Digicel Pacific Takeover Talks Bring Critical Infrastructure Into Focus


Transform Security 5 min

 

Summary

Recent news about the possible acquisition of Digicel Pacific and the increasing risk of State-sponsored threats brings the importance of critical regional infrastructure into sharp focus. This highlights the urgency for supply chain resilience.

 

Event Facts

On 19 July 2021, Telstra confirmed in a statement to the Australian Stock Exchange that it was: “approached by the Australian government to provide technical advice in relation to Digicel Pacific.” According to Telstra, the talks are incomplete.

Headquartered in Papua New Guinea (PNG), Digicel Pacific provides mobile services in six South Pacific markets. Market interest in their operations first emerged when parent company Digicel filed for bankruptcy in May 2020.

 

Analysis

 

Government and investor pressure is creating a pinch point

Digicel Pacific offers 3G and 4G services in five tourism-reliant countries, in addition to its home market. Operating in PNG, Fiji, Nauru, Samoa, Tonga, and Vanuatu, the company’s services help overcome local connectivity issues. Data gathered by the World Bank in 2017 illustrates the connectivity challenge:

  • Only 62% of people in Nauru can consistently access the internet, followed by 49% of Fijians, 41% of people in Tonga, 34% of Samoans, and 26% of Vanuatu residents.
  • By comparison, 87% of Australians enjoy consistent access to the internet, as do 84% of people in Malaysia, 89% of Singaporean residents, and 91% of New Zealanders.

Digicel Pacific’s telecommunications infrastructure supplements the Coral Sea Cable System, which connects Sydney, Port Moresby in PNG, and Honiara in the Solomon Islands.

When parent company Digicel filed for bankruptcy to restructure its debts, it created an opportunity for market participants, private equity businesses, and governments to access this critical regional infrastructure. However, when the company’s talks with a Sydney-based private equity company failed over price, the Australian government sought to enact its cyber resilience initiatives detailed in the Budget papers handed down in May 2021.

 

Technical and regulatory complexity impacts Telstra’s diversification efforts

Already focused on the restructuring it announced in November 2020, Telstra is taking care to assure investors of its long-range thinking.

On 21 July 2021, Telstra Chairman John Mullen stated: “Telstra will not be making any investment that does not make sense for its shareholders. If something comes of this, it will be because we can meet government expectations and financial returns for the company.”

If Telstra were to acquire Digicel Pacific’s ageing infrastructure, it would introduce new regulatory complexity when it is attempting to segregate its services and infrastructure businesses. Telstra’s proposal to restructure (announced in November 2020 and updated on 22 March 2021) aims to separate the company into:

  • fixed infrastructure to own and operate its legacy telecommunications backbone
  • mobile towers to continue the growth of its cellular connectivity business
  • services designed to create innovative solutions for consumers and companies.

Acquiring Digicel Pacific would mean additional layers of scrutiny and compliance burden from multi-national regulators when the provider is diversifying its managed services offering, Telstra Purple. Instead of accelerating efforts to shed wholesale legacy, an acquisition of this nature could add unwanted bulk.

These regulatory pressures and technical complexities are arising in the context of the Federal government’s renewed focus on national cyber resilience.

New risks require private and public partnerships to build resilience

ADAPT’s CISO Edge Survey from November 2020 illustrates that Australian companies are dealing with an increasingly brittle third-party ecosystem. According to ADAPT:

  • 55% of companies are concerned with the risk of State-sponsored cyberwarfare
  • 55% will devote higher focus and funding to security, compliance, and governance
  • 37% plan significant upgrades to cybersecurity architecture, with 13% completely overhauling defences to cope with the new dangers of a pandemic-disrupted world.

The Australian Federal government announced several cyber resilience initiatives in the 2021 Budget. In addition to the $1.7bn already set aside in 2020 for Australia’s Cyber Security Strategy, the Budget included a critical focus to building the national cyber resilience:

  • an additional $42.4m for the Cyber Security Strategy
  • $31.7m to assure the security, safety, and trust of 5G and 6G networks
  • $16.4m to develop a National Data Security Action plan
  • $107m to examine and overcome supply chain vulnerabilities.

Providing funding and focus necessary to secure access to essential goods for Australians and guarantee supply in the event of future systemic shocks is critical. Government further details its ambitions to build supply chain resilience through its digital trade agreements, international rule setting, and the Services Exports Action Plan.

However, the potential impact of a significant cybersecurity incident illustrates the need to do more. As a nationwide incident could cost $30bn and 163,000 jobs, every part of the government, business, and academia have a role to play in strengthening Australia’s cyber readiness and resilience.

It is incumbent on telecoms market infrastructure providers, critical supply chain participants, security agencies, researchers in public policy, and government departments to effectively partner to build Australia’s digital perimeter.

ADAPT Recommendations

Digicel Pacific operates critical mobile infrastructure allowing citizens in the South Pacific to access the connectivity services that people in developed countries take for granted. The potential acquisition of these assets implies a critical threat to regional telecoms infrastructure, but a corporate action involving Telstra is far from certain.

Outcomes of uplifting business resiliency to cope with external shocks

  • external shocks to critical infrastructure can impair or completely cripple your business, addressing systemic vulnerabilities is an economic imperative
  • expanding threat vectors require new partnerships: improved engagement between the private and public sectors can build cyber resilience
  • overreliance on too few connectivity providers leads to latency, risk, and disruption; partnering through inter-governmental alliances can address systemic fragility
  • adopting an adaptive resilience framework can enable companies to react, stabilise, and scale operations through impairments that are neither time- nor location-bound.

Actions to protect critical regional infrastructure

  • build on the Federal Supply Chain Resilience Initiative with leadership in regional partnerships such as the Five Eyes Alliance, ASEAN, and the Pacific Islands Forum
  • involve a consortium of providers to give expression to the Pacific Step-up policy and implement technical guidance for critical telecom infrastructure resilience
  • consider engaging with sovereign cloud providers in addition to cloud majors’ regional presence to develop additional failover capacity
  • leverage the capabilities of providers in New Zealand, Singapore, Malaysia, and Indonesia to build supply chain resilience against future external shocks
  • adopt extreme scenario planning to define and distribute responsibility across the telecoms and cloud provider ecosystem to stay ahead of ongoing disruption
  • inspect the infrastructure resilience, cyber readiness, policy alignment, and strategic awareness of your critical suppliers and be ready to act decisively.

Related Research

Access these ADAPT resources to contextualise the supply chain resilience imperative highlighted by recent news involving Telstra and Digicel Pacific:

Contact ADAPT by either emailing research@adapt.com.au or your account manager to explore this event in further detail as it relates to your strategic business priorities.

ADAPT