If the internet and phone services were to go offline, the world would descend into chaos as the suspension of emergency services, online banking, transport, and navigation problems would bring everything to a standstill. On October 8, 2023, millions of Australians experienced somewhat of a similar situation as their phone and internet services went offline. Yes, you heard it right. Millions of Optus customers experienced a nationwide outage about 4 a.m. local time, causing widespread problems in processing electronic payments, train and ride share services were down and hospitals couldn’t receive emergency calls. Although Optus stated that services would gradually become normal at 12:55 PM after 8 hours and 50 minutes, it took more time for all services to come online again.
According to Manish Chaudhari, CISO of Cybernetic Global Intelligence, an internationally recognised provider of cybersecurity support services, telecom companies should always approach cybersecurity issues with the utmost seriousness. While no official confirmation ties this outage to a cyber hack, the pervasive belief among many is fueled by Optus’s disclosure of a significant cyber breach just last year.
What Led to the Outage?
A spokesman confirmed on Monday that, following a routine software upgrade on Wednesday at 4:05 a.m., modifications to routing information from an international peering network were the cause of the outage. Following this event, questions were raised regarding the robustness of Australia’s telecommunications network, especially Optus.
Dr. Bill Corcoran, an ARC Future Fellow at Monash University, said that the complete disaster was the result of a human error.
“One of the things that happened today is that something went ‘sproink’ in network control for Optus.”
According to Dr. Corcoran, a “sproink” would be something as simple as a glass of water spilling on a server and causing it to short circuit. However, Dr. Corcoran believes that a much larger issue must have occurred in order to result in the type of outage we’ve seen today.
“What this seems to indicate, without knowing exactly what’s happened, is a cascade of failure.
“Something’s failed, and that’s made something else fail, which made something else fail. Getting to the bottom of what’s causing all of this sounds like a nightmarish job.”
As stated before, this event also brought back the memory of the country’s biggest cyber breaches, reported by Optus 14 months ago. However, CEO Kelly Bayer Rosmarin doesn’t believe that the last outage was the result of some kind of hack. “I mean, it’s highly unlikely. Our systems are actually very stable,” she said. “This is a very, very rare occurrence.”
Cyber attacks on telecom companies are nothing new in Australia. That’s why telecom cyber security auditors are hired by companies to assess the vulnerabilities in the networks and ensure the resilience of essential communication services.
Consumers of Optus have had an especially difficult 14 months: after the identity document attack, Optus raised plan costs and removed consumers from previous plans in August, and now there is an outage.
While the Optus data breach from the previous year can be attributed to ineptitude, Dr. Corcoran is unwilling to rule out the possibility that the Optus outage was bad luck, which is unfortunate for Telstra and Vodafone consumers.
“I wouldn’t necessarily say that this is just an Optus problem. I can imagine that this could happen at any of the telcos. I would probably just say that Optus has gotten somewhat unlucky, something’s gone wrong, and they’re wearing it this time. But you can imagine that this could reoccur in a bunch of different places.
“It would be nice to know the specifics so we can know if this is going to occur again.”
Regarding whether Australia is more susceptible to these kinds of security lapses and issues, nothing about the Australian telecommunications network is especially unique or vulnerable, despite the fact that this Optus outage lasted unusually long and affected an unusually high number of individuals.
We simply notice them more because we reside here, even if these outages also occur worldwide.
The Optus outage highlights the complex web of circumstances that might result in a cascade of failure and serves as a cautionary story for the telecoms industry. To avoid repeating the same mistakes, the industry needs to prioritise investments in redundancy, technological upgrades, and operational resilience as networks become more complex and technology develops. Optus’s road to recovery includes strengthening its systems and infrastructure to withstand the changing challenges of the digital era, in addition to restoring services. At the same time, we cannot take the looming threat of cyberattack lightly, as it remains an ever-present concern. Acknowledging this reality prompts a call to action—a commitment to fortify the defences, prioritise cybersecurity education, and foster a resilient digital infrastructure.
To know more about protecting companies against potential cybersecurity risks, refer to our blog, Top Vulnerabilities Exploited by Cybercriminals. Also, it’s better to seek the guidance of globally accredited cybersecurity companies, such as Cybernetic Global Intelligence to mitigate risks and respond effectively to cyber attacks. For details, call 1300 292 376, send an email to Contact@cybernetic-gi.com, or visit www.cyberneticgi.com.