IT glitches and third-party risks

Every organization relies on others, but when it comes to IT, that reliance can make or break your operations. The American Airlines and Bane NOR shutdowns are reminders of what happens when you hand over the reins of key systems to third-party vendors.

Think about American Airlines. On Christmas Eve 2024, a glitch tied to DXC’s network hardware caused a one-hour outage, delaying 900 flights and leaving 900,000 passengers stranded across 200 airports. That’s a chain reaction affecting millions. Similarly, Bane NOR, Norway’s railway system, faced a 13-hour shutdown on Christmas Day due to a simple misconfigured firewall. This blocked communication between trains and traffic control, effectively halting operations nationwide.

These are signals that the systems we’ve built are fragile, especially when trust in third-party vendors replaces comprehensive oversight. IT systems today are interconnected, with complex dependencies. If one piece fails, the entire system can grind to a halt.

“Every decision you make about third-party IT vendors is a decision about the resilience of your operations.”

Contrasting crisis management approaches

When things go sideways, how you respond defines your organization. Here, we see two very different approaches. Bane NOR opted for collaboration and transparency. They quickly diagnosed the firewall issue, rerouted traffic through an alternate system, and isolated the faulty network. Importantly, they worked closely with their vendor and even praised their efforts publicly. That’s how you build trust and solve problems.

American Airlines? Not so much. They chose to point fingers, publicly blaming DXC before a full investigation. While emotions were high, and understandably so, this approach raises questions. Did they have the right oversight on DXC? Were internal teams managing vendor relationships effectively? Public blame is rarely a winning strategy. It doesn’t fix the problem, and it risks alienating partners you rely on to keep your business running.

The contrast is clear. Collaborative crisis management builds resilience. Reactive blame shifts focus from solving the real problem to managing reputational damage.

Vendor oversight is everyone’s responsibility

Third-party vendors are key, but without regular maintenance and careful usage, even the best can fail. The issues at American Airlines and Bane NOR highlight a universal truth: oversight of vendors is non-negotiable.

Take DXC, for example. They’ve worked with American Airlines for over 20 years, managing key systems and modernizing legacy code for the cloud. Yet, a network hardware issue still disrupted operations. Was DXC adequately prepared, or were there gaps in communication, training, or staffing? On the flip side, was American Airlines providing the resources and oversight DXC needed to succeed?

It’s about recognizing that vendor relationships are partnerships. If the vendor fails, it’s often a reflection of the enterprise’s oversight. Due diligence, regular performance reviews, and clear communication are key. As leaders, it’s on us to make sure every cog in the machine is well-oiled and ready to run.

Holiday staffing and the importance of resilience

Now, let’s address the timing. Both incidents happened during major holidays, Christmas Eve and Christmas Day, when operations run on skeleton crews. While it’s unlikely the outages were caused by reduced staffing, having fewer people available to diagnose and fix issues certainly didn’t help. This is where planning makes all the difference.

Holidays aren’t a surprise. They happen every year. Yet many organizations still operate with reactive strategies instead of proactive ones. Automation, cross-training, and on-call expertise are straightforward ways to make sure that when things break, and they will, you’ve got the right people ready to respond.

Resilience means handling problems with speed and precision. Holiday disruptions like these are inevitable if you’re not building systems and teams to thrive under pressure. If you can navigate Christmas Day chaos, you can handle anything.

Key takeaways

  1. Proactive oversight is key: Reliance on third-party IT vendors, as seen in the American Airlines and Bane NOR incidents, underscores the need for rigorous vendor oversight. Leaders should prioritize due diligence, regular audits, and clearly defined responsibilities to mitigate disruptions.

  2. Collaborative problem-solving yields better results: Bane NOR’s cooperative approach with their vendor highlights the importance of maintaining trust during crises. Organizations should develop protocols emphasizing collaboration and swift communication rather than blame-shifting.

  3. Resilience planning reduces operational risk: Holiday disruptions showed the impact of skeleton crews and unprepared responses. Leaders should invest in automation, cross-training, and holiday contingency plans to guarantee operational continuity.

  4. Systems need built-in redundancy: Both cases reveal how single points of failure, like a misconfigured firewall or network hardware issue, can cripple operations. Enterprises should focus on comprehensive testing, redundancy, and fail-safe mechanisms for key IT infrastructure.

Alexander Procter

January 23, 2025

4 Min