The major network provider in the Netherlands (KPN) suffered a massive outage earlier this week, writes Information Security expert Tony Proctor. The main effect of this seems to have been the loss of connectivity for many mobile phones and landlines which crucially included the 112 emergency services number. This event illustrates the continuous challenge presented by our dependency on and the vulnerability that exists in technology.
The outage lasted for four hours during which time members of the public requiring emergency assistance were asked to attend police, fire stations and hospitals in person. A decision was taken to visibly deploy emergency workers resulting in extra police on the streets and fire appliances positioned at strategic points in major cities. Information was pushed out through national and regional social media channels. The emergency services also made use of social network platforms (interesting given the debate around the security of these systems).
Rather unfortunately, the National Alerting Service https://crisis.nl/ mistakenly gave out the WhatsApp number for a newspaper “tip off” line as an alternative contact (there’s an old security adage that suggests things go wrong when you least need them to because it is under such circumstances that behaviours change from the norm) .
KPN have not discussed the reason for the outage but stated that the back-up systems did not work. Dutch government information describes a problem with KPN’s routing platform. It also questions why there was a delay in issuing a national alert. What has followed is the usual questions to parliament and resignations in high places (apparently nothing to do with the incident).
Incidents like these serve as is a wakeup call for organisations to test their back-up processes ensuring that fail safe actually exists where required and that manual systems are available and can be reverted back to where necessary. As the CISO of a very large organisation said to me recently, “you have to plan for the extinction event”.
Cybersecurity is commonly defined as a CIA triad of Confidentiality, Integrity and AVAILABILITY. It is stated that this event was not due to hackers and this raises two thoughts; that we might be focusing on cyber-attacks and forgetting the less complex reasons for catastrophic systems failure and accepting that it could indeed be the type of consequence resulting from a successful cyber-attack. Either requires a rigorous and robust approach achieved through effective incident response, disaster recovery and business continuity processes.