Blog entry by Les Bell

Anyone in the world

It's only been a week since Australia's Department of Home Affairs released its first Critical Infrastructure Annual Risk Review - November being Critical Infrastructure Security Month. And only a couple of days later, top-tier telco Singtel Optus suffered a major day-long outage - this one apparently not cybersecurity-related, but with some important lessons for us, nonetheless.

A container terminal with a crane over a container ship.And just when everyone thought it couldn't get any worse, ports operator DP World Australia has been hit with a 'cybersecurity incident' (I would say breach, rather than incident, as their defences failed) - this one quite likely the early phases of a ransomware attack.

Turning first to Optus, the firm started to experience a major network failure starting around 4 am on Tuesday 7 November. There's been no official word so far, but the signs point to a failed BGP-4 configuration change which propagated throughout the firm's systems, since other network operators reported a spike in BGP-4 routing advertisements from the company, beginning around then. This brought down the company's cellular network, since voice calls in this 4G/5G/6G world are no longer switched analog signals, but Voice over IP.

You might be thinking, "Hang on - the whole point of the packet-switched IP protocol which runs the Internet, and the dynamic routing protocols which control its routing, is precisely to deal with this by detecting outages and routing around them!". And you'd be right, except for a couple of things:

First, the days when telephone exchanges were huge sandstone or concrete buildings which were manned 24 x 7 by technicians are long gone. These days, the 'central office' switching centre gear is much, much smaller, and is remotely managed - which is great as long as your network lets you connect to those switches and fix any configuration problems. But if your network routing is b0rked, then you've just sawn through the branch you were sitting on, and are rapidly hurtling towards terra firma.

The switches that failed first were located in two Melbourne suburbs, and so a technician apparently had to be despatched with a laptop and cable to connect to the AUX port of the switches. Meanwhile, a domino effect had set in, with routes being dropped all over the place. There are other potential complicating factors, too - think about physical access control: a great big chunky key will always work, but a badge reader will need network connectivity.

Over 12 hours later, the network was gradually coming up again, mollifying customers who had suffered significant losses. Coffee shops, hairdressers and retailers of all sizes were unable to take payments, since their credit card terminals rely on the cellular and in this post-COVID era hardly anyone carries cash. The result was a clamor for compensation - to which Optus was slow in responding, offering many customers an extra 200GB of free data (on top of an unlimited data plan, in many cases!).

There are clearly lessons here about resilience by means of redundancy, cost-cutting, the importance of planned responses to material incidents, breaches and outages, including crisis communications, and the value of dual-SIM smartphones with a spare pre-paid SIM.

Turning to DP World: the UAE-based logistics firm is the largest port operator in Australia, handling one third of the country's maritime freight through its ports in Sydney, Melbourne, Brisbane and Fremantle. On Friday 10 November, the company detected a breach and responded by disconnecting from the Internet and calling in cybersecurity specialists, including the Australian Cyber Security Centre, this being critical infrastructure.

As a result of this containment effort the firm had to close down its port operations, including its connections with landside transport and logistics companies. This could lead to supply-chain disruption and product shortages in the pre-Christmas retail peak - so we can expect more unhappy retailers.

DP World remains offline as of 7 am on Monday 13 November 2023, but hopes to back online within days.

'They' say that bad things always come in threes, so I'm waiting with bated breath. . .

McKenzie, Parker, What caused the Optus outage and how it exposed Australia’s communications framework, The New Daily, 8 November 2023. Available online at https://www.thenewdaily.com.au/finance/consumer/2023/11/08/optus-outage-cause-resiliency.

AAP, Cyber attack shuts down major port operator, The New Daily, 11 November 2023. Available online at https://www.thenewdaily.com.au/news/2023/11/12/dp-world-cyberattack.


Upcoming Courses


About this Blog

I produce this blog while updating the course notes for various courses. Links within a story mostly lead to further details in those course notes, and will only be accessible if you are enrolled in the corresponding course. This is a shallow ploy to encourage ongoing study by our students. However, each item ends with a link to the original source.

These blog posts are collected at https://www.lesbell.com.au/blog/index.php?user=3. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Creative Commons License TLP:CLEAR Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.