Skip to content

Rogers outage: When a resilience failure takes out a nation

We live in an increasingly connected world, and most of us experience that connectivity through our mobile phones and our home or work internet. How would you feel if you woke up one morning and didn’t have that connectivity for a whole day?

That is what happened on Friday 8 July 2022 for customers of Rogers Telecommunications, one of Canada’s largest telecoms providers. Nearly all its services failed before most of its customers had even woken up, and restoration didn’t begin until Friday evening.

Let’s take a closer look at:

  • What happened
  • The government’s response
  • How operational resilience cuts across sectors
  • The utopia and the real-world options

What happened?

Rogers’ services went down as early as 4:40am, affecting a range of its services including landline, mobile phone, internet and TV services. Some of the specific impacts to its customers and beyond included:

  • Inability to make calls to emergency services
  • Inability to access the ArriveCan app, a requirement for travelers to enter the country
  • Failure of the Interac online payment service, which relies on the Rogers network
  • Disruption to financial institutions’ operations
  • Phone network outages at hospitals, resulting in difficulty calling in staff and backlogs in discharges due to the inability to contact family members to pick up patients

This is another example of the broad impact that disruption can have. Not only the disruption to the public (potentially a quarter of Canada's total connectivity, according to Netblocks), but the flow-on effect to other organizations and their stakeholders.

blog-rogers-netblocksSource: Netblocks.org

Rogers continues to conduct root cause analysis, but CEO Tony Staffieri released a message on 9 July stating that the system failure appeared to be due to a maintenance update.

The government’s response

Canada’s Industry Minister, Francois-Phillippe Champagne, was swift in bringing Canada’s telecoms leaders together on 11 July to discuss the reliability of the country’s network. He tasked the companies to consider the following issues:

  • Provide each other mutual assistance during outages
  • Improve communication protocols to inform authorities and the public of any emergencies
  • Allow emergency roaming

While the minister gave the group 60 days of initial consideration these improvements, he also noted that this was only a first step to improving the resiliency and reliability of the sector. It seems likely that if they don’t come up with a voluntary plan, regulatory action will follow.

How operational resilience cuts across sectors

While operational resilience is a hot topic with financial regulators, the events in Canada show that it applies in any sector. It’s not just about looking internally at the bottom-line impact of the organization; it’s how disruption impacts your customers and stakeholders. Indeed, there is already a potential class action brewing based on Rogers’ inability to provide an essential service.

Beyond that, it also highlights how essential services can cross sector boundaries. In the telecoms sector, enabling calls to emergency services is a critical business service – as is the ability to make calls at all. Providing that service requires multiple resources to all be working effectively.

For commercial customers, that third-party service is a resource that is required for their own critical business services. Take Interac in this example: Rogers provided the network capability to enable its critical service of online payment processing. The interconnectivity of the world has made the reliance on third parties to enable services ubiquitous.

The utopia and the real-world options

My utopian dream would see an entire world of interconnected process and resource maps that highlight how the failure of one or more resources would cascade into a range of impacts across all sectors, regions and organizations. That would identify concentrations and single points of failure, enabling efficient improvement and investment opportunities across entire complex networks.

That’s ridiculous and not practical, of course.

But what organizations can do, beyond mapping their own processes, is to consider engaging with their extended enterprise in their operational resilience programs. This includes suppliers who provide critical resources in delivering your critical business services, and customers to whom you provide services.

You can share the outcomes of your resilience program – such as scenario testing and identification of vulnerabilities – with your customers. In this example, Interac could have used Rogers’ outputs as inputs into its own operational resilience program. If those programs didn’t align, then further collaboration or action could have been taken.

Since the outage, Interac have made a statement that they will be adding a backup network supplier. If they had jointly collaborated on operational resilience before this month’s events, would this have already been in place? That level of collaboration can build trust as well as identify improvement opportunities for all organizations involved.

This level of collaboration isn’t easy. But while the basics of third-party due diligence look set to expand to include coverage of operational resilience programs, it may well become a competitive advantage to going beyond mere assurance to active collaboration. Would you benefit from engaging in operational resilience conversations with your extended enterprise network?

Financial services regulators are leading the way in driving operational resilience, but shouldn't it be a core focus of every organisation's ERM capability? Join us on Tuesday 26 July 2022 for our Operational Resilience: The ultimate goal in risk management webinar to find out what it means to be resilient and how you can integrate resilience into your ERM framework.

About the author

Michael is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach. His experience includes managing risk functions, assurance programs, policy management, corporate insurance, and compliance. He is a Certified Practicing Risk Manager whose curiosity drives his approach to challenge the status quo and look for innovative solutions.