July 22, 2024
CrowdStrike issues grovelling apology after global chaos The chief security officer of CrowdStrike has issued a grovelling apology after a faulty software update knocked out 8.5 million computers globally, telling customers "we failed".
Governments and businesses on Monday were scrambling to restore systems to full capacity after an automatic update of the threat detection Falcon sensor inadvertently wiped out the computers of hospitals, media companies and banks.
Chief security officer Shawn Henry said the Texas-based cybersecurity company "failed" its customers and partners, describing the global systems outage as a "gut punch".
"The past two days have been the most challenging 48 hours for me over 12 plus years," said Mr Henry, a former Federal Bureau of Investigations officer.
"The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch.
"But this pales in comparison to the pain we've caused our customers and our partners. We let down the very people we committed to protect, and to say we're devastated is a huge understatement."
Mr Henry said he and CrowdStrike were taking the outage "personally" and said thousands of team members had been working 24/7 to restore customer systems.
"The days have been long and the nights have been short, and that will continue for the immediate future," he said.
"But that is part of the promise we made to all of you when you put your trust and protection in our hands."
CrowdStrike has yet to explain why the automatic update immobilised millions of computers and left users worldwide staring at the Microsoft "blue screen of death" as the company did a root cause analysis to determine what exactly went wrong.
Shadow cybersecurity minister James Paterson said the outage highlighted real issues with the resilience of the digitally connected economy.
"Businesses supplying essential services must do more to ensure they have redundancies in place if their primary IT systems go offline for any reason," he said.
"This time it was human error. Next time it could be someone acting with malign intent.
"We can't afford for our economy and society to ground to a halt if that happens."
Australian Information Security Association chair Akash Mittal said it was important to wait for the company's full explanation instead of speculating.
"A lot of people have realised how much (the CrowdStrike outage) underscores our reliance in the modern interconnected world on technology and highlights the need to have robust measures in place to maintain operations."
Home Affairs Minister Claire O'Neil warned scammers may attempt to exploit the chaos as impacted sectors are restored.
"People need to be wary of unexpected calls, text messages and emails claiming to be offering help." The confidence we built in drips over the years was lost in buckets within hours. Shawn Henry
