On Friday, an executive from Australia’s second-largest telecom, Optus, told parliament that the business did not have a crisis plan when a network-wide outage left almost half the country without phone or internet service for 12 hours. The executive acknowledged that the company’s defenses had failed.
The business owned by Singapore Telecommunications (STEL.SI) recently war-gamed scenarios in which the routers that direct phone and internet data failed in entire states. However, the company never anticipated a shutdown on a national scale since it has other connections built into its network.
At a Senate inquiry on the breakdown on November 8, Optus managing director of networks Lambo Kanagaratnam stated, “We didn’t have a plan in place for that specific scale of outage.” This incident prevented a significant portion of the country from being able to make payments, obtain healthcare, or contact emergency services for most of the day.
“I was unprepared for it. “We have high levels of redundancy, and it’s not something that we expect to happen,” he continued, using the phrase for other pathways to transfer data if the primary conduit fails. Redundancy is a term used in the field of telecommunications.
The statements highlight worries about the robustness of Australia’s telecommunications networks, which have been under the spotlight ever since a significant data breach at Optus last year exposed the personal data of 10 million Australians. The comments were made because Australia’s telecommunications networks have been scrutinized since the incident occurred. Now, the corporation is facing a new reputational issue after a routine software upgrade at Singtel prompted the service blackout, which it has alleged. This has caused the company to lose customers and revenue.
As part of a reform of the country’s cyber security regulations that will be revealed this month, the Australian government has already imposed stricter cyber security reporting criteria on telcos. Additionally, the government has stated that it aims to adopt obligatory reporting of ransomware attacks in all sectors as part of the same revamp.
Kanagaratnam stated in front of the hearing that Optus has filters in place that were meant to prevent all 90 of the business’s routers from becoming overburdened with data; therefore, the company did not anticipate a total shutdown of its services. However, the filters didn’t work, which limited the company’s capacity to transmit data via alternative pathways.
“The outage was a result of our defense not working as it should have,” claimed the president. “Our network should have been able to deal with the change.”
Because Optus had to manually reboot all 90 routers and another 50 core network components, the downtime lasted approximately 12 hours, beginning at about 4 a.m. and ending at about 4 p.m. local time.
When questioned why it took the firm six hours to allay public worries that it was under a cyber assault, Optus CEO Kelly Bayer Rosmarin told the court, “There were some strange coincidences that made us quite worried about that” since the Singtel board was in the nation that day.
According to Bayer Rosmarin, the interruption caused 228 calls to the Australian emergency hotline, Triple-0, to fail to connect. Still, the telco claimed it followed up on all the events and “thankfully everybody is OK.”
When Bayer Rosmarin was asked if Optus was unduly dependent on third-party contractors, he said, “it is something I do think we should look at, in terms of the right level of outsourcing and insourcing.”
Singtel has stated that although Optus did experience an outage following the software upgrade that it performed, the promotion was not the cause of the outage.