In an interview with CNBC, Delta Air Lines CEO Ed Bastian said the July 19th outage caused by a CrowdStrike update cost his company half a billion dollars in five days. Delta canceled more than 5,000 flights that weekend, and had blue error screens still visible at airports days after the initial crash. Among the costs Bastian said Delta incurred were more than 40,000 servers that “we had to physically touch and reset” as well as compensation payments to travelers left in the lurch.
Asked about a continuing relationship with Microsoft after the crash, Bastian said he regards it as “probably the most fragile platform” and asked the question, “When was the last time you heard of a big outage at Apple?” He placed some blame on the valuations of big tech companies, which lately have been lifted by generative AI hype, saying, “…they’re building the future, and they have to make sure they fortify the current.”
Delta isn’t alone — Crowdstrike shareholders filed a proposed class action lawsuit this week, reports Reuters. The suit cites CrowdStrike CEO George Kurtz’s comments on a March 5th call that its software was “validated, tested, and certified.” The shareholders now regard those claims as false and misleading, since CrowdStrike wasn’t performing the same level of testing on Rapid Response Content updates as it does to other updates, and its Content Validator checks didn’t catch the bug that caused the global IT crash.
As described in Tom Warren’s recap of the events on the 19th, unlike Microsoft, Apple has in recent years restricted the access third-party developers have to the kernel of macOS. A Microsoft spokesperson said to the Wall Street Journal that it “cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint.” The European Commission disagrees, telling The Verge, “Microsoft is free to decide on its business model and to adapt its security infrastructure to respond to threats provided this is done in line with EU competition law.”
Bastian also derided both the flaw that caused the issue and CrowdStrike’s deployment processes, saying, “ If you’re going to have priority access to the Delta ecosystem…you’ve gotta test this stuff. You can’t come into a mission-critical, 24-7 operation and tell us, ‘We have a bug.’ It doesn’t work.”