Australians’ reliance on digital services in focus after port, phone network and banking disruptions

First, Optus’ mobile network goes down for 14 hours in a nationwide outage.

Days later, DP World is hacked and its port operations are paralyzed for days, causing shipping containers to pile up.

Weeks after that, Westpac customers were unable to view or access their online accounts for 9 hours following a failed software update.

These outages to Australia’s major infrastructure and service providers, all occurring in the last month, have at best inconvenienced millions and at worst created life-threatening situations, with some Optus customers reporting being unable to dial triple-0.

It was enough to highlight Australians’ dependence on digital services.

A Senate inquiry into the Optus disruption asks how, as a society, we can ensure reliable access to essential services.

But why do we have these cuts in the first place? Is it simply the cost of living in the digital age?

Systems will fall

“In general, we’ve done telecommunications so well that as a society we’ve come to expect that you can walk into any store and pay with your phone,” says Narelle Clark, chief executive of the Internet Association of Australia.

“Actually, these things can go down periodically.”

There is no silver bullet: in a hyperconnected world, the services we depend on will occasionally fail.

How we approach that reality, he says, comes down to a “cost equation and a risk equation.”

Narelle Clark is the CEO of the Internet Association of Australia.(Supplied: Narelle Clark)

“We will incur higher costs to provide services with that level of reliability, if that is what we really want as a society.”

This raises difficult questions about what we can’t live without and who is responsible for ensuring the infrastructure needed to provide it is up to the task.

We have an act for that.

For the most critical infrastructure, such as supply chains and communication networks, the government has a role to play in their resilience.

To facilitate this, he legislated the Security of Critical Infrastructure (SOCI) Act.

The SOCI Act allows the government to conduct critical infrastructure risk assessments and issue instructions to operators to address national security risks.

Critical infrastructure includes “physical facilities, supply chains, information technologies, and communication networks.”(Pexels.com)

However, in 2021, the federal auditor general considered that the Department of the Interior’s management of the program lacked.

“(Home Affairs) does not have a system in place to monitor compliance activity related to existing critical infrastructure,” he wrote.

“Department records identify that compliance activities were completed for only one category (of five). The process was not completed for all assets.”

A case study included in the report found that Internal Affairs had failed to follow up with telecommunications operators who had not engaged with the department.

This was said to be “due to resource constraints and other high priority tasks at the time.”

Narelle Clark echoes these criticisms. She is the chief executive of the Internet Association of Australia, which operates internet exchanges subject to the SOCI Act.

“Our concern with SOCIs is that they impose an enormous regulatory burden with very little profitability,” he says.

“We have a huge amount of paperwork to do that actually distracts us from the real work of protecting our systems and infrastructure.”

Following the Optus and Medibank cyber attacks in 2022, Cyber ​​Security Minister Clare O’Neill outlined reforms to the SOCI Act to increase the government’s ability to intervene during cyber attacks.

When DP World, Australia’s second largest port operator, was hit by a cyber attack last month, Home Affairs confirmed the four affected ports were covered by the SOCI Act.

Despite evidence suggesting poor cybersecurity hygiene at DP World, Home Affairs did not provide any information on how SOCI would be used to create liability for the incident.

The technical details surrounding security incidents are often too sensitive to reveal to the public.

A Home Affairs spokesperson says the government “has been working closely with industry to develop effective rules to protect Australia’s critical infrastructure.”

Looking for alternatives

While the recent blackouts had disparate causes, the link between them is the lack of resilience they discovered.

Resilience is more than just security. It’s also about distributing the load, removing obstacles and having redundancies.

Before the shift to digital communications, people caught in emergencies could rely on two-way radios.

Before the shift to online banking and digital wallets, people carried cash. Others would suggest that cryptocurrencies are the solution to single points of failure.

Ultimately, all of these technologies can play a role.

In the United Kingdom, the government has set minimum expectations banks to “protect services for people and businesses who wish to withdraw or deposit cash.”

New York City has mandated that all brick-and-mortar retailers accept cash.

However, the same is not true in Australia, as many stores only accept card payments.

Cash Welcome, an affiliate of the ATM industry association, made a submission to the Senate inquiry into the Optus discontinuation recommending these requirements be implemented in Australia.

“The digitization of the economy will likely lead to more days where outages prevent Australians from carrying out financial transactions,” wrote Cash Welcome campaign coordinator Jason Bryce.

“The cash system is an essential national economic infrastructure that cannot be dismantled and then reactivated when necessary.”