Wait I thought this was caused by a security update.
Are they saying there was a security update that would have prevented the CrowdStrike update from bricking everything?
TSA silent on CrowdStrike’s claim Delta skipped required security update
Submitted 1 year ago by jeffw@lemmy.world to technology@lemmy.world
Comments
jaybone@lemmy.world 1 year ago
jeffw@lemmy.world 1 year ago
Different security step.
In March 2023, the TSA added a cybersecurity emergency amendment to its cybersecurity programs. The amendment required airlines like Delta to develop “policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised,” CrowdStrike’s complaint said.
jaybone@lemmy.world 1 year ago
Yeah I read it. So is CrowdStrike going to argue that some other software update was supposed to have been installed by Delta prior to CrowdStrike’s update?
That’s my question.
db2@lemmy.world 1 year ago
Meanwhile, the airline still running off Windows 3.11:
turkalino@lemmy.yachts 1 year ago
I love how this whole debacle has turned into a finger-pointing party
“We, Microsoft, didn’t do it, CrowdStrike did!”
“We, CrowdStrike, didn’t do it, the airlines did!”
Of course, this would be fine if done for technical purposes, but it’s actually being done to reverse stock price dips and make the boards of directors happy
deranger@sh.itjust.works 1 year ago
Why would the TSA have anything to do with Delta’s IT operations?
aard@kyu.de 1 year ago
So CrowStrikes strategy is “you installed CrowStrike while TSA told you not to install it, as was clearly proven by us taking down your network, so we’re not at fault”?
AtHeartEngineer@lemmy.world 1 year ago
I think it’s pretty reasonable for a company as big as delta to wait a little bit to see how a patch rolls out before upgrading.
Pika@sh.itjust.works 1 year ago
Honestly agreed, I think it’s reasonable for a company as big as Delta to have a functioning continuity plan, the fact that it took them over 5 days to come back online is Unforgivable for a service that is detrimental to society like a transportation service.
Personally speaking I think that the 500 million lawsuit should be thrown out exclusively on that. It is Delta’s inability to properly manage their company is IT services that exclusively cause this.
I’m not down playing crowdstrike here, what they did is unforgivable as well because how they manage their software completely bypassed all channels that are meant to prevent shit like this from happening, but every other system was online within two days if that, because they had proper feel safe in place to minimize damages and regain operational status.
But ultimately, crowd strikes mess up was obviously an error on their end, where Delta not having a proper procedure in place is obviously intentional as having a Disaster Recovery where you lose most of your infrastructure has been IT management 101 for years now.
kandoh@reddthat.com 1 year ago
Hackers are less of a threat than Microsoft’s attempts at protecting us from hackers
Pika@sh.itjust.works 1 year ago
Dude the president it would set if Delta sued Microsoft in one would be super damaging I’m glad it’s not happening
Imagine being responsible for a software that is put on A system that you developed, with you being isolated slasher move from the situation, it would be the continent owners of websites being responsible for Stuff posted all over again
InverseParallax@lemmy.world 1 year ago
Imagine being responsible for forcing a security update on your customers without testing it.
Negligence absolutely applies here, Crowdstrike needs to be sued out of existence.
Pika@sh.itjust.works 1 year ago
Fully agreed that crowdstrike is partly responsible, however my comment was based off of Microsoft not crowdstrike. Delta stated they were going to sue both crowdstrike and Microsoft, but they didn’t actually go through with it