What can we learn from the Optus outage?

The Optus network experienced a major outage today, which saw mobile, internet and landline phone services around the country go down for several hours, directly impacting at least 10 million customers and 400,000 businesses. Described by South Australian Premier Peter Malinauskas as the single biggest telecommunications outage Australia has ever seen, it was a stark reminder of how dependent we are on telco providers for our everyday communication needs, and how significantly we are affected when things go wrong.

The outage was first noticed by Optus at around 4 am AEDT, with the company swiftly beginning work testing a number of possible hypotheses to identify and resolve the issue — but without much success. Meanwhile, as Australians began waking up and going about their day, the widespread nature of the outage began to sink in — with delays on the Melbourne train network, healthcare professionals and hospitals unable to contact prospective patients, government agencies unable to provide services to citizens, consumers unable to make EFTPOS purchases and more. It was only late in the morning that services began being sporadically restored — a mammoth task that would continue throughout the day and into the evening — with Optus CEO Kelly Bayer Rosmarin eventually, albeit cryptically, putting the blame on “technical network issues” while denying any evidence of a cyber attack.

“The severity of the outage in some ways makes it less likely that it is the result of an attack,” commented Associate Professor Toby Murray, from the School of Computing and Information Systems at The University of Melbourne.

“For an attacker to intentionally cause an outage like this they would have needed to find and exploit a vulnerability at a critical point of failure in Optus’s network that could bring down internet, mobile and landline communications simultaneously, or to have carried out a coordinated attack at multiple points in Optus’s network to cause such a widespread outage.”

“The Optus outage is most likely a regular software upgrade gone wrong,” suggested Tom Worthington, an Honorary Lecturer in Computer Science at the Australian National University, who said the issue was “too widespread to be due to a cable break or equipment failure”. Indeed, given that most software updates tend to be carried out overnight, this appears to be the leading theory.

“The mobile phone towers are all still available and allowing mobile phones to connect to them; however, phone calls in or out from mobile phones are not working,” added Dr Konstanty Bialkowski, a Senior Lecturer at the School of Electrical Engineering and Computer Science at The University of Queensland. “There are also reports of Optus customers overseas not being able to use their phone overseas.

“The network outage seems to be something to do with the core network.”

While most Optus mobiles were still able to make calls to Triple Zero during the outage, thanks to the ability to ‘camp’ on other carriers’ networks, there was discussion about whether consumers should be automatically moved onto other networks even outside of Triple Zero scenarios. In response to this, Minister for Communications Michelle Rowland acknowledged the ACCC’s recent report examining the possibility of emergency roaming during natural disasters, which found that further work is needed to design and develop this capability but that it is technically feasible. We can but wonder if the outage event will spur the government to accelerate this roaming capability, or even to extend it to non-emergency scenarios.

Of course, the ideal situation would be to not be reliant on camping or roaming, and instead to have communications networks that are more resilient to outages in the first place. Dr Surya Nepal, Critical Infrastructure Protection and Resilience Mission Lead at CSIRO, said, “We should recognise the importance of building futureproof, secure critical infrastructure”, which would require allocating “substantial time and effort to monitor the road ahead, identifying and proactively mitigating potential emerging hazards”.

Dr Paul Gardner-Stephen, an Adjunct Senior Lecturer at Flinders University, added, “Australia would do well to look at every possible means to increase the resilience of our communications networks, as well as other interrelated systems such as the electricity grid and water supply systems.”

Dr Bill Corcoran, an ARC Future Fellow at Monash University, went so far as to say that “blackouts of telecommunications systems seem to be approaching the impact of blackouts of the grid” and that maybe this incident “will cause us to have a closer look at how we want to run this critical national infrastructure across multiple private companies”.

“Losing parts of our communications infrastructure seems increasingly unacceptable,” Corcoran said.

Image credit: iStock.com/GabrielPevide