The Times Australia
Business and Money
Times Media

.

The Optus outage shows us the perils of having vital networks in private hands

  • Written by Helen Bird, DIscipline Leader, Corporate Governance & Senior Lecturer, Swinburne Law School, Swinburne University of Technology
The Optus outage shows us the perils of having vital networks in private hands

Optus chief executive Kelly Bayer Rosmarin is set to front a Senate inquiry[1] this week, probing last week’s colossal outage which left millions stranded without internet or mobile phone connectivity for a staggering 14 hours.

The company has faced severe criticism[2] for its handling of the outage, including for its lack of urgency in updating the public.

Loss of trust and confidence aside, if the national outage has taught us anything, it is there are real dangers in leaving the management of critical national infrastructure to a 100% privately owned company, in this case, a subsidiary of Singapore Telecommunications Limited, or Singtel[3] as it is better known.

As a private company, Optus has no legal obligations to report publicly on its financial statements or governance arrangements, unlike its competitor, Telstra Ltd. They don’t even have to report to government, despite holding a licence to be a carrier under federal legislation.

Image of one of the Singapore based telecommunications company Singtel's storefronts
Optus is Australia’s second largest communications carrier but is privately owned by Singtel. Tang Yan Song/Shutterstock[4]

Optus is the second largest supplier after Telstra of national carrier infrastructure in Australia. Its services are critical to the operation of our economy and community wellbeing. An illustration of this was the failure of the emergency 000 service during the outage. People with Optus couldn’t contact emergency services for up to 14 hours.

The obligations of listed companies

If Optus was a publicly listed company, like Telstra, it would have to comply with the listing rules[5] of the Australian Stock Exchange (ASX). This means it would have to disclose any information that could reasonably be expected to affect the price or value of the entity’s shares[6].

An unexplained system-wide outage of carrier services would arguably warrant this. If these rules applied to Optus, it would have had to issue regular market updates on developments during the outage. The odd, unannounced phone call by the Optus CEO[7] to a radio program would be unsatisfactory.

A quick review of the Optus website’s “About Us[8]” section suggests a number of apparent shortcomings. Contrary to the recommendations of the ASX corporate governance rules[9] not a single member of the Optus executive board of directors qualifies as an independent director, that is, a director with no apparent ties to the company.

The idea of the independent director is to help a company board break out of its group think. In a crisis, for example, this would mean asking hard questions of executive management. While ASX governance rules technically only apply to public companies, they are a role model for all corporates, including large proprietary companies like Optus.

No details of the company’s risk-management arrangements are given either, including the chief risk officer. This is extraordinary for a company whose recent history (cyber hack, system outage) shows its exposure to extremely high levels of risk.

Generic image of an Australian Stock Exchange screen Optus is the second largest communications carrier in the country but is not accountable to the federal government. Stephen Saphore/AAP[10]

There are also no details of who monitors the executive management of Optus. It is important to see this for what it is - Optus devolves its corporate governance responsibilities[11] to Singtel and runs a very lean operation in Australia.

This is seemingly good for Optus from a cost management viewpoint, but bad for Australia because we are leaving the governance of critical national infrastructure to a company with no direct accountability to the public and minimal accountability to the federal government.

Poorly prepared for a crisis

The absence of a comprehensive crisis management plan was obvious during last week’s outage. Despite experiencing a wide-scale cyber hack in 2022[12] Optus seemed ill-prepared to handle the system outage. You have to ask: why wasn’t a plan prepared well in advance of any such crisis?

Crisis management should entail a communication hierarchy and a systematic response. It is a key part of a company’s risk management system. This means knowing who needs to be notified and when to notify them. Presumably, high on that list would be the government. Instead, Bayer Rosmarin phoned radio programs revealing snippets of information in an ad-hoc way.

As part of crisis management, system fixes should be prioritised and companies obliged to tell the public the order in which these will be tackled. For example, the first fix should be health and hospital services. This did not happen. Instead, the absence of a clear plan only fuelled public anger.

Optus likes to control the narrative

Optus likes to tightly control its communication narrative. It refused to publicly release the Deloitte report on its 2022 cyber hack, until late last week[13] when it was ordered to make it available to litigants in a class action.

Similarly, the chief executive was reluctant to explain the current system outage, effectively asserting that there was no point until they had “bottomed out the root cause[14]” and could make it more digestible to the public.

Optus held all the power, yet when it did finally explain the failure days later, it was described as caused by a system upgrade and a failure of routers[15]. Hardly more digestible than the system failure we already knew it to be.

Head and shoulder image of woman with long light brown hair Optus chief Kelly Bayer Rosmarin. Supplied/AAP[16]

In an increasingly digitised world, technology failures and system outages have become a fact of life. ASX Ltd, the licensed operator of Australia’s equity market, experienced a bad one in 2022, known as the collapse[17] of the Clearing House Electronic Subregister System replacement project.

Knowing less than we would like

We know more about that failure than we will ever know about the Optus crisis because the ASX is a public company and was required to make continuous disclosure to the market.

In addition, ASX is also accountable for the management and governance of its critical infrastructure on an annual basis under licence arrangements overseen by the Reserve Bank and the Australian Securities and Investment Commission .

Like Optus, these failures have been the subject of hearings before parliament. However, there are no equivalent accountability requirements for Optus. Surely, the national telecommunications infrastructure managed by Optus is every bit as important as ASX’s clearing house infrastructure?

It is time to ask what accountability mechanisms should be in place for companies like Optus, whether they are enough and who watches over them. Where are the yearly assessments of that infrastructure by government agencies? The Senate inquiry[18], which was announced the day after the outage, will hopefully tackle these issues with the serious attention they deserve.

References

  1. ^ Senate inquiry (www.smh.com.au)
  2. ^ criticism (www.afr.com)
  3. ^ Singtel (en.wikipedia.org)
  4. ^ Tang Yan Song/Shutterstock (www.shutterstock.com)
  5. ^ listing rules (www.asx.com.au)
  6. ^ affect the price or value of the entity’s shares (www.asx.com.au)
  7. ^ phone call by the Optus CEO (www.9news.com.au)
  8. ^ About Us (www.optus.com.au)
  9. ^ ASX corporate governance rules (www.asx.com.au)
  10. ^ Stephen Saphore/AAP (photos.aap.com.au)
  11. ^ devolves its corporate governance responsibilities (www.optus.com.au)
  12. ^ wide-scale cyber hack in 2022 (www.afr.com)
  13. ^ until late last week (www.theguardian.com)
  14. ^ bottomed out the root cause (www.afr.com)
  15. ^ a system upgrade and a failure of routers (ia.acs.org.au)
  16. ^ Supplied/AAP (photos.aap.com.au)
  17. ^ collapse (www.afr.com)
  18. ^ Senate inquiry (www.aph.gov.au)

Authors: Helen Bird, DIscipline Leader, Corporate Governance & Senior Lecturer, Swinburne Law School, Swinburne University of Technology

Read more https://theconversation.com/the-optus-outage-shows-us-the-perils-of-having-vital-networks-in-private-hands-217660

The Times Features

The Budget-Friendly Traveler: How Off-Airport Car Hire Can Save You Money

When planning a trip, transportation is one of the most crucial considerations. For many, the go-to option is renting a car at the airport for convenience. But what if we told ...

Air is an overlooked source of nutrients – evidence shows we can inhale some vitamins

You know that feeling you get when you take a breath of fresh air in nature? There may be more to it than a simple lack of pollution. When we think of nutrients, we think of t...

FedEx Australia Announces Christmas Shipping Cut-Off Dates To Help Beat the Holiday Rush

With Christmas just around the corner, FedEx is advising Australian shoppers to get their presents sorted early to ensure they arrive on time for the big day. FedEx has reveale...

Will the Wage Price Index growth ease financial pressure for households?

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to increase, it was the smallest increase in two and a half...

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Business Times

Will the Wage Price Index growth ease financial pressure for hous…

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to i...

Protecting Your Business from Cyber Threats: The Critical Role of…

In today’s digital world, cybersecurity threats pose a significant risk to businesses of all sizes. A data breach can lead ...

Kyndryl ANZ appoints new Head of Strategic Partnerships and Allia…

Former Head of Marketing to lead and grow Kyndryl’s local channel ecosystem and bolster technological capabilities Kyndr...