Experts Call for Optus to Explain the Outage Sparked by ‘Software Upgrade’

Optus said routers couldn’t handle ‘information changes’ following a routine software upgrade but experts are calling for a more detailed explanation.
Experts Call for Optus to Explain the Outage Sparked by ‘Software Upgrade’
People walk past an Optus store in Sydney, Australia, on Oct. 5, 2022. Brendon Thorne/Getty Images
Isabella Rayner
Updated:

A telco expert said Optus still hasn’t fully explained what caused the 14-hour nationwide outage that impacted millions of Australians and 400,000 businesses.

Optus said a software upgrade caused the outage that stopped millions of Australians, 400,000 businesses and emergency services from calling or taking card payments on Nov. 8.

The telco giant said in a statement on Nov. 13 that “at around 4:05 a.m. Wednesday morning, the Optus network received changes to routing information from an international peering network following a routine software upgrade.”

However, RMIT University Associate Professor Mark Gregory said Optus needs to explain the outage further, which he said occurred due to “human error.”
“Optus has not explained what went wrong with the test process that should have occurred before the routing software upgrade occurred,” he said. 
He said the telco giant should also explain why there wasn’t a backup for the router.
“There remains a number of open questions that Optus has failed to explain, but we now know that the Optus outage was not hardware failure and not related to a cyber attack,” he said. 
University of Adelaide Information Networking Research Fellow Mark Stewart added Optus should outline their new recovery plan to stop the outage from happening again.
“A major telco should have a disaster recovery plan which is more sophisticated than your average corporate network,” he said. 
He said the plan should, at minimum, “revert the changes or remotely reboot their systems.”

Optus CEO Will Face Questions at Inquiry 

Optus will face an explanation at a senate inquiry into how the telco giant communicated with its customers on Nov. 15.

Further, Communications Minister Michelle Rowland announced a post-incident review to understand what happened, what went wrong, and what improvements could be made.

At the same time, the Australian Communications and Media Authority (ACMA) has begun investigating whether emergency 000 calls on mobiles were affected during the outage.
Griffith University Lab Director Graeme Hughes said the way Optus addresses and prevents future issues and compensates consumers for losses after these investigations would “be intriguing to observe.”
However, Optus said it welcomed the investigations and intends to cooperate fully.
Greens Senator Sarah Hanson Young said they were about holding telco companies accountable. 
“There needs to be a clear overhaul of regulations,” she told Seven News. 

The federal government announced on Nov. 13 a regulation overhaul that would require telecommunications companies in Australia to report their cybersecurity measures to avoid a repeat of Optus’ cyber hack last year.

Under the laws, telecommunications companies would be classified as “critical infrastructure,” requiring their company boards to report to the government on their cybersecurity strategies.

Supplied image of people using a new contactless payment app designed by Optus on a smartphone at a retailer in Sydney, Australia, on Nov. 13, 2014. (AAP Image/Fuel Communications, Optus)
Supplied image of people using a new contactless payment app designed by Optus on a smartphone at a retailer in Sydney, Australia, on Nov. 13, 2014. AAP Image/Fuel Communications, Optus
Despite new laws, the telco said it had already changed the network to “address this issue so that it cannot occur again.” 
It comes after Optus CEO Kelly Bayer Rosmarin initially dismissed suggestions a software update caused the outage.  
“It’s highly unlikely; our systems are actually very stable,” Ms. Rosmarin told ABC Radio Sydney.
Instead, she blamed a “technical network issue” for the outage. 
Optus followed with more information about the network issue in a statement: “In common with major global telecommunication networks, the Optus network is designed with multiple layers of fallback and redundancy.”
“At the heart of this is a modern intelligent router network.”

‘No Surprise,’ Expert Says

However, Australian National University Adjunct Senior Lecturer Tom Worthington said, “It is no surprise that a software upgrade caused the Optus outage.”
Therefore, he questioned whether Optus had implemented the “two-man rule” to fix it.
“That is, can one person make a change to the system on their own? There needs to be one person input the change and another check it,” he said.
“It would be possible to replicate all the hardware, but that would double to cost of services to customers and would not stop a systematic failure of this sort,” he said. 
Despite possible solutions, he said the outage provided some clear lessons for government, business, and domestic users of internet and phone services.
“Don’t have all your phones and internet provided by the one company,” he said. 
“If you are providing safety critical services, have connections to multiple networks.”
An Optus service message is displayed on a phone outside an Optus store in Sydney, Australia, on Oct. 5, 2022. (Brendon Thorne/Getty Images)
An Optus service message is displayed on a phone outside an Optus store in Sydney, Australia, on Oct. 5, 2022. Brendon Thorne/Getty Images

Isabella Rayner
Isabella Rayner
Author
Isabella Rayner is a reporter based in Melbourne, Australia. She is an author and editor for WellBeing, WILD, and EatWell Magazines.
Related Topics