Rogers 2022: When a Routing Error Took a Country Offline

What Failed

On July 8, 2022, at 4:58 AM EDT, Rogers' network operations team performed routine maintenance on distribution routers. The change involved removing a routing filter—specifically an access control list (ACL)—that prevented certain traffic patterns from reaching the core network.

The consequence was immediate and cascading. Without the filter, the distribution routers began flooding the core network with Border Gateway Protocol (BGP) routing information. The core routers, unprepared for this volume of routing updates, began crashing under the load. Within minutes, the core network was degraded. Within hours, Rogers' entire national network was effectively offline.

This was not a software bug, a security breach, or a deliberate attack. This was a configuration change performed as part of normal maintenance that removed a critical safeguard. The CRTC's later independent assessment, conducted by Xona Partners, confirmed this finding. The root cause was procedural: the change was made without sufficient testing, validation, or rollback procedures to catch the failure before it propagated.

Why the Impact Spread

The Rogers outage became a national continuity event not because the telecom failure was unprecedented, but because the nation's payment, banking, and emergency systems had become dependent on Rogers' infrastructure without realizing it.

Payment Cascade: Interac, the network that powers debit transactions and e-transfers across Canada, relies on multiple carrier connections for redundancy. However, when Rogers failed, the concentration of Canadian telecommunications through a small number of major carriers meant that Interac lost critical connectivity paths. Debit services failed nationally. ATMs went offline. Point-of-sale systems could not process transactions. Businesses and consumers could not pay using their primary methods.

Banking Disruption: Online banking became unavailable for millions. Banking customer service lines were overwhelmed. Access to accounts, transfers, and basic financial services degraded across multiple Canadian banks simultaneously.

Emergency Services Impact: Some 911 services reported impairment. The interconnection between telecom and emergency dispatch meant that a telecom outage could impact the ability of Canadians to reach emergency services.

The cascade exposed a critical vulnerability: organizations had modeled their continuity around internal redundancy while remaining exposed to external single points of failure. A company might have backup internet links, but if those links all depended on Rogers, the backup was illusory. Interac had planned for one carrier to fail, but not for a carrier failure to be this complete and this long.

The Duration Timeline

What the Incident Exposed

The Rogers outage revealed structural weaknesses in Canadian operational resilience:

Redundancy Was Illusory. Organizations believed they had carrier redundancy because they had contracts with multiple carriers. In practice, Rogers' network dominance meant that many backups still depended on Rogers infrastructure. When Rogers failed completely, the backups failed too.

Payment Continuity Assumed Telecom Reliability. Payment systems had built-in redundancy, but that redundancy assumed at least one major carrier would remain operational. The assumption that Rogers—a carrier as large as Rogers—could experience a 26-hour total failure was not built into contingency plans.

Communications Collapsed at the Moment They Were Most Needed. Customers could not call Rogers for information because Rogers' phone lines were down. Businesses could not reach banks for guidance because banking customer service lines were overwhelmed. The public experienced an information vacuum alongside the service failure.

Critical Services Were Never Exercised as a Cascade. Banks had tested single-carrier failures. Interac had tested partial degradation. But no organization had exercised a scenario where payments, communications, and banking all failed simultaneously due to a telecom outage. The gap between plan and reality was exposed in real time, under national scrutiny.

Regulatory Gaps Existed Around Infrastructure Interdependency. The CRTC's later assessment led to mandated mutual-aid agreements between Canadian carriers—a regulatory acknowledgment that the market alone had not produced sufficient interdependency resilience.

The Resilience Lens

The CrisisLoop interpretation of this event focuses on what the technical failure revealed about organizational readiness:

This was not fundamentally a network engineering problem. This was a governance, planning, and rehearsal problem. The technical root cause—a removed routing filter—was a symptom. The disease was the assumption that external infrastructure would always be available, that redundancy inside an organization's walls was sufficient, and that a scenario as severe as 26 hours of nationwide telecom failure was too unlikely to plan for.

Real resilience requires three things: understanding hidden dependencies, having tested alternatives in place, and having rehearsed the decision-making process that occurs when alternatives fail. The Rogers outage proved that Canadian organizations, on average, had not done these three things. Some learned afterward. Better to learn in an exercise than in a live event.

What Boards Should Be Asking

After studying the Rogers incident, board members and risk committees should be asking:

• Which of our critical services depend on a single telecom provider? Do we have visibility into this dependency across the full organization, or only within IT?
• Can we still accept and process payments if all major carriers fail simultaneously? For how long? What is the longest outage our payment systems can survive?
• How would we communicate with customers if our primary communication channels were offline at the same time? Do we have a secondary channel prepared, tested, and known to employees?
• Have we exercised a scenario where payments, communications, and customer service all degrade at the same time? What did we learn? What did we change?
• Who are our critical external dependencies? What is our plan if each one fails? Have we rehearsed those plans in the last year?

Conclusion

The Rogers outage proved that national-scale dependency failure does not require a cyberattack, a natural disaster, or a sophisticated threat. A configuration error in one network can still trigger business paralysis, payment disruption, customer frustration, and public scrutiny on a scale that affects millions.

The lesson for resilience leaders is this: it is not enough to ask whether a critical provider is reliable. You must ask what breaks alongside it. How fast does the impact cascade? Have your leaders already rehearsed that cascade under time pressure and incomplete information? And can your organization still function—or at least preserve customer trust—while waiting for restoration?

The Rogers incident was in July 2022. The regulatory response came in 2024. Organizations that waited for regulation to move were already two years behind. The ones that moved immediately were ahead. Where do you want to be?