The nationwide disruption to Telstra’s mobile network this week will no doubt trigger the familiar cycle of investigations, regulatory scrutiny and calls for greater accountability. That is entirely appropriate. Australians expect reliable communications, especially when failures disrupt transport systems, electronic payments and even emergency calls.
Yet focusing solely on what went wrong inside Telstra risks missing the much bigger story.
The outage, reportedly linked to a software fault involving GPS timing systems within Telstra’s network, is another reminder that Australia’s telecommunications infrastructure has fundamentally changed. We are no longer dealing with the traditional telephone network that shaped telecommunications policy for most of the twentieth century. Today’s carriers operate vast, software-defined computer networks that happen to provide communications services.
That distinction matters.
For decades I have argued that telecommunications have evolved from being a commercial utility into a national asset. Broadband, mobile networks, cloud computing and data infrastructure now underpin almost every essential service: banking, healthcare, transport, emergency management, education, energy systems, logistics and government itself. When communications fail, large parts of society begin to falter.
The Telstra outage demonstrated exactly that. Rail services were disrupted, payment systems failed, businesses lost connectivity and hundreds of attempted Triple Zero calls required follow-up. This was no longer simply a telecommunications outage; it was an interruption to Australia’s digital economy.
Unfortunately, our policy framework has not kept pace with this transformation.
The emerging risks today are no longer primarily broken cables or failed switching equipment. Increasingly they stem from software defects, configuration errors, automation failures, cloud dependencies and, inevitably, human error. The global CrowdStrike software update in 2024 brought airlines, hospitals, banks and government agencies to a standstill. Australia’s Optus outage in 2025 resulted from failures within its core software network. Now Telstra appears to have experienced a software-related timing failure affecting critical network synchronisation.
These incidents are not isolated. They represent a new pattern. As communications networks become more software-driven, highly virtualised and centrally managed, failures can propagate much further and much faster than in the past.
Rather than asking how to punish the next operator after the next outage, perhaps Australia should begin asking a different question.
How do other countries design resilience into their telecommunications systems before failures occur?
Finland: resilience by design
If there is one country that has thought deeply about this question, it is Finland.
Given its geography, history and long border with Russia, Finland has spent decades developing what it calls its Comprehensive Security model. Rather than viewing telecommunications as simply another commercial sector, Finland regards digital communications as an integral part of national security, economic resilience and the continuity of government.
The philosophy is strikingly different from Australia’s.
Australia tends to ask: Did the carrier comply with the regulations? Should the regulator investigate? Should penalties be increased?
Finland asks a different question altogether: How can society continue functioning if communications are disrupted?
That shift in thinking changes everything.
Telecommunications operators are not left to manage resilience on their own. Government, regulators, defence organisations, emergency services, energy providers, financial institutions and telecommunications companies all participate in national resilience planning. Communications networks are treated as shared national infrastructure whose reliability affects every critical sector of society.
Regular national exercises test not just the telecommunications networks themselves, but also how government agencies, utilities and essential services respond when those networks fail. The emphasis is not on assigning blame afterwards but on identifying weaknesses before they become national crises.
Equally important is Finland’s concept of security of supply. The objective is not merely to restore communications as quickly as possible after an outage. It is to ensure that essential services continue operating even while parts of the communications infrastructure are degraded. Redundancy, geographic diversity, backup systems and alternative operating procedures are viewed as strategic national investments rather than optional commercial costs.
This is resilience by design rather than resilience by regulation.
Finland is not alone, although it offers perhaps the clearest model. Sweden has strengthened telecommunications resilience as part of its Total Defence strategy, integrating communications into civil defence planning and fostering close cooperation between government, industry and the military. Singapore imposes stringent resilience standards because telecommunications underpin its position as a global financial and digital hub. Japan, drawing on decades of experience with earthquakes and tsunamis, has invested heavily in geographically diverse fibre routes, extensive backup power and rapid network restoration. While each country has followed its own path, they share one important characteristic: telecommunications resilience is no longer viewed simply as an operational responsibility for carriers, but as a matter of national policy.
Australia, by contrast, still tends to respond to telecommunications failures through the traditional cycle of investigation, compliance, reporting obligations and penalties. These mechanisms are necessary, but they are not sufficient. They belong to an older regulatory mindset built around the telephone network, not the software-defined digital infrastructure on which the whole economy now depends.
What Australia needs is not simply tougher regulation after each outage, but a National Telecommunications Resilience Strategy.
Such a strategy should recognise telecommunications as critical national infrastructure alongside electricity, water and transport. It should bring together government, carriers, emergency services, energy providers, banks, transport operators, cloud providers and defence agencies in a coordinated national resilience framework. It should integrate resilience, security and digital sovereignty into infrastructure planning rather than leaving these issues largely to individual commercial operators.
The lesson from this week’s Telstra outage is therefore much broader than the failure of one company’s software. It is a reminder that Australia’s digital economy has become critically dependent on communications networks that are now as fundamental to national life as roads, ports and the electricity grid.
The next major outage should not simply prompt another regulatory investigation. It should prompt a national conversation about whether Australia’s telecommunications policy has kept pace with the realities of the digital age.
Finland suggests there is a better way.
Paul Budde
