Blog Post Dec 07, 2018

Major Global Mobile Outage Illustrates the Danger in Poor Certificate Management

Yesterday, the world experienced major outages in its mobile networks, including loss of service for 32 million Britons on O2 and other carriers, as well as millions more in Japan and other parts of the globe. The rumor is that many private IoT networks were affected by this same outage, most of which we’ll probably never hear about.

Yesterday, the world experienced major outages in its mobile networks, including loss of service for 32 million Britons on O2 and other carriers as well as millions more in Japan and other parts of the globe. The rumor is that many private IoT networks were affected by this same outage, most of which we’ll probably never hear about.

The root cause? An expired certificate, at least according to Ericsson, the service provider behind the outage.

This outage was hugely costly down the whole value chain. Ericsson suffered public embarrassment, had a major service crisis to deal with, and - for all we know - will be paying hefty penalties for missing SLAs. Mobile providers like O2 and SoftBank had huge customer service problems with the resulting costs incurred and brand damage. And many, many end users were without mobile service for at least several hours and upwards of nearly a day, which at a minimum is highly inconvenient and can sometimes be threatening to business success or health and safety.

This episode illustrates a few important points about digital certificates:

They are everywhere. Certificates are a foundational component of our secure IT infrastructure and there is no avoiding them. Without certificates, all the electronic systems we rely on today would cease to function, including credit card payments, automobiles, ATMs, public transport, social networks, mobile devices, air travel, medical equipment, cable TV, and much, much more.
IT networks continue to increase in complexity. New architectures such as cloud, VMs, and containerization have added to what are already unfathomably complicated networks. And, as our applications and data continue to proliferate, this complexity will grow.
Interdependence reigns. In this case, a single outage at a single service provider took down networks around the world. This interdependence is an unavoidable fact of today’s technology services and will only continue to increase over time.

For all these reasons, reliable reliable and automated certificate management is more important than ever. Enterprises need to discover, track, and manage the lifecycle of certificates in a reliable way that doesn’t depend on individuals tracking and acting on them. And that means they need to rely on software automation to help them do so.