Search Results for: resilience

Resilience is a popular policy buzzword, but those of us who have designed, built and operated truly resilient digital infrastructure know that we need more than just slogans. I last wrote about network resilience in November, pointing to the need for proactive planning and coordination across all branches of government.

A recent white paper by Georg Serentschy [pdf, 500KB] extends the description of the coordination problem. Networks, data centres, cloud platforms, subsea cables, satellites, and the software layers that bind them together form a single, interdependent system whose resilience determines economic stability, national security, and social continuity.

The global risk environment is intensifying. Climate‑driven disasters, cyberattacks, supply‑chain fragility, and geopolitical events are converging in ways that expose the weaknesses of siloed regulatory models. Canada has already experienced climate‑related outages, ransomware incidents, software failures, and supply‑chain constraints, yet its policy frameworks still treat telecom, cloud, and critical infrastructure as separate domains. The Serentschy paper argues for a systemic approach: resilience must be engineered across the entire lifecycle of digital infrastructure, from design and investment to operation and recovery.

Internationally, regulation is moving toward risk‑based, proportional frameworks such as NIS2 and CER directives in the EU, or sector specific frameworks in the US, such as NIST CSF. These models expand the definition of critical infrastructure, require structured risk assessments, and impose clear reporting and mitigation obligations. Canada currently has no equivalent, and the gap is becoming more visible as digital interdependencies deepen.

Geopolitics is reshaping connectivity at a pace Canada cannot ignore. The EU is pursuing digital sovereignty and industrial autonomy. Hyperscalers and LEO satellite operators have become geopolitical actors in their own right, influencing routing, redundancy, and chokepoints. For a country relying heavily on foreign cloud providers and satellite systems — especially in the North — this creates strategic dependencies that require deliberate policy choices.

The paper’s treatment of digital sovereignty is particularly relevant for Canada. Sovereignty is not autarky; it is controlled interdependence. It means reducing critical dependencies, maintaining regulatory autonomy, and building trusted partnerships while still benefiting from global collaboration. Canada has begun moving in this direction, but without a coherent national doctrine, decisions appear to be reactive and fragmented.

Serentschy stresses the need for measurement, a theme frequently discussed in a number of recent Ivey workshops. Resilience cannot be managed without metrics, yet Canada lacks standardized indicators for restoration times, route diversity, supplier concentration, or dependency on foreign cloud infrastructure. As Serentschy posits, “To be governable, resilience must be measurable.”

The white paper ultimately calls for a shift from resilience rhetoric to resilience engineering. For Canada, we need to understand what that means. Do we have the right regulatory, policy and inter-departmental government frameworks? Are we examining the need for public‑private collaboration? Should we be integrating climate adaptation into network planning? Is digital infrastructure to be treated as a unified ecosystem or a collection of sectors?

Is there an opportunity to learn from the EU and US before the next major outage or geopolitical shock forces action? Digital infrastructure is a strategic asset. To increase the resilience of Canada’s digital infrastructure, all branches of government will need to be involved.

An article in Telecommunications Policy got me thinking more about how regulatory authorities should deal with network resilience in a competitive marketplace.

The paper notes that facilities-based competition, such as that promoted in Canada, fosters improved resilience, with “multiple independent networks operated by ILECs, cable providers, and wireless operators, creating a dense and diverse infrastructure.”

But the paper includes a warning.

However, the resilience benefits of competition can be undermined by poorly designed regulatory policies. Spectrum allocation without deployment requirements or mandated roaming and MVNO access without infrastructure obligations may reduce incentives for operators to build and maintain independent networks. In Canada, such policies risk concentrating traffic on fewer networks, thereby increasing systemic vulnerabilities. Policymakers must ensure that regulatory frameworks support infrastructure diversity and investment while maintaining competition.

The paper also noted that “market forces often fall short in two key contexts: remote and rural areas and regions requiring systematically hardened networks”.

In remote and rural areas, the low population density and high costs of deployment—such as building towers, transport infrastructure, and power generation—make it economically unviable to serve customers with even a single network, let alone multiple redundant networks or hardened infrastructure. Similarly, in regions facing extreme environmental risks, such as areas prone to wildfires, flooding, or hurricanes, the economic incentive to invest in layers of duplication and advanced hardening is often insufficient without external support.

Two months ago, I wrote that it is important to recognize that all networks will fail. Improving network resilience helps ameliorate the situation when a failure condition exists.

Increasingly complex network architectures, coupled with more extreme environmental conditions, will lead to the potential for more network failure events, with even greater impact.

How do service providers build more resilient networks? How does the industry collectively create a more resilient national infrastructure? What is the role of government regulatory authorities, policy makers, and emergency preparedness organizations?

Let’s look at how the CRTC, Canada’s telecommunications regulator, is dealing with resilience and survivability. The Commission’s approach appears to be largely reactive, emphasizing post-event reporting and compensation.

In early September, the CRTC issued a Decision requiring “Mandatory notification and reporting of major telecommunications service outages”. In the eyes of the regulator, “This decision will help improve coordination whenever a major outage happens by requiring TSPs to notify the Commission and other government authorities within specific timeframes. These notifications will help ensure that relevant authorities are aware of outages so that they can help manage them and their impact on Canadians.”

Personally, I’m not convinced there will be any meaningful help managing outages coming from the relevant authorities.

On that same date, the CRTC launched two additional public consultations:

1. “Development of a regulatory policy on measures to improve the resiliency of telecommunications networks and the reliability of telecommunications services” [TNC CRTC 2025-226]; and
2. “Consumer protections in the event of a service outage or disruption” [TNC CRTC 2025-227].

The latter is effectively examining what kinds of communications from service providers should be mandated during service disruptions and what kinds of refunds will be required. Initial comments were due a couple weeks ago. The reply phase closes December 15. Frankly, in my view, if the market is sufficiently competitive for the CRTC to forbear from price regulation, then we should ask why the CRTC is wading in on consumer refunds and communications.

I am more interested in the former, TNC CRTC 2025-226 which has initial comments due December 3 and replies due at a date still to be determined. It is a far more complex proceeding.

In this consultation, the Commission is developing a regulatory policy on measures that TSPs should take to help improve the resiliency of telecommunications networks and the reliability of telecommunications services. The Commission is gathering views on (i) what principles should guide the development and implementation of the regulatory policy, (ii) how TSPs should design and operate their networks to help make them more resilient, and (iii) how the regulatory policy can help support the safety of Canadians in all regions of the country, including rural, remote, and Indigenous communities.

Two and a half years ago, I wrote about a report issued by the Canadian Security Telecommunications Advisory Committee (CSTAC). That report [pdf, 474KB] is referenced in the CRTC’s Notice of Consultation. Notably, the CSTAC report says “recommendations contained in this document are neither directive nor mandatory”. That is why I get concerned when I read the CRTC consultation repeatedly asking “Which of these measures should be mandatory, and which should be considered best practices?”

The CSTAC report included more than 100 detailed recommendations to improve network resilience for telecom services providers to implement “to the extent commercially, operationally, technically and physically practicable”, and there were 9 specific requests from government.

As I have frequently observed, even with all the best preparations in the world, networks will still occasionally go down.

As the CRTC continues its examination of ways to improve network resilience, it should explore how the Commission can contribute to the proactive planning and coordination across all branches of government, including the identification of funding required in rural and remote areas where redundant facilities simply don’t exist.

Through the years, I have written a number of posts about improving network resilience. About a dozen years ago, I wrote “Cradling your eggs”, writing about me telling the Canadian president of Digital Equipment Corporation that his CIO should be fired for placing 100% of their corporate communications in the hands of the company I then worked for. “It doesn’t matter how good we are, networks can fail. When that happens, do you really want all your eggs in one basket?”

That story came to mind when I was reading a news story about the US Secret Service dismantling a hidden telecom network that had the potential to jam cellular networks, 911 emergency response centres and overwhelm networks with 100,000 simultaneous calls. The system consisted of more than 300 servers loaded with over 100,000 SIM cards, located in New York, with many of the world’s leaders participating in this week’s United Nations General Assembly.

What would have happened if emergency communications were disrupted coincident to a threat or actual disaster condition?

It got me thinking about what options would exist had the rogue network become operational. My daughter reminded me that “All good dystopian novels involve using dead technology to save the day.” Improving network resilience through old-school CB radio? Would the fax machine prove to be the real hero?

I have been an advocate of embedding the public safety broadband network within the public network, leveraging the scale and scope made possible by billions of dollars in annual investments by the private networks.

Still, in the face of all potential threats, resilience needs to be a factor when examining the architecture of networks, including planning for complete system outages.

A dozen years ago, I wrote “reliability and overall capacity can be enhanced through interoperability with commercial networks.” It is also important to recognize that all networks will fail. So, as I wrote before, “carrier diversity provides improved reliability.” Colloquially, don’t put all your eggs in one basket.

How should public and private sector stakeholders respond to threats to the resilience and security of digital infrastructure?

That is the subject of a white paper released last month by Dr. Georg Serentschy, the former head of the Austrian telecom regulator and past chair of BEREC (Body of European Regulators for Electronic Communication). Recall that building resilience in telecommunications was the subject of a workshop a few weeks ago; Dr. Serentschy discussed the paper. In my recent post, I included links to a number of other articles on network resilience.

Among the highlights are a call for public-private partnership between governments and the private sector. “The highly complex and ever-changing threat landscape can only be tackled in cooperation between the private sector and governments and, beyond that, with international cooperation”. Governments are not able to address these challenges alone. Keep in mind, digital networks and infrastructure are generally private sector assets. However, since these assets are seen as strategic, what is the appropriate level of government involvement to ensure critical infrastructure is secured?

Sixteen months ago, Canada’s telecom regulator launched a consultation calling for comments on “Development of a regulatory framework to improve network reliability and resiliency”. The consultation was focused on notification and reporting requirements in respect of major telecommunications service outages. The file closed 15 months ago, but no determination has been released. In the meantime, the CRTC established interim reporting requirements.

In the February 2023 Notice, the Commission promised a broader consultation:

As its next step, the Commission will initiate a public proceeding to address network reliability and resiliency in broader terms, including issues relating to resiliency principles, emergency services (9-1-1), public alerting, consumer communication, the impact of outages on the accessibility of telecommunications services, consumer compensation, technical measures, and the imposition of administrative monetary penalties.

Such a consultation has not yet been launched. The CRTC’s departmental workplan is indicating a much less ambitious next step. “The CRTC will continue its work to enhance the resilience and reliability of telecommunications networks across the country. This includes continuing to examine requirements for reporting major service outages and future consultations on consumer communication and compensation requirements.”

Yesterday, Sammy Hudes of Canadian Press wrote a related story, “Canadian telecoms work on strengthening networks amid growing wildfire activity”. The article noted “It’s an issue that Canada’s telecommunications regulator is keenly aware of. Two consultations touching on that topic — one considering ways to improve telecom services in the Far North and another on how providers should report and notify customers of major service outages — remain in progress.”

It isn’t clear that the CRTC’s current focus on consumer communications and compensation is the best approach to develop a greater degree of resilience and security in Canada’s digital infrastructure. The work plan does not seem to include addressing “network reliability and resiliency in broader terms”, as promised in last year’s consultation.

To be fair, 6 paragraphs, representing almost 15% of that Notice of Consultation pointed to other government organizations that have roles to play. The agencies and committees are at federal, provincial, territorial and municipal levels. It also mentioned CSTAC, the Canadian Security Telecommunications Advisory Committee, as a voluntary working group that provides a forum for federal government and industry stakeholders to analyze, develop, and implement measures to protect critical telecommunications infrastructure.

The Serentschy white paper warns “regulatory authorities in most cases do not have a mandate to develop or apply a holistic view and break out of their vertical silos.” The paper suggests that policy makers may need to “give regulators a new and expanded mandate.” Dr. Serentschy suggests that increased network element redundancy, and reducing single points of failure can be at odds with other regulatory measures.

There are 10 recommendations in the white paper. Recommendation 10 calls for institutional reform, calling for the establishment of a central coordinating body as “an important step towards overcoming the usual historically fragmented governance structures.” According to Dr. Serentschy, “governments cannot tackle these challenges alone, nor can industry.” Therefore, he calls for a central coordinating, advisory and decision making body, empowered to reassess regulatory priorities, including competition policy, where necessary.

The subject of increased network resilience in a time of climate emergencies was raised on May 21 in the House of Commons:

How do we ensure digital infrastructure security and resilience are priorities for regulatory and policy determinations?

Is a more holistic approach to governance needed to improve cooperation and planning between government and the private sector? In a competitive telecom environment, how do we fund the needed network reinforcement in areas of challenging geographic and demographic characteristics?

Building resilience in telecommunications in Canada and Beyond. That is the topic for a workshop taking place in downtown Toronto on the afternoon of May 14, 2024. The event is hosted by the Ivey Business School.

Over the past couple of years, I have written about network resilience a few times:

• Reliable and resilient networks (January 23, 2024)
  I observed that weather-related service disruptions will likely be a bigger factor in coming years. In a competitive environment, I asked what is the role of regulators in setting standards or objectives for reliable and resilient networks?
• Network resilience (April 14, 2023)
  This post looked at the report released by The Canadian Security Telecommunications Advisory Committee (CSTAC), aimed at improving network resilience and reliability.
• Time to rethink resilience (October 11, 2022)
  While it is impossible for businesses to prepare for all potential disruptive events, mitigation strategies can dampen potential damages.

Network resilience was incorporated in the 2023 Policy Direction to the CRTC. The Canadian government oversaw the creation of a multilateral memorandum of understanding for mutual assistance in the Fall of 2022. The CRTC has not yet released its final determinations in its “Development of a regulatory framework to improve network reliability and resiliency – Mandatory notification and reporting about major telecommunications service outages”, launched a year ago. Regional governments have increasingly been concerned with the Emergency Management and Climate Readiness. Canadian consumer groups have raised concerns about network outages, prompting responses from both government and industry. The industry is investing heavily for resilience in wired infrastructure and wireless networks, including satellite.

In the Canadian context, discussions include examining the roles of government funding mechanisms, outage reporting, network access, and the role of layered and competing infrastructures. Internationally, both geopolitical and domestic concerns have brought resilience to the highest concerns among Canada’s main trading partners and allies. New initiatives are underway in the United States, the European Union, and South Korea, among others.

This workshop aims to explore policy, regulation, business strategy and institutional frameworks for an increasingly resilient Canada – in a world where threats to resilience (climate events, cyberattacks, war) surge forth without regard to national borders or government mandates, with digital ecosystems of international reach. Speakers from Canadian government, industry and consumer organizations will join with international experts for an engaging debate and important announcements. New initiatives, frameworks and concepts will be explored by an inquisitive debate and presentations.

Speakers from Canadian government, industry and consumer organizations will join with international experts for an engaging debate and important announcements. New initiatives, frameworks and concepts will be explored by an inquisitive debate and presentations.

Confirmed speakers include:

• Andre Arbour, Director General, Telecommunications and Internet Policy, ISED
• Erik Bohlin, Professor, Ivey Business School, and Ivey Chair in Telecommunication Economics, Policy and Regulation
• Seongcheol Kim, Professor, Korea University
• Phil Moore, VP, TELUS
• Romel Mostafa, Director, Lawrence National Centre for Policy and Management, Ivey Business School
• Eli Noam, Professor, Columbia University
• Jieun Park, Korea Institute of Science and Technology
• Adam Scott, Vice Chair, CRTC
• Georg Serentschy, Serentschy Advisory Services

This workshop, Building Resilience in Telecommunications – In Canada and Beyond, is funded in part by the Ivey Chair in Telecommunication Economics, Policy and Regulation, as well as the Lawrence National Centre for Policy and Management at the Ivey Business School. Registration includes lunch, all sessions, and a cocktail reception to wrap up the day. It all takes place at Ivey’s Donald K. Johnson Centre in the Exchange Tower at 130 King Street West in the heart of Toronto’s financial district.

The full agenda [pdf, 660KB] and registration information are available on the event website.