An outage caused by a software update distributed by cybersecurity firm CrowdStrike triggered a wave of flight cancellations at several major U.S. airlines – but the disruption was most severe and prolonged at Delta Airlines.
In all, the carrier canceled more than 2,500 flights over a period that stretched from last Friday, when the outage began, into the middle of this week.
The U.S. Department of Transportation opened an investigation into Delta this week over its uniquely severe flight disruptions.
“All airline passengers have the right to be treated fairly,” Transportation Secretary Pete Buttigieg said on Tuesday in a post on X.
People looking for missing bags wait in line to speak with Delta Air Lines baggage in the Delta Air Lines baggage claim area Los Angeles International Airport (LAX), July 24, 2024, in Los Angeles.
Patrick T. Fallon/AFP via Getty Images
In a statement on Tuesday, Delta said it is fully cooperating with the investigation. “Across our operation, Delta teams are working tirelessly to care for and make it right for customers impacted by delays and cancellations as we work to restore the reliable, on-time service they have come to expect from Delta,” the company said.
The company also issued an apology on Wednesday for the outage-related problems.
“Please accept our sincere apologies for the disruption to your recent travel plans caused by a vendor technology outage affecting airlines and companies worldwide,” the airline said in a statement.
“It’s a surprise that a multi-billion-dollar corporation like Delta would allow this to happen,” Henry Harteveldt, a travel industry analyst at Atmosphere Research Group, told ABC News.
“I’m hopeful that the worst is behind us now. While we can breathe a sigh of relief, I think a lot of people are understandably nervous about flying Delta,” Harteveldt added.
Delta did not immediately respond to an ABC News request for comment.
Airline and cybersecurity experts spoke to ABC News about what made the CrowdStrike outage so disruptive, and why it took days for Delta to resume normal service.
What made the CrowdStrike outage so disruptive for Delta?
The CrowdStrike outage was so impactful because of the severity of the IT failure and the scale of its reach within the internal operating systems at Delta, experts told ABC News.
“For a company such as Delta, they rely on countless partner services for everything from scheduling pilots and planes to providing meal service and snacks to allowing customers to select their seats,” David Bader, a professor of cybersecurity and the director of the Institute of Data Science at the New Jersey Institute of Technology, told ABC News.
“The CrowdStrike bug disrupted many of those critical services that keep the airline running at full capacity,” Bader added.
Mark Lanterman, the chief technology officer at the cybersecurity firm Computer Forensic Services, said the outage resulted from a faulty software update initiated by CrowdStrike. The resulting computer bug interrupted core services because of the degree to which CrowdStrike pervades the Delta operating systems, he added.
“The CrowdStrike update is deep inside the operating system. When that was installed, there was bad code inside of this update. And when Windows came across the bad code, it panicked and it crashed,” Lanterman said.
Delta Airlines passenger jets are pictured outside Terminal C at LaGuardia Airport in New York, June 1, 2022.
Mike Segar/Reuters, FILE
The outage, which affected CrowdStrike clients that use Windows operating systems, disrupted a critical system that ensures each flight has a full crew, Delta said in a statement on Monday.
“Upward of half of Delta’s IT systems worldwide are Windows based,” Delta said.
Why did it take days for Delta to resume normal service?
The reason for the prolonged recovery from the outage was because the CrowdStrike update disruption required a manual fix at each individual computer system, experts told ABC News. While each fix can be completed in no more than 10 minutes, the vast number of Delta’s digital terminals required significant manpower to address, expert said.
“This isn’t a fix that could be done automatically; IT resources can’t just sit at a computer and push out an update and everything is fixed,” Lanterman said. “It took so long because Delta has a lot of computers and likely they have limited IT resources to go from computer to computer.”
In a statement on Tuesday, the airline acknowledged the challenge posed by the manual fix requirement.
“The CrowdStrike error required Delta’s IT teams to manually repair and reboot each of the affected systems, with additional time then needed for applications to synchronize and start communicating with each other,” Delta said.
Delta Air Lines, one of the largest airlines in the world, recently experienced a major outage that disrupted its operations for several hours. The outage, which was caused by a cyberattack on CrowdStrike, a cybersecurity firm that Delta relies on for protection, left thousands of passengers stranded and caused significant delays and cancellations.
Experts have been analyzing the reasons behind Delta’s delayed restoration of service following the CrowdStrike outage, and several key factors have emerged. One of the main reasons for the delay was the complexity of the cyberattack itself. CrowdStrike was targeted by a sophisticated and highly coordinated attack that compromised its systems and disrupted its ability to provide services to its clients, including Delta.
Another factor that contributed to the delay was the lack of a comprehensive backup plan in place. While Delta had backup systems in place for some aspects of its operations, such as flight scheduling and passenger check-in, it did not have a fully developed contingency plan for dealing with a cyberattack on one of its key service providers. This lack of preparedness meant that Delta had to scramble to find alternative solutions and workarounds to restore its operations, leading to further delays.
Additionally, experts have pointed to the importance of communication and transparency in situations like this. Delta’s initial response to the outage was criticized for being slow and lacking in detail, which only served to exacerbate the frustration and confusion among passengers. Clear and timely communication is essential in crisis situations like this, as it helps to manage expectations and provide reassurance to affected customers.
Moving forward, experts are urging Delta and other companies to take a more proactive approach to cybersecurity and crisis management. This includes conducting regular risk assessments, developing comprehensive contingency plans, and investing in robust backup systems and redundancy measures. By taking these steps, companies can better protect themselves against cyberattacks and minimize the impact on their operations in the event of an outage.
In conclusion, the delayed restoration of service following the CrowdStrike outage at Delta highlights the importance of cybersecurity preparedness and crisis management in today’s digital age. By learning from this incident and implementing best practices, companies can better protect themselves and their customers from future disruptions.
