Delta Airlines to ‘rethink Microsoft’ in wake of CrowdStrike outage

Delta Airlines to ‘rethink Microsoft’ in wake of CrowdStrike outage

In the wake of the widespread outage caused by a defective update to CrowdStrike’s Falcon cybersecurity platform, Delta Airlines is among the first enterprises to come forward to demand compensation from CrowdStrike and Microsoft for the enormous losses caused by the interruption of its flights during the failure.

Delta, which was the airline most impacted by the outage, estimates damages to be around $500 million. 

Delta CEO Ed Bastian told CNBC that the airline canceled over 5,000 flights due to the outage, adding that the company’s IT organization had to manually reset 40,000 servers.

That “half a billion dollars in five days” includes “lost revenue, but also tens of millions of dollars a day in compensation and hotel costs” for passengers whose flights had been cancelled, he said.  

“We have no other choice,” Bastian said of the need to sue for damages. “They haven’t offered anything — free consulting advice to help us.”

Bastian contextualized Delta’s IT environment as “by far the heaviest in the industry with both Microsoft and CrowdStrike,” and said Delta invests “hundreds of millions of dollars in redundancy.”

Poor partnerships, priority access negligence

As for Microsoft and CrowdStrike, Bastian called out their financial disincentive to partner well.

“People don’t realize that Microsoft and CrowdStrike are the top two competitors around cyber with each other, so they don’t necessarily partner at the same level that we need them to,” he said. “I think this is a call to the industry, everyone talks about making sure that Big Tech is responsible, guys, this cost us a half a billion dollars.”

Industry experts have called on the CrowdStrike outage as a prime example of what goes wrong when software makers have privileged access to computer systems — a key issue in triggering the crashing of more than 8.5 million Windows-based devices, by Microsoft’s estimates.

Delta’s Bastian took aim at this issue in his CNBC interview, when calling out CrowdStrike’s faulty validation process.

“If you’re going to be having access, priority access to the Delta ecosystem in terms of technology, you’ve got to test the stuff. You can’t come into a mission-critical 24/7 operation and tell us we have a bug,” he said. 

Microsoft has announced that it is re-examining kernel-level access for software applications.

A shift ahead?

In his CNBC interview, Bastian said Delta is doing its own reassessment in the wake of the outage — and hinted at potential changes in its technology purchasing portfolio.

“We have to rethink Microsoft,” he said. “My sense is that they’re probably the most fragile platform within that space. When was the last time you heard of a big outage at Apple?”

Delta was not the only company to suffer financial losses. Other airlines were impacted worldwide, as well as banks, hospitals, media outlets, and other critical services. 

Microsoft’s market share played a significant factor in the scope of the outage, and Bastian called out the company’s stock-based growth incentives as a central concern for the losses incurred for current Microsoft customers.

“Where is their priority? Is it growing the business or delivering exception service to their existing customer base?” he asked, adding Microsoft “has to make sure they fortify the current [customer base].”

Despite the huge implications of the Delta’s suit against Microsoft and CrowdStrike, experts do not believe the technology providers can be held legally liable, given conditions typically set in contracts with software providers.