In a letter Monday, the House Committee on Homeland Security demanded more transparency from CrowdStrike CEO George Kurtz after major global outages were triggered by a "defect" in a recent update to CrowdStrike's Falcon Sensor software.
Considered by some to be "the largest IT outage in history," the issue delayed or canceled thousands of flights, disabled emergency calls, postponed surgeries, and impacted banks, committee chairman Mark Green (R-Tenn.) and Subcommittee on Cybersecurity and Infrastructure Protection chairman Andrew Garbarino (R-NY) wrote in the letter.
"In less than one day, we have seen major impacts to key functions of the global economy, including aviation, healthcare, banking, media, and emergency services," their letter said. "Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking."
CrowdStrike may not be widely known to everyday consumers, but as The New York Times noted, it is the second largest American cybersecurity company, used by more than half of Fortune 500 companies. Responding quickly to fix the software defect, CrowdStrike has rushed to reassure its global customer base, explaining how it's accelerating remediations and creating a continually updated "guidance hub" where customers can keep up with the latest fixes and monitor emerging security risks.
But even supposedly "easy" fixes have caused major lags, requiring customers to reboot systems repeatedly or manually delete defective files from computers one by one. The House committee worried labor shortages might cause more repair delays and asked Kurtz to fully explain the next steps for CrowdStrike and warning that any further delays "could seriously affect Americans."
"Although a solution for this faulty software update has been identified, reporting indicates that it could take days to resolve this incident and millions of manual labor hours—something that is all the more challenging to address due to our significant cyber workforce shortage," their letter said.
So far, CrowdStrike has taken steps to be transparent about security risks, alerting customers about threat actors who actually leveraged the bug "to distribute a malicious ZIP archive." These attacks seemingly targeted Latin America-based CrowdStrike customers, using Spanish filenames and instructions within the ZIP archive, CrowdStrike warned. But CrowdStrike has claimed it is equipped to combat security risks as they're detected, writing in the guidance hub that its "team is fully mobilized to ensure the security and stability of CrowdStrike customers."
For customers still concerned about vulnerabilities, however, CrowdStrike has recommended that all communications with CrowdStrike remain only in official channels to avoid malicious activity.
"We know that adversaries and bad actors will try to exploit events like this," Kurtz said in a statement provided in the guidance hub. "I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates."
Although the House committee told CrowdStrike that it appreciated "CrowdStrike’s response and coordination with stakeholders," lawmakers remain concerned about the "global scale of this incident." And while they're relieved the issue didn't spring from a cyberattack, they also remain concerned about national security precisely because bad actors "have already seized the moment and sought to exploit the vulnerability."
"Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again," their letter said. "This incident must serve as a broader warning about the national security risks associated with network dependency."
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.