Telstra admits network controls failed as Senate dissects nationwide outage

An undocumented design change and an unapplied software update allowed a network timing server to restart with the wrong date, disrupting almost half of Telstra’s mobile traffic and producing errors for 604 Triple Zero calls.

Telstra has conceded that deficiencies in its internal controls allowed routine maintenance on a single network timing server to precipitate one of Australia’s most consequential telecommunications outages in recent years.

Appearing before an emergency hearing of the Senate Environment and Communications References Committee at Parliament House on Friday, Telstra chief executive Vicki Brady apologised for the disruption and acknowledged that the company had fallen short of the standards expected of an operator of critical national infrastructure.

“Last week, Telstra let Australians down,” Brady told the committee.

At its peak, the 8 July outage affected approximately 45 per cent of calls and data sessions across Telstra’s mobile network. While the core Triple Zero system remained operational, 604 attempted emergency calls encountered an error before reaching the Emergency Call Person.

Telstra said 58,835 Triple Zero calls connected successfully during the incident.

An outage built from two failures

The immediate cause was maintenance conducted at 3.38am on a Network Time Protocol server in Melbourne. The equipment helps synchronise the date and time used by different components of Telstra’s mobile network.

Technicians were replacing the chassis containing the server because of a fault in its backup power supply. Although the maintenance team followed the procedure available to it, the server restarted with an incorrect date.

That erroneous information then propagated through parts of the network, causing mobile voice and data services to fail progressively as network activity increased during the morning.

The hearing established, however, that the outage was not merely the consequence of an unpredictable equipment malfunction.

Telstra told senators that the Melbourne server had previously been altered after losing its ability to communicate with another timing authority in October 2025. It was reconfigured to rely upon its own GPS card as an authoritative source of network time.

That design change was not properly documented.

A software update applicable to the GPS card had also not been installed. Telstra had received notification of the update in 2022 and a further reminder from its supplier in January this year.

Brady said Telstra’s engineers had previously considered the update but determined that it was not relevant to the way the server was then being used. The subsequent undocumented design change made the GPS card — and therefore the unapplied update — operationally significant.

When technicians restarted the server on 8 July, they were unaware that it no longer operated according to the standard design reflected in their maintenance instructions.

“Had that software update been completed, or had the design change been properly documented and reflected in the maintenance procedure, the outage may not have occurred,” Brady said in her opening statement.

“If maintenance work can trigger this kind of outage, it suggests our controls were not good enough.”

Senators scrutinise warnings and ageing equipment

Committee chair Senator Sarah Hanson-Young questioned whether the combination of missing documentation, an unapplied update and ageing equipment amounted to incompetence rather than an unavoidable failure in a complex network.

The SSU2000 server at the centre of the outage was manufactured in 2011. Telstra nevertheless disputed suggestions that it had reached the end of its operational life, telling the committee that the equipment remained commercially available and its GPS module continued to receive supplier support.

Chief financial officer Michael Ackland acknowledged that a newer device, operating according to Telstra’s intended design, would not have produced the same outage.

Nationals Senator Ross Cadell pressed the company about an earlier manufacturer bulletin, the adequacy of its risk assessments and whether reductions in staffing or reliance on contractors had diminished Telstra’s engineering capability.

Telstra said the maintenance had been performed by its own Melbourne-based employees and that the responsible team had not been subjected to staff cuts. The company also rejected suggestions that investment in its network had declined, saying capital expenditure excluding spectrum had increased from about $3 billion in the 2021 financial year to an anticipated $3.8 billion in 2026.

The evidence nevertheless left the committee examining a broader question: how a change to equipment performing a nationally significant function could be implemented without the documentation and reassessment required by Telstra’s own risk-management processes.

Brady said it did not appear that the appropriate control had operated when the server’s design was changed.

Triple Zero errors continued after initial restoration

Telstra detected the developing network problem at 4.20am and posted an initial update to its website at 4.38am. It contacted Communications Minister Anika Wells’ office at 6.44am, isolated the affected server at 7.11am and activated the Triple Zero Disruption Protocol partner bridge at 7.20am.

Most mobile calls and data services were operating correctly by 10am, while the initially identified network fault had been addressed by 4pm.

A related problem affecting some Triple Zero calls persisted longer and required a separate solution, which was implemented at 10.38am on Thursday, 9 July.

Telstra undertook 604 welfare checks connected with the unsuccessful calls. According to the company:

  • 335 callers confirmed that they did not require assistance;
  • 102 said emergency services were already present or had been contacted;
  • 144 could not initially be reached and were referred to police; and
  • 23 were referred to the appropriate emergency service organisation.

Telstra and the Commonwealth Government have said they are not aware of any adverse or life-threatening outcome attributable to the outage.

The emergency “camp-on” mechanism, which allows a Triple Zero call to use another available mobile network, operated during the disruption. Telstra said approximately 3,200 more emergency calls than usual were carried over the Optus and TPG networks.

Regulatory investigation and possible penalties

The Australian Communications and Media Authority has opened a separate investigation into whether Telstra complied with the Telecommunications (Emergency Call Service) Determination 2019 and the Telecommunications (Customer Communications for Outages) Industry Standard 2024The regulator announced its investigation on the day of the outage.

The communications standard requires telecommunications providers to keep customers, the public and specified stakeholders informed during major outages. A major outage is generally one affecting at least 100,000 services for more than an hour. Updated outage-reporting rules also took effect on 30 June, little more than a week before the Telstra failure.

Minister Wells has said Telstra could face civil penalties of up to $30 million if breaches of its obligations are established. The company has also opened a complaints and compensation process for small businesses able to demonstrate direct financial losses.

Telstra’s internal inquiry is being led by its Chief Risk Office, with Technology Audit Partners appointed to provide external scrutiny. Brady committed to giving the final findings to the Senate committee.

The company has moved affected network functions to newer equipment, is updating the corresponding servers in Sydney and Perth and is reviewing their replacement timetable.

The Senate inquiry was originally established following the fatal Optus Triple Zero outage of September 2025. Its remit extends to the adequacy of Australia’s regulatory architecture, emergency roaming arrangements and whether Commonwealth oversight of critical telecommunications infrastructure remains fit for purpose. The committee is now scheduled to report by 7 August. The inquiry’s terms of reference are available through Parliament.

For Telstra, the immediate technical fault may have been isolated. The more difficult question before the company, regulators and Parliament is whether the institutional weaknesses that allowed it to become a national outage have also been contained.

Leave a Comment