Delta has been threatening to sue CrowdStrike over the July flight disruptions that caused mass chaos for travelers, and both parties have now filed papers against each other. Popular sentiment has been firmly against Delta, and CrowdStrike pins the extended IT outage primarily on Delta’s “antiquated” systems.
Delta has a path to victory in court, but it is very slim. The company is sitting on a legitimate point in that CrowdStrike demonstrably did not test the errant Falcon update as thoroughly as they could have before deploying it to all of their clients simultaneously. But the companies have a contract that covers such instances and limits liability, yet Delta is shooting for the whole banana of its $500 million in losses from the incident. The other compelling component of the argument is an accusation that CrowdStrike installed a backdoor of sorts in their Windows systems to continue pushing updates even after they were disabled, but that claim has yet to be backed up with facts available to the public.
CrowdStrike traces flight disruptions to out-of-date delta systems, refusal to cooperate
The thousands of flight disruptions that Delta experienced over its week of recovery led to a claimed total of a little over half a billion dollars in damages. Delta appears confident it can force CrowdStrike to pay the entire bill plus legal expenses (and has looped Microsoft into the lawsuit as well). CrowdStrike’s countersuit is more modest; it simply asks for a court declaration that it is limited to the damages specified in the service agreement, and the cost of its legal fees.
CrowdStrike has been taken to task for not testing the faulty Falcon patch adequately or staggering its rollout, but it is very unclear whether that can be used as a successful base for demanding full damages from the ensuing week of flight disruptions. The company was quickly on hand to support Delta and the numerous other airlines that were impacted by IT outages, and all of those airlines save Delta recovered almost fully within a day or so. As to Delta’s claim of “backdoors,” CrowdStrike say that this is “misinformation” and that the company does not understand how the cybersecurity service works.
CrowdStrike has countered the claim by saying that Delta repeatedly refused its offers of assistance, and that the reason Delta struggled more than other airlines is that it had an outdated system that saw avoidable spinoff issues from the original IT outage. The specific term the security firm used was “antiquated.”
IT outages frequently covered by service agreements
The faulty Falcon update hit Windows computers throughout the world on July 19, almost entirely on business networks, and caused a “blue screen” reboot cycle that required another update to restore. This was accomplished for many by July 20, but Delta saw its IT outage issue and flight disruptions drag on until the 25th. The carrier’s Atlanta hub essentially turned into a shelter for several days as the city and surroundings saw hotels, other flights and even Amtrak trains and buses flooded due to canceled flights.
Delta’s own CIO stated on July 21 that cascading issues from the original IT outage were the cause of the ongoing flight disruptions, something not likely to help Delta’s case. The airline was primarily struggling with a need to process a huge backlog of updates and a personnel assignment system thrown into disarray that kept crew from being efficiently assigned to planes.
The blame game has been going on since late July, when Delta CEO Ed Bastian started threatening CrowdStrike with a lawsuit. Bastian also put himself at the center of controversy at this time by taking a first-class flight to Paris to watch the Olympics during the final days of the Delta recovery.
It’s not impossible for Delta to prevail in this lawsuit, but it seems very unlikely. Public sentiment, which was that this was an internal IT and business response failure by the airline, is likely to reflect what the court will eventually find. If Delta’s systems were found to be in a state of disarray prior to the flight disruptions and similarly vulnerable to some other IT outage or hack that might have come along, CrowdStrike is very likely to prevail in the case.