Ofcom fines Three £1.9m for emergency call vulnerability
Fri 16 Jun 2017
Ofcom, the British regulatory authority, has fined mobile provider Three 1.9 million GBP for ineffectively failure-proofing its emergency calls system.
All telecommunications providers in the UK are required to provide uninterrupted access to emergency services for their customers, and to ensure that systems have effective failure-proofing mechanisms in case of a technical fault.
In the course of an outage investigation, Ofcom identified a single point of failure in Three’s emergency calls system, whereby all 999 calls were funneled through the same data center. In the event of failure, emergency calls should be automatically channelled through backup routes so that customers do not suffer an interruption in access to emergency services.
However, designated backup routes in the Three system were all channeled through the same data center, so that an interruption in service would affect the backup routes as well.
Because of this, Ofcom determined that Three had failed to provide for uninterrupted access to emergency services for its customers.
The vulnerability was discovered last October when customers in parts of London, Kent and Hampshire suffered a temporary loss in emergency services. The ensuing investigation uncovered the fact that all emergency calls and all emergency call backup routes were funneled through the same data center, providing a single point of failure for the system that placed customer access to emergency services in jeopardy.
While there were no injuries or property damages suffered as a result of the service interruption last October, and Three was not found to have acted recklessly or deliberately, the severity of the fine is intended to reflect the seriousness of the breach. As Ofcom director of investigations Gaucho Rasmussen noted, “Telephone access to the emergency services is extremely important because failures can have serious consequences for people’s safety and wellbeing.
“Today’s fine serves as a clear warning to the wider telecoms industry. Providers must take all necessary steps to ensure uninterrupted access to emergency services.”
A spokesperson for Three said that it takes the requirement to provide uninterrupted access to emergency services extremely seriously. The company has since installed an additional backup route to carry emergency traffic.
“Ofcom recognises that the circumstances surrounding the October 2016 fibre break outage were exceptional and outside of Three’s control,” she said. “As a result, the incident itself was not a breach of Ofcom’s rules.”