The ripple effect of this week’s mass Telstra outage exposes how vulnerable Australia is to future potential attacks on critical infrastructure, cyber security experts warn.The outage not only left millions of customers without mobile phone coverage but also shut down huge sections of regional passenger rail networks, and crippled business operators relying on digital payments.Cybersecurity expert Dennis Desmond warned adversaries may now be more likely to attack our supply chains, knowing potentially untested software might have been to blame.“It clearly demonstrates to an adversary the interconnectedness of the various systems that provide additional targeting data,” the University of the Sunshine Coast’s cybersecurity expert said of Wednesday’s outage.“For example, if I know that the transportation system is connected to a specific telecommunications provider, it gives me a much better idea of how to target various systems in Australia to bring the critical infrastructure down,” Dr Desmond told NewsWire.Any bad actor looking to target Australia now has more “critical intelligence” about our critical infrastructure, including how long the systems take to recover.“It also demonstrates the fact that there is a lengthy recovery period for multiple systems that are connected, and that they are not as resilient as they should be when such a large percentage of the population relies on the services and products that it provides,” Dr Desmond said.“Each time there is an outage, such as previous outages that we’ve seen with Optus and Vodafone, it gives an adversary, usually a nation-state backed, better information on how to disrupt systems in the event of a cyber war or conventional war.”Dr Desmond recommends people have a back-up phone on a different network, carry cash, and create communication plans with family such as deciding on a wi-fi based means of getting in touch, handheld radios, and a physical rendezvous point.By late on Friday Telstra was still unable to publicly explain the root cause of Wednesday’s early morning outage.Responding to questions about the root cause and its vulnerability to an attack, a Telstra spokesperson said the telco’s investigation was ongoing.“Precise timing is fundamental to the operation of any modern mobile network. Globally, the telecommunications industry, as well as cyber and infrastructure experts recognise the importance of maintaining resilient and diverse timing sources to support network reliability,” the spokesperson said.“We have commenced a full investigation into this incident. This will include considering what further steps we might take to ensure the reliability and resilience of the options we use for precision timing.”Telstra chief financial officer Michael Ackland on Wednesday attributed the outage to a “time synchronisation issue” caused by a “glitch in the software that reset the GPS timer”.The issue was first identified at 4.30am affecting “a number of nodes that help keep time across our mobile network”.However, it took the telco several hours before the network returned to service.Flinders University computer science expert Paul Gardner-Stephen told NewsWire the Telstra outage showed how deeply Australian systems depend on what is commonly known as position, navigation and timing systems, like GPS, and in this case, network time protocol.“In this case, GPS didn’t cease to be available, but the divergence between what GPS was saying the time was, and what – as I understand the issue to be – Telstra’s systems were telling them is what caused the issue,” Associate Professor Gardner-Stephen said.“So it’s just revealed that interfering with either of these legs can cause widespread problems, such as shutting down rail logistics in a measurable part of the country, due to the lack of adequate fallback provisions for when forced to operate offline or fully analog,” he said.Prof Gardner-Stephen said the outage did not expose a total over-reliance on Telstra, but rather “our over-reliance on the proper operation of critical cyber services and facilities that are, in fact, quite fragile”.A response to protect against the outage was evident in South Australia’s traffic lights – which ticked down from their optimal operating method to a simpler pattern system.“It degraded gracefully,” Prof Gardner-Stephen said.“Compare that to a rail system shutting down completely when, in all probability, a contingency plan with manual signal operations would have allowed at least some fraction of normal rail traffic to operate safely,” he said.As experts and the telco industry await an explanation on the root cause from Telstra, Dr Desmond said that cause could be guarded against faulting again if a software failure or coding bug was to blame.If a patch or upgrade caused the time-sync glitch, that too could be fixed going forward.If untested software was to blame, Dr Desmond saw big problems.“Before any software is applied to an operational system, it should be first run through either a virtual simulation or a sandboxed closed system within a laboratory to identify any potential negative outcomes,” he said“Untested software should never be installed on an operational system, especially critical infrastructure, without testing and evaluation. This was poor judgment if the latter.”