News: 0174576982

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

House Committee Calls On CrowdStrike CEO To Testify On Global Outage (theverge.com)

(Tuesday July 23, 2024 @11:30PM (BeauHD) from the get-your-popcorn-ready dept.)


According to the [1]Washington Post (paywalled), the House Homeland Security Committee has [2]called on the CrowdStrike CEO to testify over the major outage that brought flights, hospital procedures, and broadcasters to a halt on Friday. The outage was [3]caused by a defective software update from the company that primarily [4]affected computers runnings Windows, resulting in system crashes and " [5]blue screen of death" errors . From the report:

> Republican leaders of the House Homeland Security Committee demanded that CrowdStrike CEO George Kurtz commit by Wednesday to appearing on Capitol Hill to explain how the outages occurred and what "mitigation steps" the company is taking to prevent future episodes. [...] Reps. Mark Green (R-Tenn.) and Andrew R. Garbarino (R-N.Y.), chairs of the Homeland Security Committee and its cybersecurity subcommittee, respectively, [6]wrote in their letter that the outages "must serve as a broader warning about the national security risks associated with network dependency. Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again," the lawmakers wrote. CrowdStrike spokesperson Kirsten Speas said in an emailed statement Monday that the company is "actively in contact" with the relevant congressional committees and that "engagement timelines may be disclosed at Members' discretion," but declined to say whether Kurtz will testify.

>

> The committee is one of several looking into the incident, with members of the House Oversight Committee and House Energy and Commerce Committee separately requesting briefings from CrowdStrike. But the effort by Homeland Security Committee leaders marks the first time the company is being publicly summoned to testify about its role in the disruptions. CrowdStrike has risen to prominence as a major security provider partly by identifying malicious online campaigns by foreign actors, but the outages have heightened concern in Washington that international adversaries could look to exploit future incidents. "Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely," Green and Garbarino wrote. The outages, which disrupted agencies at the federal and state level, are also raising questions about how much businesses and government officials alike have come to rely on Microsoft products for their daily operations.



[1] https://www.washingtonpost.com/technology/2024/07/22/house-committee-calls-crowdstrike-ceo-testify-global-outage/

[2] https://www.theverge.com/2024/7/22/24203984/crowdstrike-ceo-testimony-house-homeland-security-outage

[3] https://it.slashdot.org/story/24/07/19/0943232/global-it-outage-linked-to-crowdstrike-update-disrupts-businesses

[4] https://tech.slashdot.org/story/24/07/21/2043240/microsoft-releases-recovery-tool-for-windows-machines-hit-by-crowdstrike-issue

[5] https://it.slashdot.org/story/24/07/19/1522230/to-fix-crowdstrike-blue-screen-of-death-simply-reboot-15-straight-times-microsoft-says

[6] https://www.washingtonpost.com/documents/a7c77598-1c7f-4a6e-b717-a0790f621bd0.pdf?itid=lk_inline_manual_11



Ooh, another two hours of political grandstanding! (Score:5, Insightful)

by supremebob ( 574732 )

I'm sure that this will be SUPER helpful to resolve the problem, just like the congressional hearings were against Facebook were a few years ago.

Crowdstrike will probably need to make a few well timed "campaign donations" to help smooth things over, though.

Re:Ooh, another two hours of political grandstandi (Score:4, Insightful)

by dohzer ( 867770 )

I can't wait to see the confused faces. No one at the hearing will understand anything about the technology.

Re: Ooh, another two hours of political grandstand (Score:2)

by ahoffer0 ( 1372847 )

When someone is hauled in for a congressional hearing, it means the person will publically pilloried. It also means Congress won't take any legal action.

Re: (Score:2)

by jacks smirking reven ( 909048 )

I've been thinking about that, in this case what would the crime be? Did they violate some sort of security law or some type of gross negligence to the management?

I imagine there is a US Attorney or two sorting that out now.

Re: (Score:2)

by HiThere ( 15173 )

Probably no crminal issues...but likely a bunch of civil issues. Even if you can show gross negligence (probable given that it was reported by someone testing on Debian a month ago), I don't think that's going to be criminal.

Re: (Score:2)

by organgtool ( 966989 )

You're absolutely right. I call these hearings Congressional Dog and Pony shows. In saner times, these were fact-finding missions that would demonstrate gaps in our laws which Congress could then attempt to close with new legislation. Nowadays, it's just a way for elites in the public sector to look tough against their counterparts in the private sector in order to placate the plebs while avoiding actually holding their fellow elites accountable. They'll deliver their zingers and "give em the business",

Re: (Score:2)

by jacks smirking reven ( 909048 )

What's the problem and the resolution and why wouldn't these hearings have some part to play in that? Why not define those otherwise we're just spinning wheels.

I personally want to see these people grilled a little bit even if it's from politicians. Don't we want these people to answer questions and not just press releases and softball SV podcasts?

Who else is gonna do it?

It's a private business (Score:1)

by OrangeTide ( 124937 )

Why is the government involved in the affairs of private industry. Are we shifting towards Communism? *clutches pearls*

Re: (Score:3)

by NotEmmanuelGoldstein ( 6423622 )

> ... how much businesses and government ...

We need corporate growth and corporate profits: That is, until it fucks-up everybody's day. Won''t someone please think of the Big Macs that weren't sold and the spyware that couldn't surveil?

> ... towards Communism?

Ah, yes, punishing a corporation must be Communism and must be stopped: I, for one, welcome our totalitarian, oligopolistic overlords. All jesting aside, it is the purpose of government to prevent failures of private systems. It is their job to regulate businesses to provide a stable and predictable service.

Re: (Score:2)

by quonset ( 4839537 )

> Why is the government involved in the affairs of private industry. Are we shifting towards Communism? *clutches pearls*

When the affairs of private industry affect national operations such as air travel and hospitals, the government gets involved. Since no one, that we know of, has been fired for this screw up, this is the next best thing to put people in the hot seat.

Re: (Score:2)

by Luthair ( 847766 )

Maybe the focus ought to be on antitrust enforcement so one company doesn't dominate the industry and have the ability to break such a large number of businesses simultaenously.

Re: (Score:2)

by Brain-Fu ( 1274756 )

Regulation is not the same thing as Communism. It isn't even a step towards Communism. They are completely different things.

If the government was claiming ownership of Crowdstrike, so that it would no longer be a private business, THAT might be a step towards Communism (which has the distinguishing characteristic of government ownership of the means of production). Whereas regulation, (especially of monopolies, and sometimes including breaking up monopolies into smaller businesses) is fully compatible wi

Re: (Score:2)

by HiThere ( 15173 )

I think Poe's law should be considered here. I read the GPs comments as sarcasm.

What network? (Score:2)

by bferrell ( 253291 )

"must serve as a broader warning about the national security risks associated with network dependency."

The only network involved was the networks used to distribute this bit of garbage...

To err is human. To really screw up, use a computer and to to make it an utter cockup... network them.

Re: (Score:2)

by supremebob ( 574732 )

Shhh.... If you help them figure out that their argument is bogus ahead of time, we might miss out on another "Series Of Tubes" style speech from our congresscritters. That one gave us memes for years!

Re: (Score:2)

by bferrell ( 253291 )

Oh!!! Oh!!!

Can I mod this up?

What About Microsoft? (Score:4)

by WankerWeasel ( 875277 )

Seems Microsoft's CEO should be there to explain why their OS is completely dependent on a 3rd party offering and they didn't even have a workaround. It was only many hours later that they offered, "MAYBE restarting 15 times will let your boot. Maybe. We're just hearing from some users that it might work."

Re:What About Microsoft? (Score:5, Insightful)

by lsllll ( 830002 )

Come again? What do you mean "they didn't even have a workaround"? First of all, why is it their responsibility to even have a workaround if YOU install some 3rd party software and give it low level access to everything on the computer? Secondly, they DID have a workaround. Boot the computer into safemode and delete the offending file. Can't boot into safemode because you forgot your bitlocker key? That's on YOU! I really don't understand why anybody thinks this was Microsoft's fault. The same thing could easily have happened on Linux. You know, CS has a client for Linux, too, don't you? The fact that you could have booted into single-user mode and deleted the file is basically the same thing as going into safe mode in Windows. Throwing in the complexities brought in by bitlocker is muddying the water.

Re: (Score:3)

by Brownstar ( 139242 )

> Seems Microsoft's CEO should be there to explain why their OS is completely dependent on a 3rd party offering

Because DOJ told them to foster independent software development for windows to allow customer choice. Primarily by avoiding bundling of useful system level things like this.

And those customers chose to use windows servers, and crowdstrike falcon software.

Re: (Score:2)

by drinkypoo ( 153816 )

What I want to know from Microsoft is not any of what you said, although one thing was close. If Clownstroke's representative can't tell us why their software sometimes worked on the fifteenth try, then I am adamant about wanting to know from Microsoft's what the answer to the same question might possibly be.

Re: (Score:2)

by gweihir ( 88907 )

> Clownstroke

Hahaha, excellent! I hope you do not mind if I borrow that one.

Nothing will come out of it (Score:5, Interesting)

by lsllll ( 830002 )

I hate how congress operates, Republicans and Democrats both. And nothing will really come out of this other than some grilling, but I personally would like to know how something like this, where an "update" that breaks almost every machine it's installed on and should have been tested, got through a quality control check and out the door at a company that's publicly traded. Perhaps someone will realize that corporations are profiting hand over fist while consumers get screwed.

On a personal note, I'd like Crowdstrike to fry as I hate the idea of what they do and how companies and universities just gobble up the shit they hear from CS salespersons without taking issues like this into account. My personal experience with Crowdstrike was when my SQL Server cluster was to have CS installed on it. I fought tooth and nail against it because the only ports that were open on the server were RDP and 1433 for SQL Server and the server was already receiving automated Microsoft patches, but I lost that battle and CS was installed nevertheless. And that cluster was down for 11 hours last Friday.

Blame the operator (Score:2)

by khchung ( 462899 )

I can already see how the CEO will put the blame on "operator error", and promise "it will not happen again", then it is back to BAU.

Re: (Score:2)

by gweihir ( 88907 )

MicroShit already claimed that the EU was at fault. Clownstroke can do the same.

George Kurtz has a history with Windows (Score:4, Insightful)

by radarskiy ( 2874255 )

In 2010, McAfee quarantined svchost.exe rendering Windows unbootable. The CTO of McAfee at the time was... George Kurtz, CEO and co-founder of CrowdStrike.

The problem that we thought was a problem was, indeed, a problem, but
not the problem we thought was the problem.
-- Mike Smith