CrowdStrike senior executive Adam Meyers publicly apologised on Tuesday during a US congressional committee hearing, as he answered questions regarding the global IT outage that disabled millions of PCs on 19 July.
Adam Meyers expressed that the firm was “deeply sorry” for the outage that affected millions of people and is “determined to prevent it from happening again”.
On 19 July, a faulty software update issued by the security giant resulted in a massive overnight outage that affected Windows computers worldwide, disrupting businesses, airports, train stations, banks, broadcasters, and the healthcare sector.
Lawmakers on the House of Representatives cybersecurity subcommittee questioned Meyers on how the incident occurred.
“A global IT outage that impacts every sector of the economy is a catastrophe that we would expect to see in a movie,” said Chairman of the House Homeland Security Committee, Mark Green, in his opening remarks.
The Tennessee representative compared the far-reaching impact of CrowdStrike’s faulty content update to an attack “we would expect to be carefully executed by a malicious and sophisticated nation-state actor”.
However, “the largest IT outage in history was due to a mistake”, he added.
Meyers emphasised that the company will continue to act and share the ‘lessons learnt’ from the incident to ensure that such an event does not happen again.
The 90-minute hearing saw Meyers answer a series of technical questions, part of which focused on security issues related to CrowdStrike’s software and its access to key parts of global firms’ operating systems and devices.
The Security Committee also enquired about the impact of artificial intelligence on cybersecurity, including possible threats posed by AI and the repercussions new fatal crashes could have globally.
Lawmakers on the Committee also shared concerns about the impact large-scale cyber events could have on national security, amid fears of exploitation by bad actors trying to capitalise on their disastrous impacts and the general panic they would widely spread.
Questioned on artificial intelligence’s current potential to write malicious code, Meyers said he thought the technology was not “there yet” but added that it “gets better” every day.
He also stated that AI used by CrowdStrike to detect threats to systems was not the factor responsible for the fatal update that crashed computers worldwide.
Commenting on the hearing, Congressman Eric Swalwell said the committee had not gathered to “malign” the firm, with Congressman Green adding that Meyers showed an “impressive” degree of humility.
CrowdStrike is still facing multiple lawsuits following the July outage. Airline company Delta has accused CrowdStrike of “negligence”, claiming to have lost $500 million due to the outage, which caused thousands of flight cancellations.
CrowdStrike’s shareholders have also filed a class action lawsuit against the software company, accusing the firm of making “false and misleading statements” about its software testing procedures.