this post was submitted on 29 Oct 2024
214 points (98.6% liked)

Technology

59347 readers
4956 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
214
TSA silent on CrowdStrike’s claim Delta skipped required security update (arstechnica.com)
submitted 2 weeks ago by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 2 weeks ago (1 children)

Wait I thought this was caused by a security update.

Are they saying there was a security update that would have prevented the CrowdStrike update from bricking everything?

[–] [email protected] 3 points 2 weeks ago (1 children)

Different security step.

In March 2023, the TSA added a cybersecurity emergency amendment to its cybersecurity programs. The amendment required airlines like Delta to develop "policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised," CrowdStrike's complaint said.

[–] [email protected] 2 points 2 weeks ago (1 children)

Yeah I read it. So is CrowdStrike going to argue that some other software update was supposed to have been installed by Delta prior to CrowdStrike’s update?

That’s my question.

[–] [email protected] 4 points 2 weeks ago* (last edited 2 weeks ago)

No they are going to argue that there should have been a fail safe in place for a rapid recovery of said incident occurring in the first place. Since the TSA required it

I personally don't think that should resolve crowdstrike of all responsibility, but the fact that they lack these contingency plans in the first place makes me think that CS is definitely not the only one at fault here