Australia’s telecom giant, Optus, has come under intense scrutiny after a network-wide outage on November 8. This network outage left nearly half the country without phone or internet services for 12 hours.
In a Senate hearing, Optus Managing Director of Networks Lambo Kanagaratnam revealed that the company had no crisis plan to address a nationwide shutdown.
Unprecedented Nationwide Shutdown Shakes Confidence
Despite recent simulations focusing on the failure of routers directing voice and internet data in entire states, Optus was ill-prepared for a nationwide outage.
The outage had far-reaching consequences, leaving much of the country unable to make payments, access healthcare, or contact emergency services for an extended period.
Kanagaratnam highlighted that the outage was unexpected, as the company had high levels of redundancy and alternate connections built into its network. The lack of a specific plan for such a large outage raises concerns about the resilience of Australia’s telecommunications networks.
This comes after a massive data breach at Optus last year that exposed the personal data of 10 million Australians. Notably, Optus, Australia’s second-largest telecommunications company, is owned by Singapore Telecommunications (Singtel).
Defense Mechanisms Fail, Lengthy Outage Raises Questions
Optus CEO Kelly Bayer Rosmarin addressed the Senate during the hearing, explaining that the outage resulted from the failure of the company’s defense mechanisms.
Despite filters designed to prevent all 90 routers from being overloaded with data, the filters failed, compromising Optus’s ability to send data through alternate routes.
The outage, lasting from 4 am to 4 pm local time, required Optus to physically reboot all 90 routers and an additional 50 core network devices.
Rosmarin acknowledged the public concern during the outage and explained that it took six hours to dispel fears of a cyberattack due to “strange coincidences” that raised suspicions within the company.
The delay in communication highlights the challenges companies face in managing crises effectively. Optus faced additional criticism for the failure of 228 calls to the Australian emergency hotline Triple-0 during the outage.
Rosmarin assured us that all incidents were followed up on and everyone affected was okay. The incident underscores the potential risks associated with such widespread telecommunication failures.
Reputational Crisis and Regulatory Response
The outage, attributed to a standard software upgrade at Singtel, Optus’s parent company, has triggered a fresh reputational crisis for the telecommunications giant.
The Australian government, already concerned about the resilience of telecommunications networks, has imposed stricter cybersecurity reporting standards on telcos.
Additionally, plans for mandatory reporting of ransomware attacks across all sectors will be announced as part of an upcoming overhaul of the country’s cybersecurity laws.
During the hearing, Rosmarin addressed concerns about Optus’s reliance on third-party contractors. He stated that the company should evaluate the balance between outsourcing and insourcing.
Acknowledging potential overreliance on external parties raises questions about the industry’s practices and the need for a comprehensive review.
Optus’s nationwide outage has exposed vulnerabilities in its crisis management and raised questions about the resilience of Australia’s telecommunications infrastructure.