When the systems go quiet
What a new UN report means for Australia’s digital resilience, and for mobilisation in a harder strategic age
The latest report from the International Telecommunication Union, the UN Office for Disaster Risk Reduction and Sciences Po carries a deceptively calm title. When Digital Systems Fail is not about hackers or science fiction. It is a systematic attempt to imagine what happens when the infrastructure that underpins modern life fails at scale without malice, and to explain why current frameworks are not ready for that reality.
Its starting point is simple enough. Modern societies run on a mesh of digital systems that are far more tightly coupled than most policy makers or executives realise. Electricity, finance, transport, healthcare, communications and government services are all bound together by power grids, submarine cables, satellite systems and data centres. This architecture is extraordinarily efficient, but it also hides a growing fragility because every efficiency gain has quietly stripped out redundancy and ‘analogue’ options that previous generations took for granted.
The report brings this to life through three carefully constructed scenarios. None of them is farfetched. A solar storm of the same magnitude as the Carrington event in 1859 strikes a world wholly dependent on satellites, precision timing and long high voltage transmission lines. A European style heatwave, similar to the one that killed around 70,000 people in 2003, unfolds in a far more digitalised society where data centres, mobile networks and cloud platforms are woven into everyday services. A submarine volcano, reminiscent of the Hunga Tonga Hunga Haapai eruption in 2022, shreds clusters of undersea cables rather than a single line to a small island state.
In each case the story follows the same curve. The initial shock is serious but manageable. Operators do what they have been trained to do. Then the second and third order effects begin. Grid operators deal with local overloads, unaware that data centres in the affected areas host health systems, financial clearing platforms or emergency alert services for entire countries. Cable owners negotiate repairs and rerouting in a commercially rational way, without any international protocol to prioritise humanitarian needs when satellite capacity is scarce. Space weather experts issue warnings, but the people who control critical transformers or GNSS dependent systems have never lived through an event of that magnitude and lack a rehearsed playbook to act on the warnings.
The data the report marshals is sobering. Up to 89 per cent of digital service disruptions caused by natural hazards are not the result of direct physical damage but of cascading failures through interdependent systems. The number of people ultimately affected is estimated to be up to ten times higher than the population initially exposed to the original hazard. Most of the damage comes not from what fails first, but from what fails next. Crucially, the authors argue that this is not a story of unknown risk. Space weather probabilities, cable vulnerabilities and data centre exposures are documented across scientific literature and industry practice. What is missing is an architecture that connects these islands of knowledge and translates them into coordinated preparedness and strategic risk management.
Part of that architecture problem lies in how digital risk has been framed. Much of the political and public attention has focused on cyber threats. Those are real, but they are not the only way modern digital infrastructure can fail. The report is explicit that non-intentional disruptions of infrastructure, whether from storms, heat, fires, accidents or space weather, follow different dynamics and often receive less systematic attention. They do not announce themselves with a dramatic breach or a headline friendly villain. Instead they build quietly across sectors until a tipping point is reached and large parts of the system simply stop working.
For an Australian audience this is not an abstract problem. Every structural feature highlighted in the report is visible in the national landscape. Australian data centres are already on a steep growth trajectory. Work done for the Australian Energy Market Operator (AEMO) and the Clean Energy Finance Corporation (CEFC) suggests that data centres consumed about 3.9 Terawatt-hours (TWh) in FY25, roughly 2 per cent of the National Electricity Market (NEM) grid supplied electricity, and under high growth scenarios could reach 12 TWh by 2030 and 34.5 TWh by 2050, or around 12 per cent of NEM demand, while separate CEFC commissioned analysis points to operational capacity rising from about 0.3 GW in 2024 to as much as 2.2 to 3.2 GW by 2035. Those facilities are clustered around major cities, heavily dependent on local transmission and distribution networks, and exposed to the same heatwaves, fires and flooding that are becoming a defining feature of Australian climate risk.
The backbone of Australia’s international connectivity is also precisely the kind of undersea cable network that the report treats as a critical but under governed asset class. Submarine cables carry over 99 per cent of global internet traffic, yet there are only a few hundred of them worldwide and only a limited number of specialised repair vessels. Tonga’s experience in 2022, when the eruption cut its single international cable and left the country largely offline for around five weeks, has already spurred Australia and partners to finance a second cable and invest in better cable protection and repair arrangements. That reaction is a positive sign, but it is also an implicit admission that much of the region, including some Australian dependencies on particular corridors to Asia and North America, has been more vulnerable than policy makers preferred to acknowledge.
Space weather is another blind spot. Australia’s latitude offers some natural advantages compared to parts of North America or northern Europe to the ravages space weather can inflict, but the electricity grid relies on long transmission lines and a finite stock of high voltage transformers that can take twelve to eighteen months to replace, with limited global manufacturing capacity and no strategic international reserve noted in the report. The aviation, mining, logistics and precision agriculture sectors rely heavily on GNSS signals and precise timing. The report’s Carrington scenario is careful not to sensationalise. It simply walks through what would happen if GNSS accuracy degraded sharply, transformers failed in a travelling wave of blackouts, backup generators began to run down, and financial systems lost their timing reference for transaction ordering. The conclusion is not that civilisation collapses. It is that recovery is slow, uneven and deeply shaped by whether governments had treated this as a credible planning scenario beforehand.
The most confronting part of the report is its treatment of analogue skills and fallback. The authors note that across sectors there has been a quiet erosion of the ability to function without digital systems. Hospital staff who have only ever used electronic health records struggle to operate when those systems are unavailable. Bank branches without significant cash reserves cannot serve customers when payment systems fail. Administrators, clinicians and officials in the undersea cable scenario discover that operating on paper, radio and physical document transport is not simply a matter of flipping a switch because the skills, equipment and institutional memory have thinned out over time. The report sums this up bluntly. Most business continuity plans rest on an untested assumption that manual procedures can substitute for digital systems at scale. Under sustained disruption that assumption fails.
Australia’s own recent history contains smaller scale versions of the kind of systemic stress the report describes. The 2016 statewide blackout in South Australia, triggered by severe storms that brought down transmission towers and led to the loss of multiple generation sources and the Heywood interconnector, plunged Adelaide and the rest of the state into darkness. Power was restored to much of metropolitan Adelaide within several hours, but some regional areas such as Port Lincoln were without electricity for two days, and hospitals had to rely on backup generators, with at least one major facility experiencing generator problems that forced urgent contingency measures. The AEMO and Australian Energy Regulator inquiries into the event highlighted not only technical issues, such as wind farm fault ride through settings and interconnector protection schemes, but also governance and coordination challenges in how warnings were communicated, how load shedding was managed, and how emergency services coped with the loss of communications and traffic management systems.
More recently, the Far West of New South Wales, including Broken Hill and surrounding communities, experienced a major power outage in October 2024 when severe weather led to the collapse of seven transmission towers on the line supplying the region. With the town isolated from the main grid, local backup generators were meant to carry the load, but one unit was offline for maintenance and the other experienced multiple outages, leaving around 12,700 properties facing intermittent power loss over a fortnight. A review commissioned by the NSW Department of Climate Change, Energy, the Environment and Water found that the incident triggered a significant multi agency response effort and exposed systemic challenges in supporting remote and vulnerable communities during infrastructure failures, including limited local redundancy, constrained fuel logistics, and uneven communication with residents about restoration timelines. The Australian Energy Regulator has since launched proceedings against the network operator, alleging failures to maintain sufficient backup capability and highlighting the importance of network resilience for geographically isolated communities.
These blackouts did not produce the kind of cascading national scale failure imagined in the UN report, but they did expose the human, infrastructural and governance pressures that emerge quickly once power is lost beyond the design horizon. For residents and businesses in Broken Hill, the outage meant days of lost trade, food spoilage, health concerns in extreme conditions and a sense of abandonment as backup systems faltered and information remained patchy. For South Australians in 2016, the statewide loss of power disrupted communications, forced hospitals and aged care facilities into emergency modes, left traffic signals dark and petrol stations offline, and challenged emergency managers who suddenly had to operate without many of their habitual digital tools. After action reviews pointed to the need for better understanding of interdependencies between transmission networks, generation technologies, protection settings and emergency management protocols, as well as clearer decision making frameworks for prolonged outages rather than short disturbances.
In policy terms, these episodes are warnings from the lower slopes of the mountain described in When Digital Systems Fail. They show that even relatively contained blackouts quickly reveal how dependent modern communities have become on continuous electricity and digital connectivity, how thin local redundancies can be once infrastructure has been optimised for normal conditions, and how much stress falls on human operators, local leaders and communities when plans assume rapid restoration that does not eventuate. They also show that inquiries tend to focus on the last technical failure in the chain rather than on the broader pattern of systemic vulnerability.
Australia is certainly ahead of many states in recognising interdependence and treating critical infrastructure resilience as a strategic issue. The 2023 Critical Infrastructure Resilience Strategy and the associated Resilience Plan set out a national framework for anticipating, preventing, preparing for, responding to and recovering from all hazards affecting critical infrastructure, supported by an expanded Security of Critical Infrastructure Act and the work of the Cyber and Infrastructure Security Centre. Those documents talk about interdependencies, public private collaboration and joint exercises in ways that are recognisably aligned with the report’s impulses. The Broken Hill review and the South Australian blackout inquiries add further evidence that governments are beginning to think in terms of resilience rather than simple reliability, even if practice has not yet caught up.
Yet when read alongside When Digital Systems Fail these efforts also show the remaining gap. Much of current thinking still assumes that shocks are relatively short, bounded and singular. It is one storm, one cyber incident, one outage. The report asks policy makers to think instead in terms of weeks and months, and in terms of overlapping stressors. A heatwave that pushes data centres and grids to their limits. A fire that takes out key transmission lines and distribution assets. A coincident space weather event that degrades GNSS and timing. A cable failure that forces traffic onto already strained routes. None of these needs to be catastrophic on its own. It is their combination that pushes the system into the exponential failure regime the report describes.
It is worth sketching a distinctly Australian scenario to make this more tangible. Picture a late January week in the late 2020s. A persistent high pressure system settles over eastern Australia, driving temperatures in Western Sydney, regional New South Wales and southeast Queensland above forty degrees for multiple days. Air conditioning demand climbs, a number of generators derate or trip under thermal stress, and AEMO quietly reports that available capacity margins in the National Electricity Market are down to a few per cent on successive evenings. To protect assets, some distribution networks introduce short cyclic load shedding in industrial zones and commercial areas. Each event is within design parameters. No Minister stands up to declare a national emergency.
Unseen (and potentially unknown) by most, one of those zones contains a cluster of data centres that host cloud services used by health systems, a major retail payments platform and a state emergency alert system. The centres are operating at the edge of their cooling capacity. Backup generators are running longer than intended because fuel deliveries are slowed by the same heat driven logistics problems that appeared in the European heatwave scenario in the report. Several large hospital networks have migrated their bed management and ambulance dispatch systems to those cloud platforms over the previous few years. The decision made sense at the time. It consolidated costs and improved normal performance. Nobody thought to ask what would happen if that particular campus lost power and cooling for a day.
On the fourth day of the heatwave a coincidence of a distribution level micro outage and a chiller failure tips one of the campuses over the edge. The uninterruptible power system behaves like the one in the report’s terrestrial scenario. It continues to operate but does not fully protect all critical systems. Recovery takes tens of hours rather than minutes. During that window emergency services revert to telephone coordination. Response times start slipping by around a third in some corridors, echoing the report’s illustrative scenario. The payments platform that sits behind thousands of cafes, small retailers and service providers cannot settle transactions, and many businesses shut their doors in the middle of a heatwave not because of the temperature but because their terminals cannot talk to the cloud. To make things worse, the content and targeting engine for the state’s emergency alert system is hosted on the same infrastructure. When a new fire threat emerges on the urban fringe, authorities discover that while cell broadcast capacity exists, the system that orchestrates the message is unavailable.
The scenario becomes more serious when it is extended from accidental failure to malicious damage during a period of conflict. Australia’s 2026 National Defence Strategy warns that the country faces its most challenging strategic circumstances since the Second World War, with a deteriorating regional security environment and growing risks of coercion, sabotage and attacks on critical infrastructure in the event of crisis or conflict. Read against that strategic backdrop, the report’s account of hidden interdependencies takes on a more martial meaning. In wartime or in the coercive pre-conflict environment that the Defence Strategy is concerned with, an adversary would not need to destroy the whole system. It would only need to damage or disable selected nodes in power, fuel logistics, undersea connectivity, cloud hosting, satellite support or transport management to convert peacetime efficiency into wartime paralysis.
In such a setting, degradation, disruption and destruction would not merely inconvenience consumers or slow commerce. They would reach directly into the mechanics of force preparation and mobilisation. Australian force generation now depends on digitally coordinated logistics, just in time supply chains, civil transport networks, outsourced ICT services, satellite enabled navigation and timing, and a national energy system that is already under pressure in extreme weather. A conflict in the Indo-Pacific involving long range strikes, sabotage against ports, interference with subsea cables, cyber physical attacks on fuel systems, or disruption to GNSS and satellite communications would sharply reduce the ADF’s ability to move people, sustain bases, assemble ammunition stocks, prioritise transport, coordinate mobilisation notices, and integrate civilian infrastructure into military operations. The result would not necessarily be dramatic collapse. More likely it would be a grinding loss of tempo, visibility and confidence. Units would still exist on paper, but the nation’s capacity to marshal them, supply them and move them at speed would deteriorate just when speed mattered most.
That has a profound implication. National preparedness can no longer be understood only as civil resilience on one side and military readiness on the other. In a serious contingency the two are fused. A country that cannot keep payments moving, maintain hospital functionality, protect cable landings, prioritise fuel distribution, preserve emergency communications and run degraded transport networks is also a country that will struggle to mobilise armed force beyond the initial days of a crisis. The digital resilience agenda therefore sits much closer to defence policy than Australian public debate has usually admitted.
What would it mean to take this class of risk seriously in Australia. The first step is conceptual. Non-intentional digital failure, and conflict driven damage to the same enabling systems, need to be treated as primary hazards in national security and disaster frameworks rather than as subordinate categories under cyber or generic infrastructure risk. That means integrating these scenarios into national risk assessments, preparedness planning and mobilisation concepts.
The second step is to expose the hidden architecture of dependency. That requires systematic cross-sector mapping of which services rely on which data centres, cable corridors, GNSS services and cloud regions, and where genuine single points of failure exist. Without that, governments cannot know which local outage will quietly take down a hospital system, a payment platform, an alert channel or a logistics function that the armed forces may depend upon in crisis.
The third step is to design for duration and compounding events. Resilience standards for data centres, telecom nodes and cloud services that are judged critical need to reflect a world of multiday grid stress, constrained fuel resupply, physical sabotage and overlapping hazards rather than short interruptions alone. That should drive a richer program of joint exercises between operators, regulators, emergency services and national security agencies built around realistic compound scenarios of the sort the report encourages, including scenarios where adversarial action is layered on top of natural hazards.
The fourth step is cultural and perhaps the hardest. Australia needs to rediscover a degree of comfort with analogue fallback as a strategic capability. That does not mean romanticising paper forms and fax machines. It means identifying a small number of core functions where non digital modes must remain viable in extremis, and deliberately preserving the skills and systems to support them. It also means building a public and institutional narrative that treats degraded modes as evidence of prudent preparation rather than failure. A society that has lost the ability to operate without its preferred digital layer is a society that has also lost part of its capacity for national endurance.
The fifth step could see Australia take the opportunity to lead in the regional and global governance spaces where the report is most pessimistic. Investments in Pacific connectivity, including the second Tonga cable and new work on cable protection and resilience, line up well with its call for more deliberate cooperative management of undersea infrastructure. Relationships with allied space weather agencies and scientific institutions provide the ingredients for more systematic preparedness. The question is whether this report is used as motivation to build routines, protocols and habits of cooperation before the next major shock, or whether the country waits until a truly systemic failure forces improvisation under pressure.
A final, uncomfortable step sits underneath all of this: lifting strategic risk management out of a compliance mindset and into a genuinely systemic one. Business continuity plans need to stop treating assets and organisations as standalone boxes and start from a realistic understanding of how systems, sectors and jurisdictions fit together, including how shocks in one domain can spill into others in a polycrisis environment. That means mapping critical dependencies end to end, identifying where single points of systemic failure really sit, and stress testing plans against compound scenarios that combine natural hazards, technical faults and malicious action over weeks rather than hours. For governments, this implies setting clearer expectations, sharing better data and convening exercises that cut across portfolios and levels of government, rather than assuming markets will self-organise resilience. For companies and critical infrastructure owners and operators, it means treating resilience as a board level strategic issue, investing in redundancy and analogue fallback where it matters most, being honest about vulnerabilities, and engaging early with regulators and partners to close the gaps that no single actor can fix alone.
When Digital Systems Fail is ultimately less about technology than about governance and imagination. It asks whether policy makers can picture, in enough detail, the world in which key digital systems are not available, and whether decisions taken today will blunt the worst effects when that worst arrives. For a country like Australia, with a high level of digital dependence, exposure to climate extremes and a growing need to think seriously about national preparedness and mobilisation in a harsher strategic era, this is not a thought experiment. It is a planning prompt that deserves to be read as one of the more important new texts on resilience and preparedness to cross the desks of Australian governments and industry this year.