- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
Wait I thought this was caused by a security update.
Are they saying there was a security update that would have prevented the CrowdStrike update from bricking everything?
Why would the TSA have anything to do with Delta’s IT operations?
In March 2023, the TSA added a cybersecurity emergency amendment to its cybersecurity programs. The amendment required airlines like Delta to develop “policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised,” CrowdStrike’s complaint said.
Guess that’s why.
So CrowStrikes strategy is “you installed CrowStrike while TSA told you not to install it, as was clearly proven by us taking down your network, so we’re not at fault”?
That’s some serious scope creep there by TSA. I’m quite sure that airlines’ business continuity is wholly unrelated to transportation security.
Travelers were definitely securely on the ground. Upset, but secure.
I think it’s pretty reasonable for a company as big as delta to wait a little bit to see how a patch rolls out before upgrading.
Hackers are less of a threat than Microsoft’s attempts at protecting us from hackers
I love how this whole debacle has turned into a finger-pointing party
“We, Microsoft, didn’t do it, CrowdStrike did!”
“We, CrowdStrike, didn’t do it, the airlines did!”
Of course, this would be fine if done for technical purposes, but it’s actually being done to reverse stock price dips and make the boards of directors happy
Meanwhile, the airline still running off Windows 3.11: