Critical infrastructure — is communications really part of it?

Recent communications failures should cause everyone to stop and think about whether our governments, public safety agencies, industry and the public in general really understand whether our communications systems are being treated as critical infrastructure.

For many years there have been submissions to government at many levels attempting to gain recognition that communications are an essential part of our daily life, and that they must be treated as part of critical infrastructure.

Geoff Spring, an Honorary Fellow and Senior Industry Advisor at the University of Melbourne’s Centre for Disaster Management and Public Safety (CDMPS) and a Project Officer for the Australian Radio Communications Industry Association (ARCIA), has been making submissions and representations to multiple government committees of inquiry pointing out the criticality of our public safety communications networks. In several cases the outcomes from these inquiries endorsed the position and recommended that public safety communication be accepted and treated as ‘critical infrastructure’, only to see the recommendations ignored or in some cases no follow-up due to changes of government.

In addition to the submissions to the various Public Safety Mobile Broadband (PSMB) inquiries, there were also submissions to bushfire inquiries and smart cities inquiries, all of whom accepted that communications were an essential part of the eco-structure that supports the public safety communications operational capabilities for our first responders, yet there was little or no action towards recognition of them as part of our national critical infrastructure. Perhaps that is because everyone just treats communications systems and platforms as being ubiquitous and like they will always be there? Recent history shows that not to be the case.

Since 2015 Spring has been pushing the case for public safety communications systems to be recognised as being part of Australia’s critical infrastructure, something that public expectations would support. When there is an emergency, we all want to feel assured that those saving our lives and protecting our properties have excellent communications systems. That expectation hasn’t changed and is still something that must happen; however, the needs and expectations of our public safety agencies have continually increased and will continue to do so, causing all sections of our communications network to become critical.

The recent problems with the public carriers’ networks have highlighted the problems, but just consider two examples some years apart:

1. Back in 2012 the Telstra network suffered problems when a fire in a Telstra building in Warrnambool caused interruptions to phone and data networks across much of south-western Victoria. Many businesses suffered some interruption to their businesses but in general many could still operate; it was hardly a business-critical failure on a large scale.
2. Late last year the Optus network had a significant network failure, probably no worse than the Telstra failure of earlier years, yet the outcome was much worse. It became a business-critical failure for many users, both large and small. In fact, news reports showed that businesses including hairdressers and coffee shops had to stop operating during the outage.

So why are these two instances so different? Well, the public expectations of the ways in which we conduct transactions with governments and businesses have substantially changed and will continue to do so at an increasing pace, thanks to the continuing evolution of digital technologies — so not only are we more connected than ever before, we are now also more dependent. In today’s modern world, close to 70% of payments are done by credit card or other electronic means, whereas several years ago it would have been around 20% of transactions.

So, for a small business, not having connectivity means electronic payment systems are not available, and in the case of a small coffee shop in a ‘bolt hole’ location in the CBD of any of our cities, the loss of 90% of the business between 6 am and 10 am on a weekday probably equates to the profit for that week, maybe even that month; a business-critical failure. For bigger businesses, given that most operations are now utilising cloud-based software, losing connectivity means that the business can hardly operate without having access to the cloud.

In a modern world, losing general connectivity is now a business-critical situation for every transaction-oriented industry, from the coffee cart to the cellar door and restaurants. In many ways these businesses rely on their connectivity as much as public safety agencies rely on communications to provide essential services, hence the terms ‘mission critical’ for these agencies and ‘business critical’ for the daily requirements. Both of these are of such importance that they should be included in the consideration of what is the critical infrastructure required now and even more importantly being actively planned for ‘essential services’ in the future.

Historically, the critical communications networks for our public safety agencies were designed, installed and maintained by the radio communications industry, the members of ARCIA. The equipment utilised for primary communications was specifically selected and tested to the five nines level — 99.999% availability of service. This was also extended to cover the ancillary services required for continued operation. System design was built around the availability of support services; within metropolitan areas probably 48 hours’ back-up, regional services with 3–5 days’ back-up and remote areas much longer.

In the modern world we rely much more on the mobile phone suppliers and their wireless data networks, and these are designed around a consumer-grade network, probably 2–4 hours’ back-up in metro areas, maybe 8 hours in regional areas and perhaps 12 hours for key sites, a long way short of the power back-up at mission-critical levels. Why isn’t it longer, you ask? Well, the carriers are private companies and need to make a profit so their shareholders can receive dividends on their investment.

As we identify the concerns around the ‘always there’ public carrier communication networks, we must accept that it just isn’t practical to build them to always be there; the network owners and suppliers have to work to a commercial return-on-investment formula as part of their investment philosophy. This is also exacerbated by the ever-faster technology developments that mean that the network infrastructure also needs to be upgraded as technology changes. Most of us have seen the 3G, 4G and 5G technology implemented, and 6G is already being planned; technology leads to constant change.

The second big issue with technology advances in such a speedy fashion is that often the technology hasn’t had time to be fully explored and tested before it is installed; think about the updates to programs on your phone and laptop. Imagine the stress for a system engineer as he hits the <update> tab on software in a major network, and then watches to make sure that everything he has assured will be alright actually works. In most cases it does, but if it doesn’t then often there isn’t a ‘Plan B’ or maybe the Plan B is to forewarn the CEO that the TV stations are on the way for an interview, oops.

So what is the solution? As Spring has been trying to highlight for nearly a decade, a key part of any solution is to acknowledge that there could be a problem and, through well-coordinated planning and review, to highlight where the issues might come from. This planning and review should be done as a part of a regular and peer-reviewed process included in national programs to review the protection of our critical infrastructure. Just as our power and water companies must provide plans for the protection of supply and maintenance of services during incidents, so too should our communications industry be required to be transparent and provide an overview of its plans on how to address as many known (and unknown) risks as possible.

There should be no single point of failure, there should be alternative or parallel pathways to avoid known risks, and perhaps most importantly, our governments should insist on having the powers to permit access to other networks in times of critical incident failures. A business that depends on connectivity for daily operations should have access to other networks to ensure that business doesn’t grind to a halt with a network failure, and in some cases maybe the networks need to accept that mission-critical operations should just seamlessly switch to another network to ensure ongoing operations without interruption. How long have we had to wait for a PSMB capability to become available to our first responders? Simply put, too long!

For almost a decade the CDMPS and ARCIA, primarily through the efforts of Spring, have been lobbying for these types of considerations, and during that period the demand has now developed from just being mission critical to now including business critical as well. The wireless data networks that are ‘always there’ sometimes are not, and as a nation we cannot afford to continue to accept that as an ongoing situation.

The ongoing review of our nation’s critical infrastructure must include our public safety communications networks and the formal recognition of the ecosystem in which they reside; inherent and evolving risks should be identified and effectively managed to minimise their impact. These processes must be done in a transparent fashion so that concerns are not just accepted as being part of system or commercial design by our public carriers. It is in our national interest to make sure our systems are robust and, given the changes in our society, they remain ‘fit for purpose’.

On 13 November 2023 the Minister for Home Affairs announced that telecommunications will be recognised as critical infrastructure, with the Minister saying, “These rules, frankly, should have been in place years ago.” This is a very welcome small first step, but the remainder of the journey cannot be allowed to take another decade, and maybe the next step is to recognise the need for planning and transparency of the planning process. We should also recognise the efforts of people like Spring, the CDMPS and ARCIA for continuing to raise awareness of the need for recognition and protection of communications as part of our critical infrastructure.

*Ian Miller is the Spectrum & Technical Coordinator for the Australian Radio Communications Industry Association (ARCIA), and has over six decades of experience in the radio/wireless communications industry.

Top image credit: iStock.com/AlenaPaulus