CrowdStrike, the global cybersecurity company that has drawn the ire of companies across the world, has apologized for its role in the huge IT outage that left millions of people disconnected recently.
The outage, which happened in July, had widespread effects on a number of large corporations across the world, including major airlines, which had to ground flights as a result.
This week, one of the company’s senior executives, Adams Meyers, sat for testimony in front of a committee of Congress to answer questions about what happened when the faulty software update his company sent out disabled millions of PCs around the world.
In addition to grounded flights, payment services were knocked offline, and some hospitals even had to delay operations and cancel appointments.
During the testimony, Meyers said the company was “deeply sorry” for the mistake and is “determined to prevent it from happening again.” He said that incident was the result of a “perfect storm.”
Members of the House Cybersecurity Subcommittee wanted to know how the issue happened at all.
In opening remarks at the hearing, Mark Green, the chairman of the Homeland Security Committee in the House, said:
“A global IT outage that impacts every sector of the economy is a catastrophe that we would expect to see in a movie.”
He then compared the impact that the outage had to an attack “we would expect to be carefully executed by a malicious and sophisticated nation-state actor. … [Instead] the largest IT outage in history was due to a mistake.”
Meyers said his company was dedicated to sharing and acting on the “lessons learned” from the outage to ensure nothing like this would happen in the future.
Many of the questions that were directed Meyers’ way focused more on artificial intelligence and what impact it might have on cybersecurity. Representative Carlos Gimenez, for instance, questioned Meyers about whether AI could write malicious code.
Meyers responded that he believed that AI was “not there yet,” but did say that it “gets better” every day.
He also emphasized that the AI technology that CrowdStrike uses to detect different threats to their systems wasn’t the culprit of the erroneous update being sent out in July that crashed those millions of computers.
Meyers added that every day, the company releases up to 12 different new configurations.
BBC News reported that the tone of the hearing wasn’t very attacking or malicious toward Meyers or his company. Instead, lawmakers seemed much more focused on learning what the problem was, and working together to prevent something like this — or something much worse — from happening in the future.
That being said, CrowdStrike certainly isn’t out of the woods. The company is facing lawsuits from businesses and people who were affected by the mass outage in July.
The company’s own shareholders have filed a lawsuit against CrowdStrike, and Delta Airlines passengers have as well.
The major airline said the “negligence” that CrowdStrike displayed ended up costing their company $500 million.