The Delta-CrowdStrike Incident: A Cautionary Tale of Shared Responsibility in IT Security
Phil Lees
Nowadays, businesses rely more than ever on complex IT infrastructures and the cybersecurity solutions and services that protect them. This reliance is coupled with an increasing demand for seamless operations, especially for critical services like those provided by healthcare providers, financial services, airlines etc. where infrasrtucture downtime can have a global impact.
The recent CrowdStike failure and the resulting dispute between Delta Air Lines and CrowdStrike has brought to the forefront the complex and often contentious issue of shared responsibility between vendors, their clients, and Managed Service Providers (MSPs).
The Delta-CrowdStrike Dispute: A Brief Overview
In late July this year, Delta Air Lines was one of 1,000s of organisations affected by a catastrophic IT outage. Globally the impact was over $5bn, with Delta Air Lines alone having to cancel 5,000 flight leaving thousands of passengers were stranded or suffering delays. Their resulting financial hit is estimated at $500 million. The incident was tied to an integration failure involving CrowdStrike and Microsoft, which, according to Delta, was not adequately tested before deployment into their mission-critical environment.
Delta’s response to this incident has been to threaten legal action against CrowdStrike, accusing the cybersecurity firm of negligence and breach of contract. The airline contends that CrowdStrike’s insufficient testing and subsequent failure to prevent the outage were the direct causes of their operational and financial losses.
CrowdStrike has, however, refuted these claims, maintaining that it fulfilled its contractual obligations and that the incident highlights the broader issue of unrealistic expectations placed on software vendors and, more specifically, cybersecurity vendors. As this case potentially heads towards the courtroom, it raises key questions about the responsibilities of vendors, their customers and MSPs in maintaining secure and reliable IT environments.
The Role of MSPs: Supporting, Not Controlling
Many organisations engage managed services providers to support their business operations. There can be many reasons for this, but broadly the most common relate to one the following:
- Scalability and flexibility: Access to additional skills and resources can help organisations as they grow and change.
- Reliability and security: Providing ongoing visibility into infrastructure improves resilience.
- Cost control: MSPs can help organisations reduce and control costs
Whilst some organisations still opt to outsource the entire responsibility of IT to MSPs, this is becoming rarer, as this model rarely delivers on the above goals. More typically MSPs work closely with their customers, each having responsibilities and areas of ownership. it is crucial to acknowledge the boundaries of responsibilities, particularly in areas where the client may wish to retain control and ownership of vendor products.
The Delta-CrowdStrike incident is a stark reminder that no MSP can effectively manage an unsupported, outdated, or otherwise compromised environment. For instance, if a client chooses not to patch critical systems, continues to use end-of-life (EoL) or end-of-support (EoS) hardware, or fails to invest in the necessary IT upgrades, the risks of system failures and security breaches increase exponentially. In such cases, the MSP's ability to ensure smooth operations and security is severely hampered by the apparent professional negligence of the end customer.
Customer Responsibility: A Critical Component of IT Security
In any IT service relationship, there is a shared responsibility model where both the provider and the customer play vital roles in maintaining system integrity and security. Where an MSP is engaged to provide expertise and tools to manage and secure the environment, the customer must meet its obligations by ensuring that systems are up-to-date, adequately supported, and configured according to best practices.
This shared responsibility is particularly important when considering the rapidly evolving nature of cybersecurity threats. Vendors like CrowdStrike can only do so much to secure an environment if the underlying infrastructure is not properly maintained. The recent incident underscores this point: while Delta expected CrowdStrike to catch every potential issue during testing, the reality is that even the best cybersecurity solutions cannot compensate for inadequate customer-side IT management.
The Importance of a Trusted Partnership
At WhiteSpider, our relationship with our clients goes beyond a simple service contract. It is a trusted partnership, where we both understand the respective responsibilities and work collaboratively to identify and mitigate risks. This partnership requires open dialogue and a mutual understanding of where risks exist and who manages them.
When outages or security incidents occur, it is not just about pointing fingers but assessing whether both parties have met their responsibilities. Did WhiteSpider provide the necessary support and guidance? Did the customer follow through on recommended actions, such as patching systems or upgrading outdated hardware? These questions must be answered to determine where accountability and ownership lie, but it's important to state that this isn’t blame; it’s a partnership.
A Shared Responsibility Model
The Delta-CrowdStrike incident may be the catalyst for developing a more formalised shared responsibility model. For example, our service contracts clarify each party's roles and responsibilities, helping to ensure that all stakeholders are aligned in their efforts to maintain secure and reliable IT environments.
At WhiteSpider, we believe that minimising risk requires more than just deploying the latest cybersecurity tools. It requires a holistic approach that includes regular communication, mutual accountability, and a shared commitment to maintaining a robust IT infrastructure. By working together, MSPs, customers, and vendors can better protect against the complex and ever-evolving threats that characterise today's digital landscape.
In conclusion, while MSPs play a critical role in supporting and securing customer infrastructure, the ultimate success of these efforts depends on the active participation of the customer. By recognising and embracing their responsibilities, customers can ensure that their IT environments are not only secure but also resilient in the face of unexpected challenges. The Delta-CrowdStrike incident serves as a powerful reminder that in the world of IT security, collaboration and shared responsibility are not just important—they are essential.