Rogers has updated its reply to the inquiries made by the Canadian Radio-television Telecommunications Commission (CRTC) with additional information on what caused its network outage on July 8.
In its update to the redacted document, the company said that 2.92 million wireline and 10.242 million wireless customers were impacted. While it determined that it did not breach service level agreements (SLA) with its retail customers, Rogers is assessing if it breached SLA with its vendors.
The Rogers outage was caused by an update to the distribution routers in its network, which caused Rogers’ internet gateway, core gateway and distribution routers to cease communication with one another, as well as with Rogers’ cellular, enterprise and cable networks.
The document also described the restoration priority in a seven-point numbered list. Rogers placed restoration of its wireless and wireline services as a top priority, followed by critical care services and major business customers.
This was Rogers’ second outage in two years; in April 2021, a vendor software update knocked its mobile network offline. Rogers now says that the learnings from the previous outage helped to restore its mobile network faster on July 8.
Unlike the outage that occurred on July 8, Rogers says that its mobile outage last year did not affect its core network, which is why it did not impact emergency communications.
Responding to the CRTC’s question of what additional safeguards Rogers will have in place going forward, Rogers says it’s conducting a review with a third-party, issuing dual-SIMs or a secondary mobile device to all critical employees, and establishing alternative carrier connectivity into critical locations for backup connections.
Moreover, the telecommunications giant confirmed that a memorandum of understanding for mutual assistance is being developed by the Canadian Security Telecommunications Advisory Committee (CSTAC) between major Canadian telcos within 60 days. Rogers is the sitting co-chair of CSTAC.
These measures are in addition to the short-term actions, which include improving IP network and infrastructure reliability, issuing a network architecture review with vendor partners, and increasing automation in incident management processes. The company also plans on introducing further risk assessment reviews, and expanding its network monitoring capabilities.
The CRTC has asked Rogers to provide further comments pertaining to the ongoing investigation.
The full public redacted document can be downloaded fro the CRTC (1.8MB download).