Thrust into network darkness: Lessons from a major ISP failure
It was a very significant event that highlighted just how reliant we have become on quick, efficient, and trustworthy internet and cellular networks. There were remote workers who couldn’t log into their network, let alone text their managers to communicate this conundrum, and there were many small businesses who took a day’s hit to income, while still struggling through their COVID-19 pandemic recovery.
On Friday, there was lots of public speculation around the possible cause of the outage, with many tossing around the idea of a cyberattack, especially with Rogers remaining very tight-lipped (and possibly dealing with an even bigger cyber challenge) in the early hours of the outage.
However, Canada’s electronic spy agency, the Communications Security Establishment, said there was “no indication” the outage was due to a cyberattack. This assessment was supported by the US-based cybersecurity firm Cloudfare, who said in a blog post that the outage was likely due to “internal error”.
Rogers president and CEO, Tony Staffieri, cleared speculation on Saturday, July 9, stating: “We now believe we’ve narrowed the cause to a network system failure following a maintenance update in our core network, which caused some of our routers to malfunction early Friday morning. We disconnected the specific equipment and redirected traffic, which allowed our network and services to come back online over time as we managed traffic volumes returning to normal levels.”
Read next: Always expect the unexpected
Regardless of the cause, I think there are a lot of lessons that countries, cities, corporations, and individuals can learn from this event. First and foremost, internet is a critical public infrastructure that is often monopolised by private corporations. Countries need to either have, or regulate that corporations have, tried and tested back-ups to keep people online, keep the economy ticking over, and maintain access to critical services.
Businesses may look back at the “dark” day of July 7 and think: ‘Well, what can we do to protect ourselves against things like this in the future?’ Not putting all your eggs in one basket might be one strategy to consider, but having access to multiple ISPs comes at a cost that many businesses won’t want to entertain.
Naturally, insurance protection might come to mind, but unfortunately, coverage in the case of a network outage is not straightforward. The Rogers outage, for example, is unlikely to trigger most business interruption or loss of income policies because there was no physical damage trigger. Sound familiar? It’s the same issue that’s been bubbling around the pandemic-related business closures and loss of income, because businesses (in many cases, not all) have struggled to prove that the presence of the coronavirus constitutes direct loss or damage to their property.
I’m no legal expert, but there may still be grounds for legal action against Rogers for negligence leading to the network system failure. I’m sure that will become clearer in the coming weeks, but in the meantime, most businesses have no way to retrieve time and money lost. Rogers has announced “credit will be automatically applied to [customers’] accounts and no action is required from [customers],” but that likely won’t make up for the disruption that many businesses and individuals faced. It’s a rather unfortunate and unfair situation.
Read more: All aboard the insurance technology train
This is a good time, I think, for brokers and agents to reach out to clients and use this event (or something similar) to discuss digital infrastructure and the importance of business continuity planning. Now that the COVID-19 pandemic has forced a mass shift towards hybrid and remote working, it is essential that businesses set their employees up for success, and they have a plan B for major disruptions.
It’s also important that they secure their networks appropriately with risk management and insurance solutions. While the Rogers outage has not been linked to a cyberattack, I think it’s still an important topic to raise with clients, because if it had been a cyberattack, this dark day could have been even worse.