America's Federal Communications Commission (FCC) has fined Verizon a little over a million dollars for failing to route 911 calls during a cellular outage.

The outage occurred on December 21, 2022, killing calls to Verizon's Voice over LTE (VoLTE) operations in six southeastern states for an hour and 44 minutes. During that time, the FCC says [PDF], Verizon failed to connect hundreds of callers to 911 call centers, which is not only bad for people in distress, but illegal since Verizon is obligated to connect users to the service.

According to the FCC's recounting of events, the December outage was very similar to one Verizon experienced the previous October, and the telecoms giant had apparently implemented improvements intended to avert another outage from happening again. However, the December outage apparently wasn't a result of Verizon's mitigations being insufficient, but instead the result of poorly named software - it's said.

Verizon had identified a particularly buggy security policy as one of the root causes of the October outage, and replaced it with a brand new one. However, the old security policy was not deleted, merely deactivated. The FCC claims that Verizon had "insufficient naming protocols," indicating that the naming convention for security policies was ambiguous.

These factors made it possible for a Verizon employee to accidentally implement the glitchy security policy yet again. The FCC says this mistake should have been caught before the outage happened, but claims Verizon employees weren't enforcing proper oversight like they were supposed to be doing. Thus, the reinstated policy led to the December outage.

The FCC fined Verizon $1.05 million and has instructed it to come up with a compliance plan to make sure this doesn't happen a third time. The plan details several practices that Verizon should ideally have already implemented, such as providing a checklist for employees to follow, testing proposed network changes before they're applied, and of course removing buggy security policies when they're discovered.

Those security policies will also get a new naming system to include when policies are made, to make it clear which ones are the latest and which ones are old. Verizon will have to keep the FCC posted on its progress for the next three years, reporting after the first 90 days, then after the first year, and then for a final time after three years have passed.

The FCC tends to take 911 outages seriously, with its latest target being Lumen Technologies, which was responsible for a spat of outages in April. Lumen paid a $3.8 million fine in 2021, nearly two days of profit based on its 2023 results, so another slap on the wrist.

"Ensuring ultra-reliable connectivity, especially when callers need to reach emergency services, is a cornerstone of our company," Verizon told The Register.

"The incident in 2022 was a highly unusual occurrence. We understand the critical importance of maintaining a robust and reliable 911 network, and we're committed to ensuring that our customers can always rely on our services in times of need." ®

https://www.theregister.com//2024/06/26/fcc_verizon_911_fine/