These are not small time operations (most of them). They are multi billion dollar companies with complex technical needs. This is doable and the bread and butter of good networking engineers.
Having not done this just cost them billions. Now imagine the US at war or another nation state that just wants to cause havoc.
That's ridiculous. The cost of building air gapped operations systems, and including the resulting loss of productivity and efficiency, would be worse than just accepting an occasional outage. People who lack technical competence and operational experience always tend to over react to software failures.
The major airlines may not be "small time operations" but none of them are even in the top 100 US corporations by market cap. They simply don't have the level of IT resources or competence that we see at major tech companies.
It doesn’t need to be strictly air gapped, but there’s nothing technologically demanding about a computer used to check people in on a flight, it could be done over a 9600 baud modem and a thin client.
Nothing technologically demanding about global logistics software, being run by an industry with 0% profit margins (give or take, airlines don’t make much money), being asked to cripple itself 24x7 to avoid one weird outage every several years?
Crowdstrike is a trusted application on every computer in these people's farms. It is not uncommon to have specific rules for these packages to be downloaded directly from the Internet.
You're suggesting either that Crowdstrike itself will get used as a vessel for an attack, or that banks and airlines have firewall rules open for enemies.
Having not done this just cost them billions. Now imagine the US at war or another nation state that just wants to cause havoc.