Deterrence has long been framed in terms of punishment and denial: states have sought to convince adversaries that aggression would be too costly, either through retaliation or by making success unachievable.

These approaches still matter, but the context has changed. In a world where adversaries can use disruption to achieve their strategic aims without firing a shot, deterrence depends on the resilience of a target country’s critical infrastructure—the systems that keep it functioning.

Those systems include physical facilities, supply chains, information technologies and communication networks whose destruction or degradation would significantly affect a country’s wellbeing, or national security. They consist of not just fixed assets, but also the broader systems and supply chains that deliver essential services.

Deterrence by resilience is built on the strength of this infrastructure: when a country and its forces and systems can absorb shocks, adapt and recover, its adversaries are less likely to believe they can achieve decisive effects.

Critical infrastructure is a strategic target. Digitally controlled power grids, transport networks, ports, hospitals and financial systems are more exposed than weapons platforms. Adversaries have learned that disruption can yield strategic gains without triggering conventional warfare. The goal is not destruction, but to erode confidence and to pressure target governments without triggering a military response.

That’s where resilience becomes central. The ability to absorb disruption and keep operating isn’t just a technical virtue; it’s a signal. If an adversary believes that disruption will be temporary and costly to sustain, the incentive to strike is reduced. Resilience signals that society can function under pressure and continue to deny and punish.

We have seen glimpses of this already. After suffering cyberattacks in 2007, Estonia invested in distributed systems and offshore data embassies. Ukraine’s wartime pivot to cloud and satellite communications helped blunt physical and cyber strikes. These steps didn’t eliminate risk, but they made disruption less rewarding and bought time to respond.

For Australia and its partners, this demands a broader view of capability. Traditional measures—force posture and readiness—must sit alongside how fast systems can be restored, how interdependencies are managed and how public confidence is maintained. Resilience depends on understanding how disruption in one system, such as power or telecommunications, can cascade through others. These second- and third-order effects are hard to model, but crucial for realistic planning.

Exercises help build trust and reveal weak points. Cross-sector simulations show where coordination fails and how long recovery really takes. Australia has made progress, but more consistent, cross-sector exercises are needed—especially in energy, transport and digital infrastructure. These aren’t box-ticking drills but strategic demonstrations that adversaries notice.

That also means rethinking investment. Defence spending focuses on platforms and weapons. Resilience spending looks like backup power, redundant cables, distributed data systems and trusted partnerships with industry. It also demands a clearer understanding of how supply chain disruption could impair critical systems, including upstream inputs, logistics and single points of failure. Recovery depends not just on hardened infrastructure but on people who know what to do when systems fail.

It also calls for a more mature relationship between government and the private sector. Most critical infrastructure is privately owned, making operators frontline actors in national defence. Cyberattacks on an energy grid or telecommunications network will not wait for ministerial approval. Operators need trusted communication channels, clear legal frameworks and well-tested procedures.

Resilience should be built in from the start. Too many systems are designed for efficiency, then retrofitted for security. That leaves them brittle when stress arrives.

This is especially relevant to hyperscale cloud technologies. While hyperscale providers offer unmatched scale, security and operational depth, their dominance also introduces systemic risk. In a crisis—such as state coercion, connectivity loss or cascading failure—the ability to sustain core functions matters more than efficiency. Some systems, especially those essential to national continuity, may need sovereign fallback options or classification-aware architectures.

That doesn’t mean duplicating hyperscale capability domestically. Australia lacks the workforce and investment scale to do so. But resilience planning must account for points of dependency and ensure that critical services can operate even when primary providers are unavailable. This means embedding redundancy in communications, insisting on visibility and sovereignty where it counts, and designing for graceful degradation and rapid recovery.

There is a regional dimension too. Indo-Pacific nations are upgrading their digital infrastructure, while facing a growing threat of coercion. Taiwan is investing in satellite connectivity and offshore backups. Japan is developing national cloud platforms. Pacific island nations rely on contested undersea cables. These systems can be hardened and interconnected, or they can remain fragile. Australia has a key role in shaping standards and supporting secure regional infrastructure.

Resilience doesn’t replace traditional deterrence; it reinforces it. Military capability still matters, but without robust systems behind the front line, societies are vulnerable to non-military coercion. Resilient infrastructure strengthens deterrence by showing that disruption will not achieve strategic effect.

In a world of cyber-physical competition, the question adversaries ask is no longer just ‘can we break this system?’ but ‘will breaking it matter?’ If systems recover quickly, if services continue, and if society adapts, the logic of coercion breaks down.

That is deterrence by resilience. It’s not about removing risk but about denying adversaries the confidence that disruption will yield effects.

Microsoft is supporting publication of this series of articles.