DOD ‘monitoring’ networks in wake of CrowdStrike outage
Some Pentagon components appear to be unaffected by outages to Microsoft systems caused by a faulty update to CrowdStrike’s Falcon security software, but the Department of Defense says it is still closely watching its IT systems in the meantime.
“DoD is aware of the reporting and personnel are monitoring our networks for possible impacts. For operational security reasons, we do not comment on the status of our network operations, information systems or operations to assess cyber threats,” a department spokesperson told DefenseScoop in an email.
U.S. Cyber Command gave DefenseScoop the same statement as the Office of the Secretary of Defense.
A software update from cybersecurity software company CrowdStrike has caused outages for thousands of Microsoft Windows users worldwide, with banks, airports, health care organizations and several other industry sectors reporting disruptions in operations as a result. CrowdStrike CEO George Kurtz posted a message on X on Friday that the outages were not the result of a cyberattack.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” Kurtz wrote. “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
Several DOD components use Microsoft Windows products for cloud storage, cybersecurity and other administrative and IT services — including Microsoft 365, Power BI, Microsoft Defender for Endpoint and Microsoft’s Azure cloud. A company status page noted that Microsoft 365 admin center and Power BI may currently be impacted by the outage, and that Microsoft Defender for Endpoint and others have already recovered.
The Department of the Navy’s public affairs office noted that the DON “does not discuss the service’s networks” due to security reasons, but DefenseScoop has learned the Navy and Marine Corps are not reporting any interruptions to services at this time. Officials from the Department of the Air Force and the Department of the Army have not yet responded to DefenseScoop’s queries.
Separately, a Defense Health Agency spokesperson said the organization “does not utilize the affected software and no issues have been reported.” The Pentagon Inspector General’s Office and U.S. Transportation Command also reported no issues related to the CrowdStrike outage.
Speaking at the Aspen Security Forum on Friday, Chairman of the Joint Chiefs of Staff Gen. Charles “CQ” Brown said he’s been told there’s currently “no impact” on U.S. military operations.
“I was made aware of the situation on the airplane flying back to the United States [from an overseas trip]. For all reports I have right now, no impact on DOD operations. But I will also share with you, I mean this just gives you an indication of, you know, how important cybersecurity, how we use our software, how we use our tools is important and the things that we do, particularly in DOD to protect our capabilities to ensure that we can still protect the nation even when you have a — whether it’s a glitch or an attack — that we be best postured to be able to support,” he said.
“We all know how dependent we are all on cyber and the tools that it provides for us just to make our day-to-day lives easier. But when you have something like this, this should be a reminder to us of why it’s important to, you know, from a cybersecurity piece, not only at the governmental level but all the way down to your local homes, to protect ourselves and be best postured. Because, you know, I’m sure our adversaries are looking at this as a way to, I would say, put sand into gears if we’re trying to generate combat power to go to respond for — to a crisis anywhere around the world,” he added.
Mark Pomerleau and Jon Harper contributed to this story.
Updated on July 19, 2024, at 1:35 PM: This story has been updated to include comments from Gen. Charles “CQ” Brown.