No cyberattack but an unexpected bug when updating critical equipment.
Orange's internal investigation, following the malfunction of emergency numbers last week, came to the conclusion that the failure was caused by a "software malfunction", according to the first findings made public this Friday afternoon .
This failure affected the "call servers", the equipment which provides the interconnection between calls made on mobile and landline telephones and so-called similar telephone lines of emergency services.
On June 2, at the end of the day, for several hours, numbers 15, 17, 18 and 112 were for many French people inaccessible or reachable only at the cost of multiple attempts.
“During this period around 11,800 calls, or 11% of the total number of calls, were not routed to emergency services,” said the incumbent operator.
"A modernization operation" that goes wrong
This bug occurred "following an operation to modernize and increase the capacity of the network, which began in early May, to respond to the increase in traffic" according to Orange France.
The first explanation put forward by the group had been a “software failure” on fairly old “European equipment” installed on a central site but also on redundant sites which should make it possible to take over in the event of damage.
Despite an initial alert, "the complexity of the failure, the variety of technologies and network architectures of the emergency services delayed the diagnosis" details the press release from Orange.
Conducted by the group's General Inspectorate, the internal investigation aimed to "identify the precise causes of this incident, study the alert process and issue recommendations to draw all the necessary lessons", recalled the former France Telecom, historically responsible for redirecting emergency calls.
Delay in crisis management
In these conclusions, the General Inspectorate makes recommendations which reveal problems of reactivity in the management of the crisis.
“Despite the mobilization of technical teams, the delay in activating the managerial crisis unit resulted in late communication to all stakeholders” points out the report.
And to advise, for example, to "reduce from two hours to a maximum of 30 minutes the delay in triggering a crisis unit, in the event of a disruption affecting calls to emergency services and vital services at the national level".
Among the avenues to prevent an incident from having such consequences: “propose setting up a dedicated number, available 24 hours a day, 7 days a week, for stakeholders (State services, CHU, Samu, etc.) in the event of a malfunction on the emergency numbers ”and“ propose the use, in consultation with each actor concerned, of a mechanism for mass distribution by SMS of instructions for use in the event of a failure affecting the emergency services ” .
This investigation is separate from the “security and integrity control” audit of Orange's network and services requested by the government.
The conclusions of this audit, led by the National Information Systems Security Agency (Anssi), are expected within two months.
Guillaume Poupard, the general manager of Anssi, had already confirmed Thursday that a technical failure was at the origin of the failure, and not a cyberattack. Implicitly, Orange had also suggested that critical equipment was too old to be targeted by hackers anyway.