Regulator’s £1.9m Fine Highlights Importance of Vulnerability Analysis

Posted on: 16th June 2017

UK mobile operator 3 has been fined £1.9m – not for an actual outage, but for a network design that would have compromised access to the emergency services, breaching a condition of its license.

That 3 had an unidentified single point of failure in its network is surprising enough. However, somewhat embarrassing is that the vulnerability was uncovered by Ofcom itself while investigating a separate outage.

It’s important to understand that this wasn’t an operational failure. At no point was life-saving service actually interrupted. However, it was a design failure – one that has cost £1.9m in fines. Had the critical failure scenario actually occurred, the cost could surely have been far higher.

For most operators, network planning and design remain a largely manual process, run by smart engineers using spreadsheets and whiteboards. It’s complex, difficult work. But with networks undergoing constant change, it seems a risky strategy to rely on human design alone to ensure no such single points of failure arise. And as networks become virtualized, it’s even less likely that an operator (let alone a regulator) will uncover a hidden critical vulnerability by happenstance.

Automation is much on the agenda for telcos. But as 3 demonstrates, it must come with the sort of intelligence that prevents hidden vulnerabilities from creeping into the network. That’s an even more complex computational problem – which makes it a great use case for Artificial Intelligence techniques.

Other operators should learn to take note of 3’s experience, and consider whether they are any better equipped to identify and resolve critical vulnerabilities. While it may be hard to put a price on a good network design, it’s certainly possible to cost a poor one.