CrowdStrike Letter Questions Delta IT Decisions, Response To Outage

CrowdStrike is pushing back against what it has termed a “misleading narrative” from Delta Air Lines, after the carrier said it would pursue compensation for a global IT outage it values at half a billion dollars in related operational impacts.

The July 19 outage unfolded ahead of a busy summer travel period and was linked to a software update from CrowdStrike that affected computers using Microsoft Windows, impacting various industries around the globe including airlines and airports. Among U.S. airlines, Delta took longest to recover. The Atlanta-based carrier said more than half its IT systems were Windows-based and necessitated manual repairs and reboots—on roughly 40,000 servers.

The airline has largely blamed CrowdStrike for the operational disruption, which the cybersecurity company contends is not a full picture.

“Delta’s public threat of litigation ... has contributed to a misleading narrative that CrowdStrike is responsible for Delta’s IT decisions and response to the outage,” writes representation for CrowdStrike in an Aug. 4 response to airline counsel. “Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions—swiftly, transparently, and constructively—while Delta did not.”

Among the factors it believes Delta will have to explain should litigation proceed are “the design and operational resiliency capabilities of Delta’s IT infrastructure, including decisions by Delta with respect to system upgrades,” CrowdStrike’s letter states.

The union representing Delta’s pilots has also called into question the role internal systems may have played in broadening the event’s impact, describing a “complete communication breakdown” as turning the IT issue into a multi-day event and pointing to what it termed “our company’s continued failure to invest in and improve employee-facing technology.”

Some of the airline’s messaging during what it called “the CrowdStrike outage and resulting operational disruption,” noted that a crew tracking-related tool had been “unable to effectively process the unprecedented number of changes triggered by the system shutdown,” describing the critical system as “deeply complex” and requiring the most time and manual support to synchronize.

CrowdStrike pledges to “respond aggressively” to litigation should it proceed, alleging in the letter that the airline had turned down its offer of free onsite support. The cyber company “to this day” continues working with the Delta information security team, said attorney Michael Carlinsky. Any liability by CrowdStrike is contractually capped at an amount in the single-digit millions, he notes in the letter.

“Public posturing about potentially bringing a meritless lawsuit against CrowdStrike as a long-time partner is not constructive to any party,” added a CrowdStrike spokesperson in a statement. “We hope that Delta will agree to work cooperatively to find a resolution.”

In the aftermath of the disruption, the U.S. Transportation Department (DOT) determined that airline delays and cancellations resulting from the system outage were “controllable,” and said it had launched an investigation into Delta’s response. Speaking to CNBC after operations had been restored, Delta’s CEO described the airline as having invested in considerable redundancies, attributing its outsized impact to being “by far the heaviest” in its usage of both CrowdStrike and Microsoft.

“It’s been a wake-up call for me because we have issues regularly in this space,” CEO Ed Bastian said. “We thought we had the best, between Microsoft and CrowdStrike.”