89-Minute KT Communication Outage... Management System Lapses Under Scrutiny (Comprehensive)

On the 29th at 3 PM, the Ministry of Science and ICT held an emergency briefing at the Government Seoul Office regarding the KT wired and wireless communication outage. They announced the investigation and analysis results of the cause of the KT network failure and measures to prevent recurrence. Photo by Jo Kyung-sik, 2nd Vice Minister of the Ministry of Science and ICT

[Asia Economy Reporters Minyoung Cha and Eunmo Koo] "Since KT is a telecommunications company, we expected professionalism, but it seems they got distracted by new businesses and forgot the basics. If this incident was caused by management failure rather than hacking, it is absurd."

As KT, the nation's leading wired telecommunications provider, experienced a nationwide wired and wireless internet outage, criticism poured in from both inside and outside the industry. Even the Ministry of Science and ICT, the supervising authority, expressed disbelief, stating that even the most basic regulations corresponding to the 'ABC' stage of network equipment work procedures were ignored.

On the afternoon of the 29th, the Ministry of Science and ICT held an emergency briefing at the Government Seoul Office, chaired by Second Vice Minister Kyung-sik Cho, where they announced the investigation and analysis results related to the KT network outage incident, including these details.

The KT network outage began around 11:16 a.m. on the 25th. During a router replacement operation on the corporate network at KT's Busan office, a worker input an incorrect configuration command, which led to routing errors and a nationwide internet network outage. Following an increase in DNS traffic, the network failure occurred, and KT's recovery measures were completed around 12:45 p.m., resulting in approximately 89 minutes of service disruption.

The detailed timeline is as follows: ▲11:16 a.m. sudden traffic surge ▲11:20 a.m. KT recognizes internet outage ▲Around 11:20 a.m. suspicion of DDoS attack ▲11:40 a.m. report to Ministry of Science and ICT ▲11:44 a.m. KT corrects notification stating it was a routing error, not a DDoS attack ▲11:56 a.m. Ministry issues level 2 alert ▲11:57 a.m. recovery begins ▲12:45 p.m. recovery completed.

KT's management issues were also starkly revealed during the investigation. Although KT's Network Control Center had approved nighttime work from 1 a.m. to 6 a.m. on October 26, KT supervisors and subcontractor staff agreed to perform the work just before lunchtime on the 25th. The subcontractor workers carried out routing tasks while the work manager was absent due to other duties. Because the network remained connected during the operation, real-time network outages occurred. Hong Jin-bae, Director of Information Security and Network Policy at the Ministry of Science and ICT, stated, "After direct confirmation with the individuals involved and their managers, it was understood that daytime work was preferred."

Technical issues were also pointed out. The primary contractor, KT, failed to detect errors during the pre-verification stage. The routing configuration command script in the routing work plan omitted the exit command to terminate the IS-IS protocol, but this was not caught during script creation or pre-verification. Although there were one or two pre-verification stages, the manual review system failed to identify the error.

The government conducting the investigation also expressed surprise. At the accident site, even basic work rules such as "test for 1-2 hours before opening the network after work" were not followed. Heo Sung-wook, Director of Network Policy at the Ministry of Science and ICT, said, "It's like breaking the common sense rule of 'crossing the street on a green light,' which caused the accident," adding, "We are discussing whether to regulate this by law in detail."

However, IPTV service networks and voice call/text service networks, which are separate from the internet service network, were also affected by traffic overload. It is presumed that increased traffic caused by users resetting their terminal power contributed to the load.

The Ministry of Science and ICT will collaborate with KT to prepare compensation measures for affected users. KT is conducting a survey on user damage and preparing relief measures, while the Korea Communications Commission will monitor the implementation of these relief measures. The Commission plans to review improvements to laws and user agreements to ensure effective compensation in the event of communication failures.

Inspections of other telecommunications companies will also be conducted simultaneously. Hong Jin-bae, Director of Information Security and Network Policy, said, "On the day of the incident, we immediately requested emergency inspections from major Internet Service Providers (ISPs). While implementing network stability measures, we will identify what work management guidelines these providers have, how simulations are conducted, whether simulators are operated, and their structures, and find areas for improvement."

KT held a board meeting on the 29th to discuss revising the compensation policy for ultra-high-speed internet service standards, specifically for service outages lasting more than 3 consecutive hours, as a follow-up measure to the nationwide wired and wireless network failure incident. KT CEO Koo Hyun-mo bowed his head in apology on the 28th.

KT is currently preparing specific compensation plans and recurrence prevention measures. In a press release on the 29th, KT stated, "Generally, work related to KT network equipment is conducted at night as a principle, and after submitting and approving a work plan, it proceeds under the supervision of KT staff. In this incident, although nighttime work was approved, the work was carried out during the day in violation of this, and KT staff tacitly accepted this and neglected supervision. This was an exceptional case of deviation, and we will strengthen processes to prevent recurrence." Along with this, KT plans to expand the routing error spread prevention function, previously applied only to core and relay networks, to edge networks, and to expand the testbed operation, currently only at the U-myeon-dong center, nationwide.

Experts evaluated this as a human-caused disaster that must never be repeated. Professor Jong-in Lim of Korea University's Graduate School of Information Security said, "This is not just about scolding and compensating and ending. It shows that whether from North Korea or China, it is not difficult to bring down Korea. If the telecommunications network collapses, everything from military networks to financial and medical networks will be disrupted, and national security will be at risk."

In the telecommunications industry, whether to outsource varies greatly depending on the business division and individual preferences. A telecommunications equipment industry official said, "Whether routing work or any development work, testing first and fixing errors before actual application is a basic principle. While telecom companies can outsource to partners, thorough management and supervision by the primary contractor must accompany it."

There were also calls to address management system vulnerabilities to prevent recurrence. It was pointed out that a precise risk management system should be established to promptly activate 'Cyber Resilience.' Cyber resilience refers to establishing security strategies and capabilities to respond to unpredictable threats or negative impacts inside and outside an organization and to resolve risks.

Professor Lim said, "The advisory committee is ineffective because it lacks authority, so the audit committee must function properly. The audit committee should not only conduct financial audits but also regularly check compliance, and a specialized audit committee should be activated to do so."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.