When governments talk about deterrence, they usually mean doctrine, platforms and weapons. Yet modern power rests equally on the infrastructure that sustains a nation under stress. The capacity to keep networks online, data protected and energy stable is a frontline of national defence.

Resilience gives deterrence its credibility. It ensures that a country can absorb shocks, adapt under attack and continue to function when adversaries target civilian systems rather than military ones. In the Indo-Pacific, where coercion increasingly exploits economic, digital and social vulnerabilities, resilience practicably demonstrates deterrence.

A state that can maintain essential services, safeguard its population and recover quickly from disruption by adversaries does not yield advantage. Energy grids, data centres and submarine cables are not just utilities but strategic levers. Disrupt them, and you can unsettle confidence, commerce and command. Protect them, and you reinforce both deterrence and sovereignty. That makes resilience a test of credibility.

Australia already plays in this space, even if we rarely frame it that way. When Canberra helps fund submarine cables or supports partners with secure cloud services, it is strengthening the regional balance of power as much as delivering aid. As I have argued, these investments build trust, reduce dependency and shape long-term alignment.

Trust is the real currency of deterrence. A Pacific partner that relies on Australian-backed systems—built to open standards, governed transparently and defended by democratic governance—has less to fear from coercion. Resilience, in that sense, becomes diplomacy through delivery: a demonstration that trusted and assured systems can endure pressure and still serve their people.

The inverse is equally true. Fragile or opaque infrastructure invites interference. The discovery of concealed communication modules in Chinese-made solar inverters revealed how even benign-looking hardware could mask strategic vulnerabilities. Similar devices operate across Australian grids. When the technologies that drive your energy transition may also transmit telemetry abroad, resilience becomes a question of trust, sovereignty and defence.

Supply chain assurance is therefore strategic assurance. Compromises can appear deep inside circuit boards, firmware or routers that support everything from utilities to defence networks. If those layers can’t be verified, deterrence built on them will fail.

Modern infrastructure is globally sourced and digitally managed. A single breach can cascade across systems and borders. That is why risk diversification across suppliers, jurisdictions and technologies must be treated as strategy rather than procurement detail. Nations that can isolate, reroute and recover faster will hold the advantage.

Digital infrastructure has become the new frontier of sovereignty. Cloud platforms and data centres determine who controls information flows during disruption. When critical workloads are hosted on foreign platforms, operational independence is at stake. The question is not only where data sits, but who has authority over it, who can see metadata, and who decides which systems stay online if tensions rise.

When it comes to commercial cloud, this means demanding transparency and control. Governments need to ensure that sensitive workloads are , identity systems are verifiable and contracts align with national security needs. Hyperscale providers such as Amazon, Google, Microsoft and Oracle already offer secure, regionally distributed environments. The issue is whether governments are using them strategically.

Resilience depends on coordination between public and private sectors. Telecommunications carriers, utilities, cloud operators and logistics firms all share exposure. Australia’s Security of Critical Infrastructure Act created a governance baseline, but compliance alone doesn’t ensure readiness. The goal must be continuity under stress. Systems should be designed to degrade safely, not collapse. Data needs to remain recoverable and secure even against emerging threats such as quantum decryption. Exercises that combine cyber, energy and communications failures reveal dependencies that normal audits miss.

For too long, efficiency has dominated how we build and run infrastructure. Just-in-time supply chains and minimal redundancy reduce cost but increase fragility. In a contested region, assurance must replace optimisation.

Australia has the reach and experience to lead. Our investments in Pacific connectivity, secure infrastructure finance and cyber capacity already contribute to stability. Through AUKUS Pillar Two, we are also learning to treat civilian technology and defence capability as part of the same system. What’s still missing is a more deliberate understanding of what capabilities customers need, what controls provide confidence of sovereignty and how those controls vary by context. ASPI’s recent reports on high risk vendors show how structural controls, transparency and verifiable assurance can guide those choices. The next step is to map the underlying technology stack and identify which layers carry the most consequence for sovereignty, and where targeted capability uplift should begin.

Resilience planning needs to start with risk and consequence—what is being protected, why and from what—rather than with generic assumptions about threat. A focus on risk—not just adversary capability—creates the space for proportional, evidence-based protection. That means mapping dependencies, identifying where trust needs to be proven and investing in the systems that guarantee continuity of function even under coercion.

Sovereign cloud, trusted hardware and diversified supply are not separate agendas. Together they define whether a country can stay connected, govern itself and act independently in crisis. Infrastructure resilience may not look like power projection, but it is what makes national power possible.

 

Microsoft is supporting publication of this series of articles.