Update, 21st MaRCH 2020
I’ve sent an email to MLAs
To: Falkland Islands MLAs
cc: Falkland Islands Attorney General
Although this is an important issue for the Falkland Islands, but because I’m sure that all your focus and time is being spent on Corona Virus issues, I would like to withdraw this request until things have calmed down a bit.
I hope the islands’ planning goes well, and I will re-raise my request when the time seems appropriate.
Of course, if there are any thoughts on the subject then I’d be happy to hear them in the meantime.
In January 2020, I wrote a post about the unintended consequence to businesses caused by the new Falkland Islands Government (FIG) VSAT legislation. This catch-all legislation effectively deters companies – especially small ones – from installing appropriate business continuity capabilities that are an absolute necessity if Sure South Atlantic’s Internet service falters.
An open email has been sent to Falkland Island Members of the Legislative Assembly (MLAs) about this oversight that can be seen below.
Before cutting to the chase, I’d like to show some relevant extracts from two reports recently posted on the Falkland Islands’ Communication Regulator’s web page that provide additional context.
The first report is the Falkland Islands’ Communications Regulator’s Annual Report 2019
The extract below shows that, from a legal perspective, the licencing of VSATs is now considered done and dusted by FIG, MLAs and the Regulator.
(3) The repeal of the Wireless Telegraphy Ordinance 1994 and the inclusion of its provisions in the Communications Ordinance. The work also enabled legislation related to licencing and VSATs to be tidied up. VSATs can now be licenced in accordance with EXCO’s original intent (see EXCO paper 163/16).
The second report is Sure SA Limited’s Degraded Network Service 22 Oct-15 Nov 19
It is not my intention to discuss the core content of this report – “the cause and cure of the sustained Denial of Service Attack (DDoS)” as it looks like Sure SA undertook the necessary industry-standard technical activities to manage the situation professionally. Several extracts are relevant.
Clause 7: The effect of the attack was to dramatically increase downlink congestion. Service performance was significantly reduced often for sustained periods over a 24 day period. However, services were never completely lost. Wholly on Island services were unaffected.
Clause 8: Sure customers trying to use off island services were affected by the attack.
Clause 9: The attacks had a particularly heavy impact on video and voice services making them frequently inoperable. Access to off shore emails and websites became protracted with frequent timeouts. International telephone calls were lost. Bank card payment and two step authentication using texts was impossible.
Note: There were many other services impacted by Internet outage not mentioned in the report.
As its stated objective, the report focuses on taking a backwards view to determine the cause and cure of the issue and to determine whether enforcement action, penalty or compensation is necessitated (which it was not).
It does not include any forward-looking comments or recommendations outside of those concerned with Sure South Atlantic’s network. The only point that businesses were mentioned was in the following clause.
Clause 11: Given the severity of the impacts and the effect on Government and Business functions, there is an emerging case for Sure’s network and services being classified as Critical National Infrastructure (CNI) and Government Business Continuity plans drafted around a sustained degrading of all services
Although it is a populist term at the moment, I have no idea what the term Critical National Infrastructure (CNI) would mean in practice or how that would affect Sure South Atlantic’s owned network infrastructure. From the wording, it does NOT include local business infrastructure, so, there would still be consumer service outages as experienced in November 2019 if the Internet becomes unavailable again.
It should be an objective of such a report to provide a set of wholistic recommendations that would help prevent a re-occurrence. In my experience, regulators are allowed, indeed expected, to express opinions (as is practised by OFCOM) The lack of comment and recommendations beyond Sure’s network resilience is a significant omission for the islands’ businesses.
Denial of Service Attacks (DDoS) are VERY, VERY common to one degree or another. There is absolutely no guarantee that further major attacks will not occur to Sure South Atlantic’s network in the coming months. Further, no ISP in the world can guarantee that Internet performance degradation or a 100% outage caused by DDoS or other infrastructure issues will not reoccur.
Hence, businesses, of any size, MUST be able to implement affordable VSAT business continuity capabilities to maintain front and back-office functionality.
The current VSAT service price, specified by enforceable legislation, is more expensive than the highest-cost retail Internet access package. A VSAT business continuity service would, hopefully, hardly ever be used in practice except when Sure South Atlantic’s ‘Critical National Infrastructure’ network again fails.
In practice, possibly the cheapest VSAT service with the least amount of annual quota is sufficient to provide such a capability. There are several VSAT specialist business continuity services available with a yearly cost of less than $100 and a one-off installation cost of $800 as a Google search will show.
As this pressing issue does not seem to be being addressed, I am sending an open letter to Falkland Islands MLAs who are responsible for legislation.
An open email to Falkland Islands MLAs concerning VSAT legislation.
to: Falkland Islands MLAs
cc: Falkland Islands Attorney General
In January 2020, I wrote a post about the unintended consequence to businesses caused by the new Falkland Islands Government (FIG) VSAT legislation. As I am not aware that this issue is being addressed, I have sent this open email to MLAs together with additional background discussed here.
It is Sure SA’s responsibility to ensure that their network is as resilient as it can be to infrastructure failure, but the same applies to all other Falkland Islands’ companies and is especially so for those providing a public-facing service. It is just as important to those who are not.
As it impossible for any ISP to guarantee immunity to a sustained DDoS attack, local businesses must be able to provide adequate business continuity capabilities through the use of a VSAT.
A VSAT-based business continuity capability would only be used in the case of severe Internet performance degradation or a full-blown outage, so it is inappropriate that they are forced to purchase a VSAT that costs more than the most expensive retail Internet access package. In fact, very little data would be used in an outage scenario.
Local businesses seem to be caught up in collateral damage or are the victims of unintended consequences of the new broad-stroke VSAT legislation. Businesses must be able to maintain their customer-facing and back office capabilities on a 24x7x365 day basis in this now totally online dominated world we live in.
I can’t imagine any other isolated, satellite-connected, island community, anywhere in the world, where VSATs are not used as a critical element to ensure business continuity in an Internet Force Majeure situation. We are not talking about a vast number of installations at the end of the day.
I’m sure that businesses would like to understand whether MLAs have any sympathy with the views outlined in these posts about a serious oversight and are willing to consider initiating a business exemption amendment legislation as was specified in EXCO paper 163/16? This would enable Sure South Atlantic to create a competitively priced VSAT Business Continuity package or allow self-provision of such a capability.
I would ask MLAs to please acknowledge receipt of this open email and indicate when a considered open response would be forthcoming.