Just over two months ago, on July 19, we let our customers down," Meyers said. "CrowdStrike was in the process of updating our customers on a new threat and released a content configuration update for the Windows sensor that did not work as expected. This resulted in Microsoft system crashes for a number of our users."
Meyers clarified that the global IT outage was not caused by a cyberattack, but rather by the CrowdStrike rapid response content update focused on addressing new threats. CrowdStrike is a global cybersecurity firm.
We've endeavored to be transparent about what happened, and are committed to learning from what took place.
Adam MeyersSenior vice president of counter adversary operations, CrowdStrike
"We've endeavored to be transparent about what happened and are committed to learning from what took place," he said. "We've undertaken a full review of our systems and are implementing plans to bolster our content update procedures so that we emerge from this experience as a stronger company."
CrowdStrike changes its content updates
CrowdStrike released 10 to 12 content updates every day as part of its standard operating procedure prior to the July outage. Updates would be distributed to all customers simultaneously, a process Meyers said CrowdStrike has changed to avoid the issue happening again.
Content updates are now treated like code updates, which go through internal testing procedures and a phased implementation, Meyers said.
He described the new process as a "system of concentric rings." First, there is an initial internal release process for content updates. Second, customers can choose to participate in the early adopter program and receive content updates as quickly as CrowdStrike makes them available. Third, customers can select general availability, which makes updates available later than when early adopters would receive them. Finally, customers can choose not to adopt an update or wait to update.
Meyers said updates provide the most current threat intelligence information, meaning early adopters would get that information before the other levels. He reiterated that customers now have the choice to wait on updates, something they didn't have before.
"That comes, of course, with the risk that they're not getting the most up-to-date threat intelligence information provided to their system," he said.
Rep. Mark Green (R-Tenn.), chairman of the House Committee on Homeland Security, clarified during the hearing that CrowdStrike is no longer doing updates simultaneously and universally, to which Meyers agreed.
"That's huge, and I think would've prevented what happened from happening," Green said.
Makenzie Holland is a senior news writer covering big tech and federal regulation. Prior to joining TechTarget Editorial, she was a general assignment reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.
