Orange says software bug to blame for outage

The French group says a cyberattack was not to blame for a major network outage that affected calls to emergency numbers.

Anne Morris, Contributing Editor, Light Reading

June 14, 2021

3 Min Read
Orange says software bug to blame for outage

It hasn't been a very comfortable couple of weeks for France's Orange. Since experiencing a major network outage that prevented nearly 12,000 calls to emergency services over a seven-hour period, the group has been engaged in a major internal inquiry to find out what went so catastrophically wrong on the night of June 2.

The culprit has now been named and shamed. Apparently, it was all down to a software bug and not caused by a cyberattack – although Orange said the latter scenario was ruled out from the beginning.

Cybersecurity agency ANSSI is nevertheless running a separate two-month audit of the breakdown at the request of the government.

Figure 1: Busy signal: The network outage prevented nearly 12,000 calls to emergency services over a seven-hour period. (Source: Mathias P.R. Reding on Unsplash) Busy signal: The network outage prevented nearly 12,000 calls to emergency services over a seven-hour period.
(Source: Mathias P.R. Reding on Unsplash)

In France, Orange is the sole operator responsible for centralizing and dispatching all emergency calls. Without naming names, the operator said the software failure has now been identified by its partner and supplier of the equipment concerned, and a fix has been issued.

Heart of the problem

It seems the problem lay with the interconnection between mobile voice and voice-over-IP (VoIP) services on the one hand and the PSTN switched network on the other, which relies on a "call server" platform. The PSTN network is of course where most emergency numbers are hosted.

A bug in the call server software was activated "following the application of standard reconnection commands," said Orange, in a statement. Even though redundancy had been created over six different sites, the service still failed.

The operator also had to admit that the incident occurred following a network modernization operation that was initiated in early May to increase capacity in response to growing traffic.

Could do better

The investigation recognized the quick response of Orange's technical teams but said that the company could have done better in alerting the public authorities, the emergency services and the media to the problem.

Want to know more about security? Check out our dedicated security channel here on Light Reading.

In a number of recommendations, Orange's audit department said that the maximum time for triggering a crisis committee when such a problem occurs should be reduced from two hours to 30 minutes.

Furthermore, support will be given toward accelerating the migration of public service call centers and businesses from PSTN to IP technology "in order to strengthen the resilience of this equipment."

Related posts:

— Anne Morris, contributing editor, special to Light Reading

Read more about:

Europe

About the Author

Anne Morris

Contributing Editor, Light Reading

Anne Morris is a freelance journalist, editor and translator. She has been working in the telecommunications sector since 1996, when she joined the London-based team of Communications Week International as copy editor. Over the years she held the editor position at Total Telecom Online and Total Tele-com Magazine, eventually leaving to go freelance in 2010. Now living in France, she writes for a number of titles and also provides research work for analyst companies.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like