CrowdStrike CEO summoned to explain epic fail to US Homeland Security committee
Boss faces grilling before Congress over disastrous software snafu
The US House Committee on Homeland Security has requested public testimony from CrowdStrike CEO George Kurtz in the wake of the chaos caused by a faulty update.
Mark E Green, Chairman of the Committee on Homeland Security, and Andrew R Garbarino, Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection, signed the letter.
Kurtz has been asked to show up before 1700 ET on July 24 for a hearing. We hope he's not flying Delta to Washington DC, as the US airline has canceled more than 5,000 flights since Friday as a result of CrowdStrike's update file crashing Windows systems.
The committee letter reads: "We cannot ignore the magnitude of this incident, which some have claimed is the largest IT outage in history. In less than one day, we have seen major impacts to key functions of the global economy, including aviation, healthcare, banking, media, and emergency services."
The full impact of the outage has yet to be determined and may never be. Green and Garbarino listed the thousands of commercial flights cancelled in the US alone, disruptions to emergency call centers, and surgery cancellations as among the consequences of the broken update.
- EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
- CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes
- CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear
- Cybercriminals quickly exploit CrowdStrike chaos
While expressing relief that the chaos was not the result of a cyberattack, the chairmen noted: "This incident must serve as a broader warning about the national security risks associated with network dependency. Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely."
"Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking."
While the letter is a request for Kurtz to show up for questions, he could also be subpoenaed to provide testimony. The Register asked CrowdStrike if its CEO planned to put in an appearance.
Kevin Benacci, Senior Director, Corporate Communications, CrowdStrike, told us: "CrowdStrike is actively in contact with relevant Congressional Committees. Briefings and other engagement timelines may be disclosed at Members' discretion."
Kurtz said on Twitter X on July 19: "As this incident is resolved, you have my commitment to provide full transparency on how this occurred and the steps we're taking to prevent anything like this from happening again."
The incident was caused by a malware signature update issued by CrowdStrike, which resulted in its Falcon software crashing on Windows.
The software runs at a low level within the Windows kernel, resulting in Windows crashing with a Blue Screen of Death every time it boots.
According to figures from Gartner, CrowdStrike had an Endpoint Protection Platform market share of 14.7 percent in 2023, second only to Microsoft's 40.2 percent. As such, the update was able to wreak havoc around the globe on millions of Windows devices. ®