Ofcom fines Three £1.9m over vulnerability in emergency call handling
999 requests funnelled through single data centre
Brit mobile operator Three has been fined £1.9m after an investigation by UK regulator Ofcom revealed its emergency call service handling was vulnerable to a single point of failure.
Ofcom identified the vulnerability when investigating a separate fibre break outage on Three's network in October 2016, which resulted in a temporary loss of emergency call services affecting some customers in Kent.
Following its investigation, Ofcom found Three had breached the requirement to ensure uninterrupted access to the emergency services.
It found that emergency calls from customers in the affected area had to pass through a particular data centre in order to reach the emergency services, meaning Three's emergency call service was vulnerable to a single point of failure.
Three's network should have been able to automatically divert emergency calls via backup routes in the event of a local outage, said Ofcom.
But these backup routes would also have failed because they were all directed through this one point, it said. To resolve the incident and address the underlying network weakness, Three added an additional backup route to carry emergency call traffic.
Ofcom found that Three did not act deliberately or recklessly. However, the fine reflects the seriousness of the breach, given the potential impact on public health and safety.
Gaucho Rasmussen, Ofcom's enforcement and investigations director, said: "Telephone access to the emergency services is extremely important, because failures can have serious consequences for people's safety and wellbeing.
"Today's fine serves as a clear warning to the wider telecoms industry. Providers must take all necessary steps to ensure uninterrupted access to emergency services."
A Three spokeswoman said providing customers with uninterrupted access to emergency services is a requirement it takes "extremely seriously". She said: "Three therefore acknowledges Ofcom's decision today to fine Three for a single point of vulnerability on Three's network. However, this vulnerability has not had any impact on our customers and only relates to a potential point of failure in Three's network.
"Ofcom recognises that the circumstances surrounding the October 2016 fibre break outage were exceptional and outside of Three's control. As a result, the incident itself was not a breach of Ofcom's rules."
The regulator recognised that Three has cooperated fully during its investigation and has taken steps to further strengthen the resilience of Three's network. ®
Sponsored: Becoming a Pragmatic Security Leader