Singtel’s Optus tells lawmakers it had no crisis plan to address total outage
AUSTRALIA’S second-largest telco, Optus, had no crisis plan when a network-wide outage left nearly half the country without phone or Internet services for 12 hours, an executive told parliament on Friday (Nov 17), acknowledging the company’s defences had failed.
The Singtel-owned company had recently war-gamed scenarios in which the routers that directed voice and Internet data failed in entire states, but it never expected a nationwide shutdown because it had alternate connections built into its network. Optus managing director of networks Lambo Kanagaratnam told a Senate hearing: “We didn’t have a plan in place for that specific scale of outage.” He was referring to the Nov 8 failure that left much of the country unable to make payments, receive healthcare or contact emergency services for most of a day.
“It was unexpected. We have high levels of redundancy, and it’s not something that we expect to happen,” he said, using the telecommunications term for alternate routes to send data when an initial pathway fails.
The comments underscore concerns about the resilience of Australia’s telecommunications networks, which have been in the spotlight since a massive data breach at Optus last year exposed the personal data of 10 million Australians.
Now, the company faces a fresh reputational crisis after the service blackout, which it has said was triggered by a standard software upgrade at Singtel.
The Australian government has already imposed tougher cybersecurity reporting standards on telcos, and has said it plans to introduce mandatory reporting of ransomware attacks in all sectors under an overhaul of the country’s cybersecurity laws to be announced this month.
Kanagaratnam told the hearing that Optus never expected a total shutdown because it had filters designed to stop all 90 of the company’s routers from being overloaded with data. But the filters failed, cutting the company’s ability to send data on alternate routes.
“The outage was a result of our defence not working as it should have,” he said. “Our network should have been able to deal with the change.”
The outage, which lasted from about 4 am to 4 pm local time, happened because Optus had to physically reboot all 90 routers plus another 50 core network devices, he added.
Optus chief executive Kelly Bayer-rosmarin, when asked why the company took six hours to dispel public concerns that it was under a cyberattack, told the hearing “there were some strange coincidences that made us quite worried about that” because the Singtel board was in the country that day. She said 228 calls to Australian emergency triple-zero hotline failed to connect because of the outage, but the telco had followed up on all incidents and “thankfully, everybody is OK”.
Asked whether Optus was overly reliant on third-party contractors, Bayer-rosmarin said: “It is something I do think we should look at, in terms of the right level of outsourcing and insourcing.”
Singtel has said that although Optus experienced an outage after its software upgrade, the upgrade itself was not the cause.