A timely reminder with CIA – it’s not all about the C & I
On Thursday, 6th December, users of the O2 mobile network suddenly found that they had no internet connection. In addition, and initially contrary to O2’s initial communications, many users found they had zero or sporadic voice connectivity as well. Everyone was asking the question, why was the O2 network down? This happens occasionally, irrespective of the network you subscribe to, what made this drop-out in service different though, was the sheer length of time O2 was unavailable and the widespread disruption that it caused – for example, live London bus times were kaput, as were various payment systems. It was a timely reminder with 5G looming, that as our infrastructure becomes more and more reliant on wireless communications so does the impact increase when there is a loss in availability.
So, what caused the outage? Well as the hours turned into days details started to emerge. No, it wasn’t precluded by someone asking the question “what does this button do?” but in a way, it’s as equally preposterous…
The longer and less ridiculous sounding explanation is that a third party’s software suffered technical issues that had a knock-on effect of causing disruption to O2’s service availability – something that has now been resolved by specialist engineers. Rather unfortunately though, the shorter and more accurate answer is: Someone forgot to renew the licence certificate.
Yup, as simple and silly as that.
This is something we’re going to have to get used to. Way back in 2011, in a Wall Street Journal article, tech start-up funding guru – Marc Andreessen, said something that became infamous, much repeated and paraphrased: “Software is eating the world”
Essentially meaning that it would be the rapid advancements in software’s versatility and power that was (and is) going to fuel the technological future rather than mechanical design and infrastructure. This sentiment has been proven correct time and time again, the downside of it is though, when something – like a communications network – ‘falls over’ it’s more likely to be a piece of erroneous code or command line (or yes, even an expired software certificate) than a mechanical doo dah that’s failed. Meaning that rather than just sending out an overall-clad maintenance person to replace a bit of hardware you instead need to perform a detailed, in-depth root cause analysis that can cause significant time delays.
So back to CIA, no, not the men in dark suits, we’re talking about the Confidentiality, Integrity and Availability of data. Confidentiality is a well-trodden path, basically, it’s your data privacy. Integrity too is something that we in the InfoSec world talk about a lot, think about the integrity of your data on your networks and protecting it via intrusion detection services and anti-virus. But as the O2 outage demonstrated, don’t forget about maintaining and protecting the availability of your information services.