Why did it take Delta several days to restore normal service after the outage?

The outage, caused by a software update from cybersecurity firm CrowdStrike, has triggered a wave of flight cancellations at several major U.S. airlines, but the most severe and prolonged disruptions have been at Delta Airlines.

In total, the carrier canceled more than 2,500 flights between last Friday, when the outage began, and the middle of this week.

The U.S. Department of Transportation this week opened an investigation into Delta Airlines following extremely serious flight disruptions.

“All airline passengers have the right to be treated fairly,” Transportation Secretary Pete Buttigieg said in a post on X on Tuesday.

In a statement Tuesday, Delta said it was fully cooperating with the investigation. “Across our operations, Delta teams are working tirelessly to provide care and remediation to customers impacted by these delays and cancellations as we work to restore the reliable, on-time service they expect from Delta,” the company said.

The company on Wednesday also apologized for problems related to the power outage.

“Please accept our sincere apologies for the disruption to your recent travel plans caused by a supplier technology failure that has affected airlines and businesses around the world,” the airline said in a statement.

“It’s a surprise that a multibillion-dollar corporation like Delta would allow something like this to happen,” Henry Harteveldt, a travel industry analyst at Atmosphere Research Group, told ABC News.

“I hope the worst is behind us. While we can breathe a sigh of relief, I think many people are understandably concerned about flying Delta,” Harteveldt added.

Delta did not immediately respond to ABC News’ request for comment.

Airline and cybersecurity experts spoke with ABC News about what caused such a major disruption to CrowdStrike and why it took Delta several days to restore normal service.

What made the CrowdStrike outage so disruptive to Delta?

The CrowdStrike outage was so significant because of the severity of the IT failure and the scale of its impact on Delta’s internal operating systems, experts told ABC News.

“A company like Delta relies on countless partner services for everything from scheduling flights for pilots and aircraft to providing meals and snacks and allowing customers to choose their seats,” David Bader, a professor of cybersecurity and director of the Data Science Institute at the New Jersey Institute of Technology, told ABC News.

“The CrowdStrike bug disrupted many of the critical services that keep airlines operating at full capacity,” Bader added.

Mark Lanterman, chief technology officer at cybersecurity firm Computer Forensic Services, said the outage was caused by a faulty software update initiated by CrowdStrike. The resulting computer error disrupted essential services because of the degree to which CrowdStrike penetrated Delta’s operating systems, he added.

“The CrowdStrike update is deep in the operating system. When it was installed, there was bad code in that update. And when Windows encountered the bad code, it panicked and crashed,” Lanterman said.

The outage, which affected CrowdStrike customers using Windows operating systems, disrupted a key system that ensures every flight has a full crew, Delta said in a statement Monday.

“More than half of Delta’s global IT systems are Windows-based,” Delta said.

Why did Delta have to wait several days before restoring normal service?

The reason for the extended disaster recovery was that the CrowdStrike update outage required manual repairs on each individual computer system, experts told ABC News. While each repair can be done in 10 minutes or less, the vast number of Delta digital terminals required significant manpower to handle it, experts said.

“This isn’t a fix that can be done automatically; IT resources can’t just sit down at a computer and push out an update and everything will be fixed,” Lanterman said. “It took so long because Delta has a lot of computers and probably has limited IT resources to go from computer to computer.”

In a statement issued Tuesday, the airline acknowledged that the manual positioning requirement presents challenges.

“The CrowdStrike bug forced Delta IT teams to manually repair and reboot each affected system, then spend additional time getting the applications to sync and start communicating with each other,” Delta said.