July 23, 2024 CrowdStrike CEO George Kurtz has been called to testify before the U.S. House Committee on Homeland Security following a disastrous software update that caused widespread chaos. The update, which resulted in Windows systems crashing globally, has been described as possibly the largest IT outage in history.

Mark E. Green, Chairman of the Committee on Homeland Security, and Andrew R. Garbarino, Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection, issued the request. Kurtz is expected to appear before the committee by 5 PM ET on July 24.

The incident has raised significant concerns about the dependency on networked systems. The committee’s letter highlighted the incident’s impact on critical functions including aviation, healthcare, banking, media, and emergency services. The full extent of the damage is still unknown, but the list of disruptions includes thousands of canceled flights, emergency call center outages, and postponed surgeries.

While the incident was not a cyberattack, it has underscored the potential national security risks posed by network dependencies. Green and Garbarino warned that nation-states like China and Russia are likely observing the response to this incident closely. CrowdStrike’s response to the incident has been under scrutiny. The company’s Falcon software, which runs within the Windows kernel, caused systems to crash with a Blue Screen of Death following a faulty malware signature update.

CrowdStrike holds a significant share of the Endpoint Protection Platform market, second only to Microsoft, which amplified the impact of the malfunction. Kevin Benacci, Senior Director of Corporate Communications at CrowdStrike, stated that the company is in contact with relevant Congressional Committees and that further engagement details may be disclosed at the discretion of committee members.

Kurtz has pledged full transparency and a commitment to preventing future incidents of this nature. The Homeland Security Committee’s hearing aims to understand how the incident occurred and the mitigation steps CrowdStrike is taking to ensure it does not happen again.