Why did it take days for Delta to restore normal service after the CrowdStrike outage? Experts weigh in.

(NEW YORK) — An outage caused by a software update distributed by cybersecurity firm CrowdStrike has caused a wave of flight cancellations at several major U.S. airlines, but the disruption has been most severe and longest-lasting at Delta Airlines.

In total, the airline cancelled more than 2,500 flights in the period from last Friday, when the disruption began, until the middle of this week.

The U.S. Department of Transportation launched an investigation into Delta this week over the exceptionally severe flight disruptions.

“All air passengers deserve to be treated fairly,” Transportation Secretary Pete Buttigieg said in a message on X on Tuesday.

In a statement Tuesday, Delta said it was fully cooperating with the investigation. “Delta teams are working tirelessly across our operations to provide for and make amends to customers impacted by delays and cancellations as we work to restore the reliable, on-time service they expect from Delta,” the company said.

The company also apologized on Wednesday for the problems caused by the power outage.

“We sincerely apologize for the disruption to your recent travel plans due to a supplier technology outage affecting airlines and businesses worldwide,” the airline said in a statement.

“It’s a surprise that a multibillion-dollar company like Delta would allow this to happen,” Henry Harteveldt, a travel industry analyst at Atmosphere Research Group, told ABC News.

“I hope the worst is behind us now. While we can breathe a sigh of relief, I think many people are understandably nervous about flying Delta,” Harteveldt added.

Delta did not immediately respond to a request for comment from ABC News.

Airline and cybersecurity experts spoke to ABC News about what made the CrowdStrike outage so disruptive and why it took days for Delta to resume normal service.

Why was the CrowdStrike outage so disruptive to Delta?

The CrowdStrike outage had such a wide impact because of the severity of the IT outage and the scale of the disruption within Delta’s internal operating systems, experts told ABC News.

“For a company like Delta, they rely on a myriad of partner services for everything from scheduling pilots and aircraft to providing meal service and snacks to allowing customers to choose their seats,” David Bader, a cybersecurity professor and director of the Institute of Data Science at the New Jersey Institute of Technology, told ABC News.

“The CrowdStrike bug disrupted many of the critical services that keep the airline operating at full capacity,” Bader added.

Mark Lanterman, chief technology officer at cybersecurity firm Computer Forensic Services, said the outage was the result of a faulty software update initiated by CrowdStrike. The resulting computer bug disrupted core services due to the extent to which CrowdStrike penetrated Delta operating systems, he added.

“The CrowdStrike update is deeply embedded in the operating system. When it was installed, there was bad code in that update. And when Windows encountered the bad code, it panicked and crashed,” Lanterman said.

The outage, which affected CrowdStrike customers using Windows operating systems, disrupted a critical system that ensures every flight has a full crew, Delta said in a statement Monday.

“More than half of Delta’s IT systems worldwide are Windows-based,” Delta said.

Why did it take days for Delta to resume normal service?

The reason for the lengthy recovery from the outage was that the CrowdStrike update outage required a manual fix on each individual computer system, experts told ABC News. While each fix can be completed in 10 minutes or less, Delta’s large number of digital terminals required significant manpower to address, experts said.

“This is not a fix that can be done automatically; IT resources can’t just sit behind a computer and issue an update and everything is fixed,” Lanterman said. “It took so long because Delta has a lot of computers and they probably have limited IT resources to go from computer to computer.”

The airline acknowledged in a statement Tuesday that the manual repair requirement poses a challenge.

“The CrowdStrike flaw required Delta’s IT teams to manually repair and reboot each of the affected systems, then spend additional time synchronizing the applications and getting them to communicate with each other,” Delta said.

Copyright © 2024, ABC Audio. All rights reserved.