In todays video I discuss the Optus outage that unfortunately resulted in 3 deaths because of interruption to public critical emergency services.
As a member of the Australian public, I am only privy to the same information that the public is privy to. My comments are not assigning blame to Optus, but to explore in general how organizations, technicians and engineers can avoid these tragic situations in the future.
The Optus outage was said to be a result of a botched firewall upgrade. I hope this does not put any organizations off from updating their firewalls. Upgrading a firewall is important, the firewall is our first line of defense against some bad actors who would send Australia back to the dark ages if they had the opportunity to do so.
However, upgrading a firewall, or any network infrastructure needs proper planning to get the job done right. Such planning will include analyzing network topology maps, creating a documentation plan that details the key steps, service interruption timeframes and success indicators. Planning should also involve creating a contingency plan, a risk assessment of what to do if the plan fails and adhering to the peer review process.
The peer review process involves discussions with qualified professionals, such as TAFE and University qualified technicians and engineers. The peer review process does not involve talking to strangers on blogs, offloading tasks to cheap offshore freelancers or generative AI systems. During the peer review process, you put your egos & feelings aside, the technicians and engineers are more fixated on getting the job done properly.
If followed correctly the peer review process can avoid serious issues from occurring. Multiple qualified engineers and technicians should be tasked with such a network update. Organizations should bring in an independent engineer to review the work of the other engineers before implementing a major network update, this provides further assurance and mitigates risk.
Engineers and technicians should know when to walk away from a job, such as if they do not have the skills required or if the executive is more concerned about the costs of the job and tries to rush the engineers or technicians through the job. Always verify your assumptions before you implement any changes to a network system via the peer review process.
I am not accusing Optus of not adhering to any of the above suggestions. In taking initiative to upgrade their firewalls, Optus shows that they are attempting to take steps to protect our sensitive information systems and data. However, unfortunately in this event the update was not done properly. In the future, I hope Optus, and everyone else in the tech industry learns from this tragic event and works to strengthen our resolve.