For Bayer Rosmarin, judgment certainly came pretty swiftly following the Optus outage on November 8, leading to suggestions about the CEO’s possible exit being reported in The Australian Financial Review even before her appearance at the Senate committee hearing last Friday.
None of Bayer Rosmarin’s polite rhetoric on Monday about “restoring trust” or Singtel’s references to her integrity and leadership through “a challenging period” since 2020 could compensate for a much tougher reality.
“Having now had some time for personal reflection I have come to the decision that my resignation is in the best interest of Optus moving forward,” she said.
More aggressive
But moving forward also comes 14 months after a major cyber breach affecting millions of Optus customers’ personal details where the company’s response was also criticised as inadequate.
Not that any company can guarantee security from cyberattacks from ever more sophisticated, aggressive actors. Still, the suspicion that Optus’ protective systems weren’t optimal was compounded by the company’s refusal to release an independent review by Deloitte into what had happened despite an initial commitment to do so.
Bayer Rosmarin told inquiring senators the report contained a forensic investigation into the company’s cyber defences, including material so sensitive it could expose Optus to national security concerns. Its lawyers warn that disclosure may exacerbate hacking risks to its obligations as a critical infrastructure provider.
It is currently deciding whether to appeal a Federal Court ruling that would provide access to plaintiffs in a class action lawsuit filed by Slater and Gordon, one of the most ubiquitous law firms in taking class action cases against corporates.
All of this balancing of competing interests sounds at least worthy of consideration by Canberra and the courts.
Public perceptions
But that background surely should have made its CEO hypersensitive to the importance of managing public perceptions – and politicians – in any future crisis. It doesn’t allow the leeway of taking several hours to call the communications minister while also not calling a press conference because of a “focus on working with teams to resolve the issue”.
The only real certainty is that there will be more crises in critical infrastructure – including occasional outages and relentless cyberattacks. That will require communications within and between companies and with the government to be as seamless and quick as possible to try to minimise inevitable damage.
While it may not be easy to explain complicated technical procedures to the public, Optus didn’t seem to even try to make its messaging sound comprehensible or reassuring until far too late in the day or rather the week.
Fairly or not, instant messaging matters more than ever – although it must seem genuine rather than obviously confected to appease.
The general air of confusion wasn’t helped by Singtel itself being forced to clarify the upgrade of its own network was not the cause of Optus’ problems with its 90 routers directing internet traffic. This followed clumsy explanations from Optus about the Singtel upgrade triggering the outage.
Optus executives told senators on Friday that they have now implemented changes to their network to increase resilience and redundancy systems, ensuring there’s no repeat of the national outage.
Unfortunately for Optus, the headline out of that exchange was that it had never even contemplated such a comprehensive outage rather than a more limited version affecting different parts of the network. This required a further statement of clarification later that Optus regularly reviews and tests procedures that support “crisis or catastrophic scenarios” as well as crisis management plans if an event escalates in severity.
Most Optus customers have stopped listening, with many of them already moving to Telstra or TPG instead.
But the government is aware it can’t escape questions about the reliability of the whole system and why, for example, triple zero calls weren’t redirected to another network.
Anthony Albanese said in an interview on Sky it was not surprising the Optus CEO had resigned after a “shocker of an incident”.
Communications Minister Michelle Rowland has established a “post-incident review”.
“We need to learn the lessons to ensure industry and government is as prepared as possible, given no network is fully immune,” she said. Yep.