Infrastructure resilience – the new imperative
Election Survey 2023
Chapman Tripp's perspective
By Mark Reese, Chapman Tripp
The failure of essential infrastructure in the weather disasters New Zealand has sustained in the last 18 months has put resilience firmly on the agenda for next term – regardless of the election outcome. Finance Minister Grant Robertson, announcing the creation of the National Resilience Plan with an “initial” budget allocation of $6 billion, said it was “unacceptable that basic lifeline services like telecommunications, power and transport links were knocked out for so long” after Cyclone Gabrielle.
The Government already has tools to monitor the emergency and risk preparedness of vital infrastructure providers, including the ability under the Climate Change Response Act to request that “reporting organisations” provide information on how they are adapting to the risks and opportunities arising from climate change.
The proposed National Planning Framework provided for in the Natural and Built Environment Act would provide another tool, although that may never eventuate given National’s pledge to repeal the legislation “by Christmas ”. But the Government has two other initiatives underway, which we expect would survive (in some form) a change of administration:
- The Strengthening the resilience of Aotearoa New Zealand’s critical infrastructure system discussion paper released in June by the Department of Prime Minister and Cabinet (DPMC), and
- The Emergency Management Bill (the Bill), with submissions due by 3 November (well clear of the election).
The DPMC consultation clearly draws on Australia’s Security of Critical Infrastructure Act 2018 and, like it, would extend the emergency system’s coverage beyond natural hazards to cyberattacks, espionage and terrorism and beyond traditional infrastructure to digital services, food and grocery providers and the financial sector.
The Bill would replace the Civil Defence Emergency Management Act 2002, which lists the lifeline utilities within its scope and is somewhat vague in terms of the expectations it has of them. The new approach under the Bill allows the Minister, subject to certain criteria, to recognise a “critical infrastructure” entity or sector by notice in the Gazette and would place detailed obligations on those entities, including:
- Reviewing and updating three yearly plans for functioning during and after an emergency,
- Proactively sharing information before, during and after emergencies with key government agencies and Emergency Management Committees,
- Establishing, reviewing and publishing “planning emergency levels of service” in respect of their critical infrastructure, and
- Reporting annually to the Director of Emergency Management regarding compliance with the legislation.
The DPMC review notes that a weakness of the current regime is that primary responsibility for determining the appropriate level of resilience sits with the infrastructure owners and operators and that their decisions are typically informed by pressure from consumers and their ostensible competitors to provide a minimum level of reliable service.
This captures the dilemma outlined by Professor of Construction Management Suzanne Wilkinson in a commentary for The Conversation: to be resilient, infrastructure must have both robustness and redundancy . Robustness means being able to withstand hazard events without significant damage. Redundancy means spare capacity (and runs directly against the just-in-time ethos that has dominated managerial culture since the 1970s). Both carry costs that will be passed on to customers who, while they would derive the benefit of greater reliability of service in a crisis, would not experience any improvement in day-to-day services.
Resilience building can be unattractive as a commercial proposition, particularly so in this case as the upward pricing pressure would land atop of a range of existing pressures arising from:
- Deferred investment creating a bow-wave of replacement and renewal capex (e.g., water),
- Inflation - both generally in the economy, and specifically in the construction sector due to tightening supply conditions and loss of capacity to emigration and insolvencies,
- Elevated interest rates (likely to remain for a considerable period), and
- The adaptation and climate-related expenditure (e.g., electrification) that we already knew was needed.
The comfort for potentially affected businesses is that the Government has indicated that it expects the concerns around the cost impacts of the Bill to be addressed by the select committee and that DPMC has said that, in designing options for reform, the Government will seek to lift resilience at the least cost through focussing, at least initially, on "lifting the floor" of critical infrastructure resilience and timing the introduction of any new regulatory requirements to align with investment plans, to the extent possible.
Deloitte's perspectives
By John Marker
The Government’s consultation on critical infrastructure resilience is a timely development given recent regulatory reforms in Australia and significant change in the operating environment. New Zealand’s critical infrastructure has always been vulnerable to natural hazards, but recent years have seen significant disruption from the pandemic and cyber vulnerabilities, in an increasingly tense international geopolitical environment.
This "new normal" should give policy makers, directors, executives, and asset managers, pause for thought. Have system settings or organisational practices evolved to meet the challenges of today?
Best practice is for critical infrastructure organisations to assess and uplift resilience through an "asset based, all hazards" lens. This recognises that assets are the foundation of critical services, and that the hazards impacting on asset resilience can emerge from the natural world, supply chains, personnel and cyber. These hazards need to be understood and assessed on a holistic basis.
The Australian Government has recently mandated an "asset based, all hazards" approach. This represents a marked departure from familiar enterprise risk frameworks. Elements of this thinking are apparent in our government’s latest consultation document. Critical infrastructure entities should be looking to understand this framework and its implications at an entity and sector level.
