News

Congress Calls for Tech Outage Hearing to Grill CrowdStrike C.E.O.

A Congressional committee called on the chief executive of CrowdStrike to testify at a hearing about its role in a tech outage that roiled the global economy, in one of the first attempts to hold the cybersecurity company responsible.

CrowdStrike sent a faulty security update to its customers Thursday night, resulting in millions of Microsoft Windows devices shutting down and disruptions to airlines, hospitals, logistics companies and others.

Americans “deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking,” wrote Representative Mark Green of Tennessee, the Republican chairman of the Homeland Security Committee, and Representative Andrew Garbarino, Republican of New York.

The letter was sent to George Kurtz, CrowdStrike’s chief executive. Mr. Green and Mr. Garbarino asked the company for a response to scheduling the hearing this week, but did not specify when it would take place.

“CrowdStrike is actively in contact with relevant congressional committees,” said a company spokeswoman. “Briefings and other engagement timelines may be disclosed at members’ discretion.”

The request came as the world continued to deal with the fallout from the widespread outages. Delta Air Lines canceled more than 800 flights on Monday, leaving more passengers stranded. And other industries were still recovering after being knocked offline for hours.

The outage underscores how the world has become reliant on a small group of companies to maintain its digital infrastructure. CrowdStrike, while little-known to most consumers, is the second largest American cybersecurity company. More than half of Fortune 500 companies use its products.

“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers,” said a Microsoft executive, David Weston, in a blog post on Saturday. “It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist.”

CrowdStrike’s products are used primarily by large businesses, not consumers. Its flawed update sent computers running Microsoft’s Windows operating system into a spiral where they continually rebooted. Although CrowdStrike sent a fix, many computers didn’t get it because of the loop. In many cases, businesses had to delete the damaging file from each machine manually.

Mr. Kurtz on Friday told NBC’s “Today” show that the incident was not a cyberattack and was the result of the faulty update. But the congressional committee said in its letter to Mr. Kurtz on Monday said that the incident still presented vexing security questions.

“Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely,” the lawmakers said. “Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again.”

Representative Ritchie Torres, Democrat of New York, on Friday also asked the Department of Homeland Security to investigate the outages.

Back to top button