Congressional Hearing On CrowdStrike Outage Scheduled For September

CrowdStrike’s Adam Meyers is slated to testify before a subcommittee of the House Homeland Security Committee on Sept. 24.

The U.S. House Homeland Security committee has scheduled a hearing for late September over the massive IT outage caused by CrowdStrike’s faulty July 19 update, which will include testimony from a top executive at the cybersecurity vendor.

Adam Meyers, senior vice president of Counter Adversary Operations at CrowdStrike, will testify during the Sept. 24 House Homeland Security hearing. The hearing will be held by the subcommittee on Cybersecurity and Infrastructure Protection, and has been titled “An Outage Strikes: Assessing the Global Impact of CrowdStrike’s Faulty Software Update.”

CRN has reached out to CrowdStrike for comment.

The July 19 outage, which had lingering impacts for much of the following week, saw 8.5 million Windows devices suffer the “blue screen of death” and become inoperable until they were fixed manually by an IT professional.

The societal impacts were widely felt—with major disruptions to air travel, health care, banking and many other sectors—and estimates have suggested the costs to major corporations will reach into the billions of dollars.

CrowdStrike has pledged to do additional testing and deploy staged rollouts of updates to prevent the recurrence of such issues in the future.

In a news release announcing the hearing Friday, Rep. Mark Green, chairman of the House Homeland Security Committee, noted that the outage had a “significant impact” that affected both Americans and “critical sectors of the economy.”

“We must restore confidence in the IT that underpins the services Americans depend on daily,” Green said in the statement. The outage, he said, also “reinforces how growing reliance on interconnected IT systems has expanded the risk surface.”

Americans will “undoubtedly feel the lasting, real-world consequences of this incident for some time [and] deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking to avoid the cascading impacts of outages like this across sectors,” Green said.

U.S. Rep. Andrew Garbarino, chairman of the Cybersecurity and Infrastructure Protection subcommittee, called the hearing “an important opportunity to learn more about what steps the company has taken in the aftermath of the outage to ensure it doesn’t happen again.”

The hearing has been scheduled for Sept. 24 from 2 p.m. to 5 p.m., EDT, and will be livestreamed on YouTube.

The scheduling of the hearing comes after CrowdStrike disclosed results for its second fiscal quarter, which ended July 31 and showed that the company still managed to exceed analyst expectations for the quarter despite the outage.

Even with delays to multiple deals in connection with the incident, CrowdStrike’s revenue for the quarter climbed 32 percent from the same period a year earlier, reaching $963.9 million and coming in about $5 million above the analyst consensus estimate.

During the company’s quarterly call with analysts Wednesday, CrowdStrike CEO George Kurtz apologized for the outage and thanking partners and customers for their “continued trust” and efforts in recovering from the incident, while also outlining the steps that CrowdStrike has taken to prevent a recurrence of this type of issue.

Ultimately, Kurtz said Wednesday, “the days following the incident were among the most challenging in my career — because I deeply felt what our customers experienced.”

During the quarterly call, CrowdStrike executives did not directly discuss specific litigation over the outage, such as the probable lawsuit from hard-hit Delta Airlines and several proposed class-action suits. CrowdStrike CFO Burt Podbere did generally address the legal ramifications of the incident, noting that “the outcome of litigation is inherently difficult to predict, particularly in the early stages.”

“It is still too early for us to estimate any potential legal exposure we may have at this time,” he said during the quarterly call Wednesday.

However, CrowdStrike’s customer agreements, Podbere said, “contain provisions limiting our liability, and we maintain insurance policies intended to mitigate the potential impact of certain claims and have a strong cash position.”

While Delta CEO Ed Bastian has said the airline lost $500 million over five days following the outage, both CrowdStrike and Microsoft have accused Delta of ignoring multiple offers to help with recovery from the outage.