Risk arrives in many forms. From cyberattacks to malign activities carried out by state actors, from power outages to threats to physical assets such as subsea cables and satellites, it is an everyday concern for all those who provide ubiquitous and essential services.
Risk and resilience go hand-in-hand and, naturally, both feature heavily in Prospect’s latest programme of events examining how the UK can strengthen its critical systems in the face of rising environmental, geopolitical, technological, and social pressures. The fourth event in the series—convened in partnership with BT Group—was devoted to the defence of digital infrastructure and at its heart was a central question: how can the UK secure vital digital systems underpinned by fixed, mobile and satellite networks against threats posed by disruption?
It is a question that encouraged attendees to explore the nature of resilience—how to define it, how to apply it and how to measure it. In short, resilience is not an absolute. It’s about a series of difficult choices and trade-offs. It is -unrealistic, after all, to expect any industry to be entirely free of risk. This, in turn, demands that recovery, back up and restoration planning takes centre stage. And it demands honest conversations about how best to balance risk, resilience and investment.
Communications represent one of 13 sectors categorised as critical national infrastructure, but just one of three that operates in a commercial environment (the other two are food and chemicals). As one speaker put it, when there is 50p in the pound to invest in hardware and 50p to invest in services, it doesn’t leave much to spend elsewhere.
Resilience is sometimes framed as investing ever more heavily in networks to minimise the likelihood and impact of outages. But if in pursuit of near-perfection bills go up by £15 or £20 a month, does that continue to be a sensible or sustainable investment? “There’s not a lot of money swirling around this industry anymore,” one contributor noted, while another observed: “Customers are not paying for a contract based on being the most resilient. They’re interested in price and service coverage.”
So, what is an acceptable level of resilience? In a crisis, for example, should we expect people to be able to make a - 999 call, receive emergency alerts, or surf the internet? Equally, how long should restoration take after a storm? The ability to spend and the trade-offs required will inevitably inform the answers to these questions.
Away from talk of investment, speakers were quick to acknowledge the interdependencies that exist between communications and energy networks. Not only are the former reliant on the latter—“We can absolutely guarantee,” observed one speaker, “if the power grid went down, no telecoms service would work for very long”—the latter are increasingly using sophisticated comms to enhance their own operations.
The power outage that hit Spain and Portugal in April 2025 left homes, businesses and essential services without power for up to 19 hours, many relying on back-up supplies. It was “a really important moment” for those looking for lessons in power resilience. Notably it brought home the possibility of disruption on a national scale.
The UK needs to prepare for—and mitigate against the effects of—the next crisis rather than preparing for the last one
For those running digital infrastructure, restoration is a key objective and more than one participant floated the idea of prioritising communications in the event of a power outage. Current regulation doesn’t allow for such prioritisation—a position described as running counter to addressing the “real risks” posed by power failure. Others offered an opposing view, arguing that granting primacy in one area would have a detrimental effect on other vital services. “Schools, hospitals and transport… would fall to the back of the queue.”
Nevertheless, insiders urged the -creation of a “dynamic” relationship between communications and power. The government’s energy resilience strategy, due to be published at the end of 2027, provides an opportunity to influence debate and help enshrine improved co-ordination between the two.
Meanwhile, the UK Telecommunications Security Act is focusing minds. Enacted in 2022, the legislation mandates that public telecom providers build, maintain and strengthen the security and resilience of their networks. It also moves legislation away from a -compliance-only approach to a framework intended to foster best practice. As such, said one speaker, it demands a “mindset shift”. Another agreed and made the case for “security-by-design”, both cheaper and more effective in the long term than a reactive approach where security is retro-fitted. “If you have security in the DNA of an organisation, it’s not an afterthought.”
One of the consequences of on-going geopolitical tensions is increasing vulnerability to the activities of malign state actors. A means of countering this threat, argued some, is to exercise greater control over digital infrastructure, data and technology. The pursuit of sovereignty is not new and has previously resulted in the exclusion of Chinese-built technology from UK networks, for example.
While some called for sovereign-first infrastructure, others questioned the practicalities of creating a network built along national lines. One industry insider cited, for example, the key role Finland’s Nokia and Sweden’s Ericsson play in UK mobile networks, while another -acknowledged the importance of Silicon Valley technology. “National sovereignty is a slightly outdated idea in our incredibly interconnected world.” Rather than excluding global technology providers it’s better, argued another voice, to “deter people from interfering with digital infrastructure” in the first place.
During the course of the 90-minute roundtable discussion, a range of solutions and suggestions emerged. Many reflected a need to prepare for—and mitigate against the effects of—the next crisis rather than preparing for the last one. Among the ideas floated, attendees made the case for a “focused investment plan across the UK” to address the needs of all critical infrastructure, from communications to power and beyond.
One of the fastest ways to embed good practice, offered another voice, is to learn from prior mistakes. A speaker with detailed knowledge of one high-profile cyberattack, noted how an understandable decision to shut down part of the organisation’s network proved commercially damaging. Why? Because it exposed poorly planned restoration efforts, which led to excessive delays.
Elsewhere, attendees—fearful of the consequence of subsea cable sabotage “around our small island”—advocated for dedicated naval defenders with the necessary engineering skills. Another voice cautioned against “catastrophising” the dangers of mass underwater sabotage.
Returning to the theme of collaboration, there was a final call for a consistent and concerted approach to resilience planning that “will cut across all critical national infrastructure”. The call reflects the difficult choices that need to be made given the volume of challenges faced. By seeking commonality—and overlaying it with sector-specific measures—there’s an opportunity to bring clarity and cohesion to infrastructure defence. And an opportunity to reduce risk at scale.
Defending Digital Infrastructure, part of the Prospect Resilience Series and jointly hosted by BT Group, took place on Tuesday 10th March 2026. The conversation was conducted under the Chatham House rule
