What can we learn from the Optus outage?

Yesterday, over 10 million private and business customers were affected across the country when one of Australia's largest telecommunication providers crashed. This left many of them without telephone service or internet access for up to 13 hours in some cases.

Fallout from the outage

This was clearly bad news for those affected customers and for Optus itself. It's only just over a year since the company suffered a major data breach affecting a similar number of customers. That breach had many impacts on the company. Aside from the obvious reputational loss, Optus agreed to pay for the replacements of compromised passports, and for some customers to have a subscription to a credit monitoring service.

In the wake of yesterday's outage, the parent company suffered over a 4% drop in its share price. The Australian Federal Government has announced an investigation, and there are reports that Optus 'rivals have indicated a spike in new customers.

So, the outage was clearly bad news for Optus and its customers, and there will be plenty of observers piling in with criticism. As our regular readers will know, this blog space, and indeed Qudos as a business is all about supporting people that run management systems. We thought we would take a different approach, and ask the question...

What can we learn from the outage?

Most of us don't run a Telco but we all use them. This obviously won't be the last outage such outage, so we should consider what practical steps can we put in place when a service provider we use does suffer a technical problem or cyber attack.

The aim is, of course, to continue business (at least to acceptable levels and time frames) despite a significant disruption to something we rely on. Although we can't predict the exact nature of any specific disruption in the future, we can consider a range of what-if scenarios and plan how to deal with them. We can then consider arrangements for prevention, preparation, response, and recovery to build resilience. What we are talking about in general is Business Continuity Planning.

Having a Plan-B

In many cases, the solution will involve having a Plan B - an alternative that we can turn to in the event of a failure in our supply chain.

Here's a couple of illustrations:

1

During yesterday's Optus outage, we had team members that were working from home with mobile phones on the Optus network. While that failed, they were still able to work because their home internet connections were with a different provider. They could make calls using Messenger, What's App etc. What's more, with Apple iPhones they were able to switch them to wi-fi calling and make calls using the internet connection. If the scenario was that the failure was with their ISP instead of the mobile phone provider, the reverse could have applied by using the hotspot facility on their mobile.

2

Like many organisations, we use the Microsoft Azure cloud infrastructure for both our own network and also to host our client's Qudos ³ IMS software installations. That is not reliant on a single service provider, so a failure in one does not disable the service.

Business Continuity Planning

So, one thing we learned from the Optus outage is to include such scenarios in our Business Planning. We recently ran an article on the very subject. Read here.

Communications is the key

Another thing we learned is that should a disruption affect our own service delivery, it's imperative to have effective and timely communications -  especially with our customers.

Optus came in for a lot of criticism for its failure to communicate or communicate well. There were reports of people without internet connection being advised to visit the company's web site for information.

The Sydney morning Herald published an article "It's better to say too much than too little".

On Channel 9's A Current Affair last night, Rachael Falk from the Cyber Security Cooperative Research Centre stated "For any brand that goes through an outage or breach, you can't communicate enough. The customer needs to be front and centre of comms".

So what can we do? Our suggestion is to develop a communications plan. That should include who will communicate, to whom, by what means and under what circumstances. It is a good idea to have some template comms ready for certain eventualities. The comms can be adjusted as necessary, but the plan will help to respond better and faster.

Qudos ³ IMS software clients have a template Communications Plan in their toolkits. A customised version should be included in your master documents and reviewed periodically.