Resilience is a popular policy buzzword, but those of us who have designed, built and operated truly resilient digital infrastructure know that we need more than just slogans. I last wrote about network resilience in November, pointing to the need for proactive planning and coordination across all branches of government.
A recent white paper by Georg Serentschy [pdf, 500KB] extends the description of the coordination problem. Networks, data centres, cloud platforms, subsea cables, satellites, and the software layers that bind them together form a single, interdependent system whose resilience determines economic stability, national security, and social continuity.
The global risk environment is intensifying. Climate‑driven disasters, cyberattacks, supply‑chain fragility, and geopolitical events are converging in ways that expose the weaknesses of siloed regulatory models. Canada has already experienced climate‑related outages, ransomware incidents, software failures, and supply‑chain constraints, yet its policy frameworks still treat telecom, cloud, and critical infrastructure as separate domains. The Serentschy paper argues for a systemic approach: resilience must be engineered across the entire lifecycle of digital infrastructure, from design and investment to operation and recovery.
Internationally, regulation is moving toward risk‑based, proportional frameworks such as NIS2 and CER directives in the EU, or sector specific frameworks in the US, such as NIST CSF. These models expand the definition of critical infrastructure, require structured risk assessments, and impose clear reporting and mitigation obligations. Canada currently has no equivalent, and the gap is becoming more visible as digital interdependencies deepen.
Geopolitics is reshaping connectivity at a pace Canada cannot ignore. The EU is pursuing digital sovereignty and industrial autonomy. Hyperscalers and LEO satellite operators have become geopolitical actors in their own right, influencing routing, redundancy, and chokepoints. For a country relying heavily on foreign cloud providers and satellite systems — especially in the North — this creates strategic dependencies that require deliberate policy choices.
The paper’s treatment of digital sovereignty is particularly relevant for Canada. Sovereignty is not autarky; it is controlled interdependence. It means reducing critical dependencies, maintaining regulatory autonomy, and building trusted partnerships while still benefiting from global collaboration. Canada has begun moving in this direction, but without a coherent national doctrine, decisions appear to be reactive and fragmented.
Serentschy stresses the need for measurement, a theme frequently discussed in a number of recent Ivey workshops. Resilience cannot be managed without metrics, yet Canada lacks standardized indicators for restoration times, route diversity, supplier concentration, or dependency on foreign cloud infrastructure. As Serentschy posits, “To be governable, resilience must be measurable.”
The white paper ultimately calls for a shift from resilience rhetoric to resilience engineering. For Canada, we need to understand what that means. Do we have the right regulatory, policy and inter-departmental government frameworks? Are we examining the need for public‑private collaboration? Should we be integrating climate adaptation into network planning? Is digital infrastructure to be treated as a unified ecosystem or a collection of sectors?
Is there an opportunity to learn from the EU and US before the next major outage or geopolitical shock forces action? Digital infrastructure is a strategic asset. To increase the resilience of Canada’s digital infrastructure, all branches of government will need to be involved.