CrowdStrike chief security officer admits ‘we failed’ after global IT outage caused chaos
The chief security officer of CrowdStrike has issued a grovelling apology after a faulty software update knocked out 8.5 million computers globally, telling customers “we failed”.
Governments and businesses on Monday were scrambling to restore systems to full capacity after an automatic update of the threat detection Falcon sensor inadvertently wiped out the computers of hospitals, media companies and banks.
Chief security officer Shawn Henry said the Texas-based cybersecurity company had “failed” its customers and partners, describing the global systems outage as a “gut punch”.
Sign up to The Nightly's newsletters.
Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.
By continuing you agree to our Terms and Privacy Policy.“The past two days have been the most challenging 48 hours for me over 12 plus years,” said Mr Henry, a former Federal Bureau of Investigations officer.
“The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch.
“But this pales in comparison to the pain we’ve caused our customers and our partners. We let down the very people we committed to protect, and to say we’re devastated is a huge understatement.”
Mr Henry said he and CrowdStrike were taking the outage “personally” and said thousands of team members had been working 24/7 to restore customer systems.
“The days have been long and the nights have been short, and that will continue for the immediate future,” he said.
“But that is part of the promise we made to all of you when you put your trust and protection in our hands.”
CrowdStrike has yet to explain why the automatic update immobilized millions of computers and left users worldwide staring at the so-called Microsoft “blue screen of death” as the company performed a root cause analysis to determine what exactly went wrong.
Shadow cyber security minister James Paterson said the outage highlighted real issues with the resilience of the digitally connected economy.
“Businesses supplying essential services must do more to ensure they have redundancies in place if their primary IT systems go offline for any reason,” he said.
“This time it was human error. Next time it could be someone acting with malign intent. We can’t afford for our economy and society to ground to a halt if that happens.”
Australian Information Security Association chief executive officer Akash Mittal said there was a lot of speculation around the cause of the CrowdStrike outage and said it was important to wait for the company to deliver a full explanation.
“A lot of people have realised how much [the CrowdStrike outage] underscores our reliance in the modern interconnected world on technology and highlights the need to have robust measures in place to maintain operations,” he said.
Home Affairs Minister Claire O’Neil on Sunday warned that it could take weeks for impacted sectors to be fully restored and scammers may attempt to exploit the chaos left in the wake of the global outage.
“Scammers are trying to exploit the outages caused by the CrowdStrike technical incident,” she said.
“Be on the lookout for possible scams and phishing attempts.”
“People need to be wary of unexpected calls, text messages and emails claiming to be offering help.”
