AT&T Outage Update and Steps to Take

Author: John Farley

On February 22, 2024, AT&T — one of the world's largest telecommunications providers — sustained a system outage impacting tens of thousands of users across the US. This incident left some customers unable to place calls, send text, or access the internet, with some mobile phones displaying "SOS" in the status bar. The cities reporting the most outages were Los Angeles, Dallas, Indianapolis, Chicago, Houston, San Antonio, Louisville, Atlanta and Miami.

As of February 23, 2024, AT&T was able to fully restore service. According to AT&T, the cause of the outage was the result of a technical error as they worked on expanding the network.

Downdetector.com AT&T outage map as of February 22

This incident is an important reminder to take steps to prepare for large-scale incidents that may impact a wide variety of organizations that rely on a key vendors in the supply chain. To that end, we're providing some considerations to enhance existing incident response plans to help businesses remain resilient in the face of future telecommunications outages.

Business continuity plan for telecommunications network outages

1. Develop a comprehensive business continuity plan (BCP) specifically for a telecommunications network outage, outlining the steps to take before, during, and after an outage.
2. Conduct a thorough risk assessment to identify vulnerabilities and potential impacts of a telecommunications network outage. This assessment should include an analysis of the company's reliance on telecommunications services and the potential financial and operational consequences of an outage.
3. To minimize the impact of an outage, establish redundant telecommunications systems and infrastructure, such as having multiple service providers, backup communication channels (such as satellite or cellular networks), and redundant hardware and software.
4. Implement monitoring and early warning systems to detect potential network issues before they escalate into a full outage. These systems can include real-time network monitoring tools, automated alerts and regular performance assessments.
5. Develop and maintain strong relationships with telecommunication service providers. This includes negotiating service level agreements (SLAs) that specify minimum uptime and response times, as well as establishing clear communication channels for reporting and resolving issues.
6. Train employees on alternative communication methods and procedures to follow during a network outage. This step may involve providing backup communication devices, such as mobile phones or satellite phones, and ensuring employees are familiar with their use.
7. Regularly test the company's ability to operate without the telecommunications network. This test can involve conducting simulated outage, tabletop exercises, or full-scale drills to identify gaps in the BCP and make necessary improvements.
8. Establish a crisis management team responsible for coordinating the response to a telecommunications network outage. This team should have clear roles and responsibilities, as well as access to decision-making authority and resources.
9. Maintain up-to-date contact information for key stakeholders, including employees, customers, suppliers and partners, to enable effective communication and coordination during an outage.
10. Continuously review and update the BCP to reflect changes in the company's telecommunications infrastructure, technology and business operations. Regularly assess the effectiveness of the plan through post-incident reviews and incorporate lessons learned into future improvements.

Cyber insurance impacts

The Cyber insurance market remains laser focused on threats to critical infrastructure, including the telecommunications sector. A major incident or system outage could lead to a systemic loss, having a cascading impact on multiple insureds around the globe.

As a result, the Cyber insurance marketplace has addressed these concerns by changing coverage, and in some cases restricting or excluding coverage. When reviewing Cyber insurance and other policies that may provide a mechanism to transfer cyber risk for both providers of telecommunication services and those that rely on them, insureds should be mindful of several potential coverage pitfalls, including but not limited to:

• Critical infrastructure exclusions that may eliminate coverage for all losses related to a specified critical infrastructure target
• Catastrophic or widespread loss sub-limits and exclusions that may limit or exclude coverage for cyber losses that impact a large number of organizations
• Contingent business interruption sub-limit or exclusionary language that may apply to organizations that weren't direct targets, but suffered consequences of a critical infrastructure cyber attack
• Cyber war exclusionary language that's generally being broadened and may contain ambiguous or undefined terms
• Regulatory risks that may limit or exclude coverage for regulatory investigations, lawsuits, fines and settlements

Cyber insurance and other insurance policies may provide assistance to organizations that believe they may be impacted by losses related to this incident, either directly or indirectly through vendor or supply chain relationships. Many stand-alone Cyber insurance policies provide access to crisis services, including breach coaches, IT forensics investigators and other breach response experts. Those with Cyber insurance should be mindful of claim reporting obligations, requirements to use insurance panel breach response vendors, evidence preservation and issues that may impact attorney-client privilege.