National resilience? Hardly. We’re unprepared for crises
20 Nov 2024|

Three landmark reports this year have laid bare an uncomfortable truth: Australia is dangerously unprepared for crises.

Each report brings distinct yet complementary insights:

The Glasser review into disaster governance arrangements found that resilience has no dedicated home at the Commonwealth level. Its seven key recommendations emphasise the need for stronger leadership, including an elevated role for National Cabinet in coordinating resilience initiatives and the introduction of an annual National Resilience Report to Parliament, with clear metrics and a strengthened focus on climate risk.

The Telecommunications Sector Resilience Profile, of which I was the lead author, shows weaknesses at the sector level, with the concept of resilience only at an early stage of integration into federal policies. The report established a framework of seven guiding principles supported by 34 specific capabilities. This framework provides both a roadmap for enhancement and a mechanism to track progress in strengthening telecommunications infrastructure.

And the Colvin review examined disaster funding mechanisms, warning that without immediate, evidence-based investment in risk reduction, Australia faced an unsustainable rise in disaster-related costs. Its 44 recommendations, underpinned by eight design principles, outlined a more focused Commonwealth role, including new accountability measures and annual reporting requirements.

These reports converge on fundamental gaps: we lack a shared vision of success, clear lines of responsibility and ways to measure improvement. Without addressing these basics, Australia’s crisis response will remain fragmented and reactive.

The telecommunications sector perfectly illustrates these challenges. Modern networks are engineering marvels working invisibly in our daily lives, until they fail, as we saw in the Optus outage last year.

The problem runs deeper than individual failures. Our research at ANU revealed severe gaps in how we manage the interplay between markets and government regulation. When crises hit, we discover these gaps the hard way.

For example, the dependency of telecommunications on energy providers is a key vulnerability. Telecommunications providers do not often have prior warning of plans by energy providers to de-energise or re-energise the electricity grid. The Royal Commission into Natural Disaster Arrangements recommended improved cooperation between the telecommunications and energy sectors after the 2019–20 Black Summer bushfires, however current efforts have not improved the relationship, industry insiders say.

More worrying still is our diminishing ability to learn from these failures. Australia’s cyber intelligence agency has seen a decline in incident reporting. Instead, businesses are putting legal protection over transparency and collective improvement. This creates a dangerous knowledge gap: how can we improve if we don’t know what’s going wrong?

Each disruption offers lessons, yet we lack a systematic way to capture insights, implement changes across sectors and hold government and industry accountable for improvement.

The Glasser review notes differing meanings of resilience. For remote communities, it may mean preserving major employers. For national security planners, it encompasses regional security, supply chain stability, cyber threats, natural disasters and terrorism. In telecommunications, resilience can mean, for example, ensuring businesses’ revenue or students’ access to online learning.

Differing interpretations of resilience can lead to institutional inertia. Various groups can claim their expectations aren’t being met while they wait for others to act. Resilience becomes both everyone’s responsibility and no one’s.

The telecommunications sector demonstrates the difficulty of making achievement of resilience actionable for industry. As each provider defines resilience based on its commercial interests, sector-wide efforts are often at cross-purposes.

The Telecommunications Sector Resilience Profile proposed a principles-based cyber governance framework based on the UN’s Principles for Resilient Infrastructure. This practical application of the UN’s principles could inform their use in other critical infrastructure sectors.

The Colvin review makes clear we’re still trying to solve tomorrow’s problems with yesterday’s funding models. Complex funding arrangements often fail those who need help most by creating a system in which success depends more on grant-writing expertise than need. While well-resourced organisations can navigate the bureaucratic maze, our most vulnerable communities—those facing language barriers, disability or geographic isolation—are left exposed.

The telecommunications sector perfectly illustrates this brewing crisis. Major carriers cannot justify skyrocketing infrastructure costs to meet growing data demands while revenue streams struggle to keep pace. This isn’t just a business problem; it’s a national security issue. When commercial imperatives clash with resilience requirements, short-term thinking often wins.

The last few years have forced faster crisis decision-making, but speed without strategy has left us lurching between emergencies. These three reports share a common message: breaking this cycle requires more than just response plans.

Effective crisis leadership demands clear objectives that guide priorities, robust systems that ensure dependable action, and shared measures of success. Building true resilience demands more than chasing spot fires—it demands transformative thinking.