SARAH FERGUSON: Racheal Falk, welcome to 7.30.
RACHAEL FALK: Thank you.
SARAH FERGUSON: Now we know that this wasn’t a cyber-attack. Optus said they’ve never had an outage of this nature. What was different about what happened today?
RACHAEL FALK: What was different is this particular outage took their entire network, so their fixed services, their broadband and their mobile offline. And that is unprecedented that you have all services out for that period of time.
SARAH FERGUSON: Now Optus says that is has got multiple layers of redundancy, that is to say back up, I think this is right, back up in case of outages. This suggests that they did haven’t enough and they weren’t good enough.
RACHAEL FALK: I think that is right and look to be honest with you, you can call it whatever you want, the CEO can come out and say, deep technical faults, major engineering issue. It is what it is. It had a massive impact, significant consequences.
And yes, telecommunications networks are complex but whatever happened impacted the backbone of their system today.
SARAH FERGUSON: So how is it possible that actually for a telco, for a critical service like that, they don’t have the redundancies able to deal with even a very large outage?
RACHAEL FALK: Well, I think that’s a really good question and perhaps directed more to the Optus CEO.
But you would think that when they are doing these changes and I imagine, again, it was an outage or an upgrade or a change or something happened that impacted the backbone, so they would have redundancy, but for whatever reason that redundancy and back up also failed today and we all eagerly await the root cause analysis of today from Optus.
SARAH FERGUSON: We will come to that in a moment but do we understand why it took so long for service to be restored?
RACHAEL FALK: No, but I can only imagine a couple of things were going on.
They realised it impacted all their services, number one and I don’t know this, but I suspect they were also all themselves internally using Optus devices.
So if you are reliant on your own Optus mobile and you’re all execs on Optus and have got Optus wi-fi and mobile, and you all can’t communicate with each other, I imagine that caused a bit of a problem.
It wouldn’t be, I wouldn’t think it unusual that Optus were on their network, similarly they wouldn’t be rushing out and buying Telstra handsets but now maybe they will be in future. That may have also hampered the ability for them to even communicate internally.
SARAH FERGUSON: And just a question, to understand this, is it not possible in an emergency of this scale, for their network to be transferred to Telstra?
RACHAEL FALK: No. Look, I’m not a network engineer, but no, it’s not a matter of just simply lifting your network and putting it on another’s.
Certainly, the only thing they do transfer is the interoperability of Triple-Zero calls on mobiles and the minister talked about network camping and that goes on but they simply can’t reroute.
They’re different systems and really, they are different companies for that purpose.
SARAH FERGUSON: Now, in terms of the communication today. Now you have just obviously referred to the fact that the Optus executives presumably were holding Optus devices. That notwithstanding, given how important their service is, how would you rate their communication today?
RACHAEL FALK: Look, today was not a day to be a shy CEO. You needed your CEO front and centre out today, early in the morning, hitting every major network, giving pressers left, right and centre. You cannot have enough communication on a day like today.
And unfortunately, I just don’t think we saw that. Again, I’m prepared to forgive Optus for potentially being all on the Optus network but today was not the Optus CEO’s day to be shy.
You really need the customer front and centre of this story today.
SARAH FERGUSON: What does today’s event tell us, if anything, about how vulnerable Australia’s telcos are?
RACHAEL FALK: Well, I think what it is, it highlights that telecommunications companies are the backbone of everything connected to the internet.
If a telco doesn’t work or goes down, you literally cannot function. Forget about anything else about making a call, EFTPOS, it cripples checking out of the supermarket, it can hamper operations lists.
We saw it impacting hospitals, maternity wards. We saw it impacting everything.
So there is a fragility there, absolutely and it is one that I think we all need to consider and on our reliance, we can’t go backwards from the reliance, but what we can do is understand the fragility of the telco network and I think governments get that.
There’s a whole bunch of legislation around network security. But I think today, 10 hours, 12 hours was a really long time to be without crucial services.
SARAH FERGUSON: Explain a little bit in terms of regulation, what were they, what are they obliged to do? Are there standards for not having an outage last so long and be so extensive? Have they broken regulations today?
RACHAEL FALK: I’m not aware of a standard and honestly a standard, and I was thinking about that earlier, a standard being too long for communicating or having an outage.
But there are a whole bunch of laws and sort of regulations around network security and what kind of kit they can buy and keeping and ensuring threats are mitigated and that is certainly not just telcos – it is all 11 sectors of critical infrastructure, all now through the security the Security of Critical Infrastructure Act, have obligations that have been switched on to ensure that they have an all hazards approach, so it is not just this, it is an all hazards approach to security and risks.
And that is a critical piece of legislation that we have but absolutely, there are not to standards, they have a whole range of laws that they have to keep in place, but the problem here is, you can’t make the fix go faster.
So you could have the minister on the line, a regulator on the line, you just can’t make this improve or fix faster. It just has to be found and dealt with and unfortunately it took longer today and I’m sure Optus would have hoped it was much quicker, but when you have a root cause of this size, it would have taken them a long time to a) communicate, b) find it, c) fix it.
SARAH FERGUSON: Now just in terms of transparency, in the major hack that took place last year, we are not going to see the report that was commissioned by Optus. We still don’t really know the causes of that event. Does Optus have a problem with transparency?
RACHAEL FALK: I think generally whether Optus has a problem, I think you need to be transparent in these circumstances.
I think the root cause of a cyber incident shouldn’t be a secret and I’ve always said that publicly. We need the equivalent of like an ATSB (Australian Transport Safety Bureau) or NTSB (National Transportation Safety Board) for cyber incidents so root causes are known by all businesses, and we can learn from that.
I think transparency is key. When you are operating a large telecommunications network and ten million customers were affected today, we had similar numbers affected in the hack, you absolutely have to be transparent, when such a large outage or a breach has the impact and consequences it has.
SARAH FERGUSON: Rachael Falk, just to be clear to our audience, you were referring there to the organisations that manage safety in aviation.
Rachael Falk, thank you very much indeed for joining us.
RACHAEL FALK: Thank you.