While it is too soon to comment on the specific causes of the current outage, it serves as a timely reminder of the need for reliable telecommunications services. Major interruptions of service pose a significant risk to public health and economic well-being. Established risk management strategies exist to protect against outages such as we have seen and have been industry best practice for many years. The scale and duration of the current outage suggest that best practice has not been followed and highlight a need for effective regulatory oversight of an essential service. 

1. Optus is experiencing a very wide outage in mobile communications services, and this is having a tremendous negative impact on many people and businesses -- as these kinds of events almost always do.

2. It is not until these services fail, that we are suddenly reminded of the fragility of many of our modern systems. For example, the inability of folks to pay for services at shops, and thus for those shops to effectively trade. 

3. In the past, the work-around was to use cash. But following the COVID pandemic, many people have switched to using non-cash payment methods, whether cards or their digital equivalents on their phones.  

4. But all those methods rely on the mobile communications networks to function: The EFTPOS machines in most stores are connected via the mobile phone network, for example.

5. Often these failures are not due to the "phone towers breaking down", but rather, that the back-end billing systems which are very complex are often the cause.

6. If the mobile network operators configured their networks to "fail permissive" rather than a "fail prohibit" mode for basic telephone calls, SMS messages and mobile internet, then many of these events would have greatly reduced impact, as the typical things that people are trying to do, would simply be allowed.

7. This concept of "fail permissive" actually makes sense socially and from a civil liability perspective: You are paying for a service, which is otherwise being interrupted. The carrier should take the (very small risk) of increased cost for themselves by allowing these services to continue whenever possible, rather than causing massive costs on society -- and stress due to inability to contact loved ones etc, including potentially up to unnecessary injury or death due to the inability to access timely medical care, where 000 is not the optimum course of action.

8. Moments like this also give us pause to consider the horrors of living in conflict zones where civilian communications is purposely denied by combatant parties. In theory, the Gevena Convention gives some protection against targeting civilian infrastructure, including communications infrastructure, however, this is very frequently ignored by all sides due to the outsized impact that communications has on the ability to wage war.

9. Further, it reminds us of the challenges that we face during natural disasters, where for example, mobile towers isolated from the rest of the network are not typically configured to allow calls to other phones on the same tower.

10. These omissions by the mobile network operators are because there is no immediate financial incentive to do so. For example, Optus is unlikely to face any significant financial penalties for today's outage compared with the cost to society of the outage. Similarly, the mobile network operators are not mandated to maintain "within cell" communications during disasters, so will not invest in the means to facilitate this.

11. Also, some telecommunications laws make this more difficult to do, such as maintaining compliance with any legally authorised phone taps, when a tower isolates from the rest of the network. However, this is in fact quite easy to solve technically, but again, requires the mobile network operators to have an incentive to implement it.

12. For regional and remote areas the impacts are particularly heightened due to the cost of the alternatives to mobile communications -- the distances that have to be traversed to check on loved ones instead of calling them, or to get to the nearest ATM or bank branch to withdraw cash or make necessary transactions (assuming of course that the bank or ATM aren't also dependent on the mobile network) are much greater than in the city.

13. All of this is part of the broader issue of the fragility of modern society: We have so optimised everything, that everything is now dependent on everything else, and any one failure can cause cascading failures -- that extend well beyond not being able to pay for your smashed avocado toast this morning.  Australia would do well to look at every possible means to increase the resilience of our communications networks, as well as other inter-related systems, such as the electricity grid and water supply systems.

The Optus outage affecting millions of customers across Australia has impacted health and emergency services, Triple 000, public transport and many other services. Optus has provided very little information about the national outage and the lack of transparency indicates there is a broader problem in the industry that the Government needs to fix. Single point of failure related outages have occurred too often over the past decades and it is time that the Government steps in to force the telecommunications industry to build redundancy into the networks and systems.

The network outage seems to be something to do with the core network, for example billing or authentication or even data connectivity. The mobile phone towers are all still available and allowing mobile phones to connect to them, however, phone calls in or out from mobile phones (emergency services) are not working. There are also reports of Optus customers overseas not being able to use their phone overseas.

One observation that is apparent is how much a wide variety of mobile phone clients rely on the mobile phone network for their core connectivity between nodes of their business. This outage seems to be quite major (nationwide), and significantly long (several hours so far), and it seems that better backup options (via failover options) would be highly recommended to reduce the impact of such problems.

In a horror start to Wednesday, Optus customers have been without service since 4 am AEDT, with a notable surge in outage reports at 5:45 am, totalling 8,180 reports. At approximately 6:45 am, Optus issued an online statement acknowledging an issue affecting Optus mobile and NBN services. They reassured customers that they were diligently working towards a swift restoration of services.

The outage has resulted in significant disruptions and delays across the Melbourne train network this morning and has also affected telephone lines in hospitals throughout the country. It will also affect business hard and could not come at a worse time after the RBA’s increase yesterday.

Communications Minister Michelle Rowland has indicated that available information is limited but has suggested that a 'significant network issue' may be the root cause of the outage. At this stage, there is no evidence to support the notion of a cyber-attack.

What’s interesting about this outage is that the fundamental links – the optical fibres, the cell towers, etc – all seem to be fine and ready to run. What this says, is that the really expensive stuff to put in, the physical cable infrastructure – is good. 

What the quotes coming out from Optus and the Communications Minister seem to suggest is that the issue is with the networking and control of this infrastructure. This would be something like when you get an airline shutdown due to 'IT issues' – the expensive planes and so on are all ready to go, but the organization behind running those things has failed.

As communications infrastructure becomes more and more critical to us, blackouts of telecommunications systems seem to be approaching the impact of blackouts of the electricity grid. Losing parts of our communications infrastructure seems increasingly unacceptable. 

We also know that telecommunications equipment is becoming increasingly interoperable and adaptable. Maybe this incident will cause us to have a closer look at how we want to run this critical national infrastructure across multiple private companies. If this is done successfully with our electricity grid, what can we do with our 'grid' of communications systems?

Critical infrastructure includes all assets, systems and networks – physical and digital – that are essential to the proper functioning of our society and Australia’s economy. As we’ve seen today, failure or disruption of critical infrastructure, such as telecommunications, can have flow-on effects in others, like our transport system.
 
While the current focus and effort is, and should be, dedicated to addressing this telecommunications outage, we should recognise the importance of building future-proof, secure critical infrastructure. While addressing existing and imminent threats is important, we must also allocate substantial time and effort to monitor the road ahead, identifying and proactively mitigating potential emerging hazards.  
 
Building future-proof critical infrastructure is a significant national challenge that needs a collective effort of governments, industry and academia. Realising the complexity of this challenge, CSIRO has initiated a Critical Infrastructure Protection and Resilience Mission, which is currently under development. The mission was formed in response to global climate change, rapid escalation of cyber-attacks, rise in geopolitical tensions, and the increasing digitisation within the construction and operation of critical infrastructure assets to foster an integrated and resilient national approach to minimise disruption of Australia’s critical services. 
 
CSIRO is committing over $100 million annually to its Mission Program as part of its strategic change agenda, with these missions intended to tackle the most complex, systemic, and urgent of these challenges in partnership with others in the innovation system.

The Optus outage is most likely a regular software upgrade gone wrong. 

The problem is too widespread to be due to a cable break or equipment failure. This is a reminder to have backups for essential services. Even if you have another Internet connection, if you are using two-factor authentication to your bank, or employer, you will not be able to get the code on your phone to log in. If you buy a spare SIM card, check it is not using the same network as your usual telco, and your phone is not locked to them.

At the Australian National University, we are completing grading of the final assignment for computing students, before they graduate. The last thing they do is spend a year working in a team, building and testing, a real system for a real client. This is the ANU Techlauncher Program. An important part of this is to have more than one set of eyes on each line of code, and have students realize that failures of systems have real-world consequences for people.

Beginning about 3 am this morning, Telstra and OPTUS experienced severe service outages affecting customers on a national level with outages occurring in most of the major cities. Simultaneously, train service in Melbourne was halted for a period of time.

Additional service outages are being reported by subsidiary companies such as Vodafone, Amaysim, TPG, and DODO. Further, other non-telecommunications providers such as ANZ are also reporting outages owing to their reliance on telecommunications services such as EFTPOS.

The breadth and duration of these outages, affecting Australia’s critical infrastructure, should serve as a warning that Australia remains vulnerable to attack from both nation-state adversaries and organised criminal groups.
 
Over the last few years, dozens of companies, academic institutions and government agencies have experienced outages and data breaches. Meanwhile, billions of illicitly obtained dollars have been laundered by foreign threat actors including China, Russia and North Korea, often through difficult-to-trace cryptocurrencies, making seizure and recovery almost impossible.
 
Australia’s continued and repeated victimisation by foreign actors resulting in the loss of valuable intellectual property, sensitive medical and identity data, and damages to businesses constitute a significant threat to national security. A shortage of qualified and trained cybersecurity professionals has exacerbated these threats.
 
The need for Australia to improve and develop its cybersecurity defensive posture remains unquestioned. The government must do more to increase the number of cybersecurity professionals able to defend Australia’s critical infrastructure and secure its vital data and informational assets.

Today’s Optus outage is unprecedented in terms of scale and duration combined. It comes just over a year from the unprecedented data breach that Optus suffered in 2022. Some have speculated already about whether today’s outage might be the result of a cyber attack. At this stage, we have no information to indicate whether it might be the result of an attack or simply a benign failure.

However, the scale of the outage means that if it were the result of an attack then it would represent one of the most severe and successful attacks on digital critical infrastructure that Australia has suffered. The severity of the outage in some ways makes it less likely that it is the result of an attack. Like all telecommunications companies, Optus would build its network infrastructure with multiple sources of redundancy in place.

For an attacker to intentionally cause an outage like this they would have needed to find and exploit a vulnerability at a critical point of failure in Optus’ network that could bring down internet, mobile and landline communications simultaneously, or to have carried out a coordinated attack at multiple points in Optus’ network to cause such a widespread outage.