A congressional committee on Monday called for testimony from the chief executive of the security company that made the botched update that caused Friday’s widespread computer outage, according to a letter provided exclusively to The Washington Post, deepening lawmakers’ investigation into the incident.
Republican leadership of the House Homeland Security Committee has demanded that CrowdStrike CEO George Kurtz appear before Congress by Wednesday to explain how the outage happened and what “mitigation steps” the company is taking to prevent it from happening again in the future.
Kurtz Check on Friday A flawed content update distributed to Windows users caused outages that disrupted businesses and governments around the world. The error forced airlines to ground thousands of flights and disrupted emergency services such as 911 call lines. Microsoft estimates that 8.5 million Windows devices were affected.
The global financial crisis is forcing regulators and lawmakers to confront the extent to which the global economy and critical infrastructure depend on a small number of software services.
Kurtz stated X in his post on Friday. The company said the outage was not the result of a “security or cyber incident” and that it had subsequently released a fix.
Get caught up in
Stories to keep you up to date
Rep. Mark Green (R-Tenn.), chairman of the Homeland Security Committee, and Rep. Andrew R. Garbarino (R-N.Y.), chairman of the Cybersecurity Subcommittee, wrote in the letter that the outage “should serve as a broader warning about the national security risks associated with network dependency.”
“To protect our critical infrastructure, we must learn from this incident and ensure it never happens again,” the lawmakers wrote.
CrowdStrike spokeswoman Kirsten Spiess said in an emailed statement on Monday that the company is “actively in contact” with relevant congressional committees and that “a timeline of involvement may be made public at the discretion of lawmakers,” but declined to say whether Kurtz would testify.
The committee is one of several investigating the incident — members of the House Oversight and Energy and Commerce committees have each called CrowdStrike to account — but the effort by Homeland Security committee leaders marks the first time the company has been publicly subpoenaed to testify about its role in the sabotage.
CrowdStrike has built a reputation as a leading security provider, including identifying malicious online campaigns carried out by foreign attackers, but the outage has raised concerns in Washington that future incidents could be exploited by international adversaries.
“Malicious cyber actors, including those backed by nation-states such as China and Russia, are closely monitoring our response to this incident,” Green and Garbarino wrote.
The outage, which has caused chaos at federal and state levels, is also raising questions about how much businesses and government officials rely on Microsoft products in their daily work.
“These cases show how concentration creates a fragile system,” Rep. Lina Khan (D-Ore.), chair of the Federal Trade Commission, which is investigating the consolidation of cloud computing services, said in a post on X on Friday.
In a written statement to The Washington Post, Microsoft spokeswoman Kate Frischmann said the impact of the outage would be “defined by the impact of CrowdStrike, not by Microsoft.”
Many security companies occupy privileged positions within the Windows structure, empowering them to block attacks more effectively and quickly. But it also means that if one of those companies makes a mistake, it could have immediate and severe consequences for Windows users. Apple no longer gives other software providers such deep access. Microsoft spokesman Frank Shaw said that because of an agreement reached with European antitrust authorities in 2009, Microsoft must give security companies the same power over its own security products.
Editor’s Note
An earlier version of this article was accidentally published earlier than intended.
Joseph Meng contributed to this report.
