Optus outage incident: Root cause analysis

There were four breaches, one hacking and the recent outage believed to be some configuration mishap while doing a software upgrade, all in the past 5 years making big news for Optus (see reference1-5).

Around 4.05 am on Wednesday 8 November 2023, Optus experienced a widespread service outage, affecting a significant number of its customers. The disruption impacted various services, including mobile data, internet, and voice calls, leaving users frustrated and businesses grappling with operational challenges.

The outage not only underscored the importance of robust telecommunications infrastructure but also shed light on the vulnerabilities that can arise in even the most advanced networks.

This poses a question: what makes a big giant so vulnerable to Cybersecurity?

Big telecommunication companies can be vulnerable to cyber attacks due to various factors. Some of the key reasons include:

Complex Networks: Telecommunication companies typically have complex and extensive networks with numerous interconnected systems. This complexity can create vulnerabilities, and managing such vast networks can be challenging, making it easier for attackers to find and exploit weaknesses.
Interconnected Infrastructure: Telecommunication systems rely on interconnected infrastructure, including routers, switches, and other critical components. If one part of the infrastructure is compromised, it can potentially impact the entire network, leading to widespread disruptions.
Dependence on Technology: Telecommunication companies heavily rely on technology to provide their services. This dependence on technology means that any vulnerabilities in the underlying software or hardware can be exploited by cyber attackers to gain unauthorised access or disrupt services.
High-Value Targets: Due to the critical nature of their services, telecommunication companies are attractive targets for cybercriminals, hacktivists, or even state-sponsored attackers. Disrupting telecommunications services can have significant economic and social consequences, making these companies high-value targets.
Data Sensitivity: Telecommunication companies handle vast amounts of sensitive customer data, including personal information and communication records. This makes them attractive targets for cybercriminals seeking to steal and exploit valuable data for financial gain or other malicious purposes.
Increasing Connectivity: As telecommunication networks become more integrated with other industries and technologies (such as the Internet of Things), the attack surface for potential threats expands. This increased connectivity can expose telecommunication companies to new and evolving cyber threats.
Legacy Systems: Some telecommunication companies may still be using legacy systems that were implemented before the current cybersecurity landscape evolved. These older systems might have known vulnerabilities that have not been adequately addressed or patched, making them susceptible to attacks.
Supply Chain Risks: Telecommunication companies often rely on a complex supply chain for hardware and software components. If any of these components have vulnerabilities, it can introduce risks into the overall system, especially if security measures are not rigorously enforced throughout the supply chain.
Human Factors: Insider threats or human error can also contribute to vulnerabilities. Employees with access to critical systems may inadvertently introduce security risks through actions such as falling for phishing attacks, using weak passwords, or mishandling sensitive information.

To mitigate these vulnerabilities, telecommunication companies must invest in robust cybersecurity measures, conduct regular risk assessments, stay updated on the latest threats, and implement best practices for network security. This includes employee training, regular system patching and updates, and the adoption of advanced security technologies.

We believe Optus and like companies are aware and abreast of all measures it should take to safeguard against listed vulnerabilities to cyber attack. Most organisations nowadays invest heavily in tools and technologies. What else is important?

A cybersecurity program, in my opinion, is like a big aircraft (or more) ready to land at an airport. We should equally focus on the runway and related on ground safety. In an organisation, it translates to focused leadership and efficient management. No matter how sophisticated tools and technology we deploy, unless we have a leadership foreseeing challenges and an efficient management stack to make the best use of deployed tools and technologies, there will still exist a gap, no matter how small it is when compromised, will result in big losses.

Potential Root Causes of the Outage: Though Optus announced this to be a software upgrade failure, it is hard to believe so. Primary reason for my disagreement over such a conclusion is the span of outage. The outage was for voice, text and internet. It is highly unlikely that anyone upgrade will touch all these three domains, which are domain-isolated with layer-2 and layer-3 redundancies. Following broad conclusion can be drawn.

Technical Glitch or Human Error? The first question on everyone’s mind during a network outage is whether it was caused by a technical glitch or human error. Optus, like any other telecommunications giant, relies on a complex network of hardware, software, and personnel to keep its services running smoothly. Initial investigations suggested that the outage might have originated from a technical malfunction in one of the critical components of the network. However, the possibility of human error, such as misconfigurations or oversight during routine maintenance, cannot be ruled out.
Network Overload and Capacity Issues: With the ever-increasing demand for data and connectivity, telecommunications networks face the constant challenge of expanding their capacity to meet user needs. The Optus outage could have been exacerbated by a sudden surge in network traffic or an unexpected overload on specific components, causing a strain on the infrastructure.
Security Concerns: In an era where cybersecurity threats are on the rise, the outage raised questions about the role of security in safeguarding critical infrastructure. While initial reports did not indicate a cyberattack, the incident prompted a reassessment of the security measures in place to protect against potential threats that could compromise the network’s integrity.
Supply Chain Vulnerabilities: Telecommunications providers often rely on a vast supply chain for their equipment and software. The outage might have been linked to vulnerabilities in components supplied by third-party vendors, highlighting the importance of rigorous vetting and security protocols throughout the supply chain.

Learning from the Outage: The Optus outage serves as a wake-up call for both telecommunications providers and consumers. It emphasises the need for continuous investment in robust infrastructure, regular system audits, and comprehensive cybersecurity measures. As technology evolves, so do the challenges, and proactive steps must be taken to stay ahead of potential disruptions.

The recent Optus outage is a stark reminder that even industry giants are not immune to technical hiccups and unexpected disruptions. As we navigate the intricate web of modern telecommunications, it becomes imperative for providers to prioritise resilience, security, and adaptability in the face of an ever-changing digital landscape. Only through continuous improvement and investment in cutting-edge technologies can we hope to build a telecommunications infrastructure that stands the test of time.

Reference: