Telstra warned for months about timekeeping vulnerability before outage
Quick Look
- Telstra faced warnings from government agencies and academics for months about its vulnerability to timekeeping errors.
- The exact issue that caused a major outage this week was previously flagged as a potential cascading failure point.
- Experts and government bodies had repeatedly highlighted the risks associated with reliance on GPS for timing.
AI-generated summary
Why It Matters
Telstra experienced a major network outage due to a time synchronisation issue caused by a software glitch. This exact scenario had been repeatedly flagged as a vulnerability by government agencies and academics for months.
Telstra was warned by federal government agencies and academics for months that it was vulnerable to the exact type of error that brought Australia's biggest mobile network to its knees this week, the ABC can reveal.
For years, public alerts by government agencies and submissions from researchers had flagged a scenario with telcos that now looks prescient: cascading problems caused by a single point of technical failure connected to timekeeping.
On Wednesday, that risk was no longer hypothetical.
Telstra identified an issue about 4:30am affecting "a number of nodes that help keep time across our mobile network".
By the time services were mostly restored, the telco ruled out a cyber-attack as the source of the disruption and instead pointed to a software fault affecting timekeeping.
While timekeeping, and the satellite systems that it predominantly relies on, are little known to the public, they have been repeatedly identified as a major potential fault line long before what they caused what one expert believed was Australia's first national timekeeping-related infrastructure failure.
Telstra was contacted for comment but did not respond by deadline.
In a press conference on Wednesday, Telstra chief financial officer Michael Ackland attributed the outage to a "time synchronisation issue" caused by a "glitch in the software that reset the GPS timer".
Swinburne University professor Allison Kealy, an expert in positioning, navigation and timing, told the ABC she had raised this exact scenario when she approached Telstra earlier this year while seeking support for a proposed critical infrastructure resilience research centre.
Professor Kealy said the pitch to telcos and other critical infrastructure operators was that they needed to identify shared points of failure before an outage exposed them.
Australia's government-run Cyber and Infrastructure Security Centre has also repeatedly raised timekeeping as a major concern for critical infrastructure providers.
In 2024, it put out a public alert about how "Australia's critical infrastructure increasingly relies on the delivery of positioning, navigation and timing".
In October last year, another alert from the centre singled out "critical communications assets" as being dependent on these timekeeping systems, including space-based satellites. It reiterated the legal obligations to ensure they had backups if those systems failed.
The alert was published around the same time the federal government created a new legal requirement for critical telecommunications providers to maintain a risk management program covering material hazards and mitigations.
The government's guidance for complying with this new requirement explicitly mentions preparing for anything that impairs systems that rely "on satellite and navigational technology" such as timing.
A spokesperson for the Department of Home Affairs confirmed Telstra had provided it with its risk management program.
The office of Communications Minister Annika Wells declined to comment on whether she was satisfied Telstra had been prepared for this type of issue.
Experts outside the government have also been sounding the alarm about Australia's dependence on GPS for almost 20 years.
As early as 2008, University of Adelaide Professor Don Sinnott told a Senate inquiry that GPS was used for precise timing on which telecommunications, banking and commerce relied to a "little-appreciated extent".
In recent times, jamming has become an almost daily occurrence in the Russia-Ukraine war and has even affected ships around the Strait of Hormuz.
Much of the academic and public policy work about GPS vulnerability has focused on jamming and spoofing, but experts say the same dependence on satellite signals also creates timing risks when systems fail.
The first suspected national outage caused by timekeeping issues
Professor Kealy said Mr Ackland's explanation of what happened raised questions about the resilience of Telstra's timekeeping systems.
"If a single software fault could disrupt the [timing] architecture across a large portion of their network, then there's a general expectation that they are aware of single points of failure," she said.
Professor Kealy gave the analogy of having both a wall clock and a clock on a microwave in your home. They are independent clocks, but they can still share a common point of failure.
If one clock broke, the other would likely continue working. But if the house lost power, both might stop keeping time.
UNSW's Australian Centre for Space Engineering Research's Professor Andrew Dempster said he could not recall another timing-related failure causing disruption on this scale in Australia.
Professor Dempster said while the outage appeared to show a failure rather than manipulation of GPS, it still demonstrated how vulnerable GPS-based timing systems could be.
Professor Kealy said the outage raised questions about whether Telstra's primary and backup timing systems shared a common point of failure.
Preparing for timing failures
Professor Kealy said preventing problems like this required multiple sources of time that could be checked against each other before a bad signal or software fault flowed through connected systems.
She said there was a need for more thorough testing of these systems across sectors and a framework for how critical infrastructure providers should prepare risk mitigation plans.
She said a national timing centre, like the UK's recently created National Timing Centre program, could fulfil such a function.
Professor Dempster said Australia should also address the practical barriers to testing GPS resilience, because testing systems against jamming required transmitting into a protected radio band.
Australia needed to "establish regimes […] where that testing can be done safely," he said.
But Professor Kealy said the responsibility did not stop with Telstra or other telcos.
Other industries that depend on telecommunications networks also needed to understand how much of their own resilience relied on those networks staying online.
"One system fails, telecoms fail, and suddenly you see transport failure. Transport failure leads to freight and logistics failures. The list goes on," she said.
What to Watch
AI outlook — possibilities, not facts
Telstra will likely face increased scrutiny and regulatory pressure regarding its infrastructure resilience.
Very likely · Within months
Australia may establish a national timing centre to improve critical infrastructure resilience.
Possible · Within years
Open Questions
- Were Telstra's primary and backup timing systems sharing a common failure point?
- Is the government satisfied with Telstra's preparedness for such issues?



