Over the past few days, CenturyLink had a widespread 29 hour outage impacting Internet and Emergency communications. The company has not released a cause (other than to say it was not hacking). Regulatory agencies, including the FCC are now investigating.
The interesting part (to this CISSP) will be the incident response post-mortem. For example, CentruryLink might be advised to improve their crisis communications plan and to implement mandatory escalations. Notably, it took about 24 hours to publicly acknowledge impact to 911 with amateurish advise. Given that smaller 911 outages are relatively common, it seems that a time-tested prepared statement and release procedure should have been readily available.
Many local Emergency Management Agencies did the right thing... advising people to add the non-emergency (10-digit) phone number for their local police department into their contacts list. Even if one ends up calling the wrong department, they still are trained to triage and engage the correct resources.
I am also interested in seeing the impact of this. Definitely there is a call to revise their outage response procedure I would think. And this is just a small taste of what could happen if a malicious actor came on the scene and wanted to do damage. Because CenturyLink is the back haul to many cellular sites, quite a few wireless carriers were also impacted by this outage.
Yes, this will be an intresting case as they house infrastrcuture for so many clients.