Sign Up
..... Connect Australia with the world.
Categories

Posted: 2024-09-25 00:21:07

Artificial intelligence was not responsible for any part of CrowdStrike's global IT outage, the company's vice-president has told a Homeland Security committee.

The cybersecurity technology company's Adam Meyers told a US House of Representatives subcommittee he was "deeply sorry" for the meltdown.

The July 19 tech outage wreaked havoc on systems around the world, bringing airports, banks, supermarkets, health systems and more to a standstill.

Microsoft has estimated about 8.5 million Windows systems around the world went down following a defective CrowdStrike software update.

Mr Meyers, reading from a prepared statement released prior to the hearing, said the company was "determined to prevent it from happening again".

"I can assure you that we continue to approach this with a great sense of urgency," he said.

"More broadly, I want to underscore that this was not a cyber attack from foreign threat actors."

Asked whether any AI tool had been responsible for pushing out the faulty tool, Mr Meyers noted CrowdStrike released 10 to 12 updates daily.

"AI was not responsible for making any decision in that process," he said.

"The updates were distributed to all customers in one session. We have since revised that."

The widespread outage has been linked to CrowdStrike's Falcon sensor software.

When the update rolled out, the Falcon system was expected to have 20 input fields to check for a potential problem.

Instead, the update had 21 input fields.

This single "count mismatch" caused the meltdown, according to CrowdStrike's report, triggering "the Blue Screen of Death".

"If you think about a chessboard trying to move a chess piece to someplace where there's no square, that's effectively what happened inside the sensor," Mr Meyers told the committee.

"This was kind of a perfect storm of issues that resulted in the sensor failure." 

Mr Meyers said CrowdStrike had shifted from a global rollout process to a system of "concentric rings".

"Customers can select to be part of the early adopters program, where they can choose to receive content updates as quickly as make them available," he said.

"From there … it's general availability, and then they can select to wait a period of time to receive those updates [or] choose not to receive them as well."

The House's Homeland Security committee chairman, Congressman Mark Green, said the outage was "a catastrophe that we would expect to see in a movie". 

"It's something that we would expect to be carefully executed by malicious and sophisticated nation-state actors," he said.

"To add insult to injury, the largest IT outage in history was due to a mistake. 

"Mistakes happen. However, we cannot allow a mistake of this magnitude to happen again." 

He said it was important to national security that the partnership between public and private companies was working to safeguard networks. 

"You can bet that [US adversaries] are watching us right now," he added.

Mr Meyers was asked to "give a picture of the threat environment" as the November US election approaches.

He told the committee Iran, China "and others" had continued to target the election.

"Espionage continues to be the primary motivator for countries like China and Russia," he said.

"We have seen certainly in the past that these adversaries have stolen sensitive information and leaked [it].

"We also see a rich array of misinformation and disinformation occurring as a result of foreign adversaries using social media … to drive narratives that are supportive to their agendas."

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above