The Optus Triple Zero failure blamed for the loss of four lives was caused when an employee failed to follow established protocols for a routine firewall upgrade, the company's CEO Stephen Rue has explained in announcing an independent investigation into the incident.
The firewall in question, he explained this week, is normally upgraded in a three-step process that involves initially diverting call traffic away from the “relevant part of the core network” to a different area to ensure incoming calls aren’t blocked.
The second step involves locking the equipment behind the firewall being upgraded, while the third step is to “safely upgrade” the firewall, then unlock the equipment and re-divert traffic back to the original part of the core network.
The upgrade was planned to run over two nights but the September 18 outage, he said, occurred when “the first step in the process was not followed.”
“We have successfully completed similar upgrades in the past,” Rue continued, “and it should be reiterated the issue occurred because this time, there was a deviation from established processes.”
Rue also updated the number of people impacted – which was initially reported as 624, then upgraded to 631 after seven more people were found to have been affected.
Optus is investigating why ‘camping on’ procedures – which are intended to connect emergency callers to a different mobile network if their primary network is unavailable – do not appear to have worked as expected despite years of industry collaboration.
Early investigations into the incident have subsequently determined that around one quarter of those affected did in fact get through to Triple Zero, with 86 eventually being connected through the Optus network and 65 transferring to another mobile carrier.
That meant 480 customers couldn’t reach Triple Zero, four of whom subsequently passed away (SA Police have clarified that emergency services weren't delayed despite the Optus outage, since the boy's grandmother "immediately" reached 000 using a different phone on the Telstra network).
“To be very clear, Optus is accountable for the operation of its own network,” Rue said, adding “there are no words that can express how sorry I am about the very sad loss of the lives of four people, who could not reach emergency services in their time of need.”
Independent investigation commissioned
Rue’s latest update came as Optus chair John Arthur announced that the board has commissioned Dr Kerry Schott AO to lead an independent review into the failure.
The review “will identify the causes, and canvass the applicable processes, protocols and operations of the incident” and will see the final report delivered before the end of the year, Arthur said in a statement outlining the terms of engagement.
“In the interests of transparency – and to promote greater community understanding of what went wrong and why – we are committed to sharing the facts of the incident,” he said, adding that “what has occurred is clearly unacceptable.”
Optus CEO Stephen Rue said human error was to blame for the Triple Zero outage. Photo: Channel 9 / Facebook
A director of AGL, chair of the Carbon Market Institute and chair of the government’s Competition Review Panel, Dr Schott is an experienced executive who previously served as a director of NBN, where Rue worked for a decade before joining Optus last year.
“This is about ensuring that we have the facts, ensuring that those facts are shared, and ensuring that what comes out of those facts are implemented,” Rue said, adding “I am determined to implement what needs to be done to ensure this does not occur again.”
Changing CEOs not the answer
Yet Optus has already spent nearly two years working to prevent Triple Zero outages from happening again, after a major day-long outage in November 2023 left more than 2,000 people unable to make emergency calls – for which the company was fined $12 million.
Former Optus CEO Kelly Bayer Rosmarin resigned after admitting there were no plans to manage such an event, which was also caused by a routine software upgrade, and led to multiple reviews and an overhaul of Triple Zero.
Experts say the fact that such a similar incident could happen again, despite the intense attention of the company, industry players and regulators, reflects a deeper and more systemic failure of process that experts say can’t be fixed by simply changing CEOs.
“History is repeating itself at Optus,” Swinburne University of Technology governance expert Helen Bird said, noting “the 2023 and 2025 failures were strikingly similar.”
“Both were linked to routine maintenance, both resulted in system-wide outages, and both followed by slow and opaque communication with the public and regulators,” she said, adding that “a new chief executive won’t solve those deeper problems.”
“If Optus is serious about change,” she said, “this time it must publish a full report, outline its compliance with emergency service rules, and explain clearly how risk is monitored here in Australia, not just in Singapore by its parent company Singtel.”
“Replacing leaders gives the illusion of action,” Bird said, recommending five key fixes that would improve Optus governance and advising that “real accountability comes from fixing the system beneath them.”
Optus in permanent crisis mode
The fallout continues during what has been a devastating week for the troubled telco – which was also ordered by the Federal Court to pay a $100 million fine that Optus negotiated with the ACCC for ‘unconscionable’ sales conduct.
That fine, which Rue negotiated with the ACCC, has also seen Optus adding governance mechanisms including improvements to coverage checks and credit checking, updates to sales incentive programs, and Code of Conduct training for retail staff.
It has also updated its complaints handling process, changed its product range to minimise the risk of “unexpected large debts” being incurred, and appointed new executives for roles including chief legal officer, and chief security and risk officer.
Reflecting the need for closer oversight of its operations, Optus has also appointed a new vice president of retail and vice president of contact centres, AI and analytics.
Yet Rue “is skirting the main issue,” former Internet Australia CEO Laurie Patton told Information Age, calling for “serious infringement powers” for the TIO and suggesting Optus “is deliberately and strategically shafting someone well down the line.”
The CEO “says routine processes weren’t followed,” Patton said, “but who was in overall control of the project? Why did it take so long for him to be told there was a problem? And why did he take so long to ‘fess-up’?”
“The problem with big one-off fines is they just bury them in the accounts,” he added.
“Nobody is personally affected. Nobody loses their bonus. Nobody is demoted or loses their job.
“Even if Rue is shamed into resigning, nobody directly involved will have been held accountable.”
