Infrastructure failures: Govt makes little headway on fixing weaknesses

Two widespread communications failures in the Northland storm and Otago within two days last week have again exposed the vulnerability of the country's critical infrastructure.

The outages came within hours of the government releasing its latest ideas about fixing the weaknesses exploited in each new disaster.

But its efforts have hit hurdles, according to Cabinet papers newly released to RNZ.

The papers show Infrastructure Minister Chris Bishop had "specific options" to improve investment by companies and reduce "overall costs borne by taxpayers and the economy more broadly from costly infrastructure failures", and that he wanted to put these options to the public last year for consultation.

But other Cabinet ministers raised concerns - which are blanked out in the OIA papers - and he withdrew his paper.

Bishop told RNZ he was not "blocked" from bringing in regulations last year.

"The work is now progressing in part through my upcoming programme on improving infrastructure asset management,"

New Zealand ranks second to Bangladesh in expected financial losses from natural disasters relative to GDP. Other official data showed 92 percent of respondents worried about severe weather, 88 percent about major earthquakes and 78 percent about cyber threats.

But critical infrastructure - such as power, water and fibreoptic lines, bridges, roads and cellphone networks - remained "insufficient" when disruptions hit, a discussion document about a new Emergency Management Bill said.

That document was released a week ago. A day later, the two most important phone and internet lines near Dunedin were cut - one by a contractor digging, and one by rats chewing through it on Wednesday - leaving One New Zealand considered if it needs a third cable.

At the other end of the country, Northland police were telling people on Thursday to use landlines after power cuts caused by ex-cyclone Tam disrupted cellphone networks.

This raised questions as power cuts cam also disrupt landlines.

The Far North's civil defence leader spoke up, calling for government action.

"Wave the big stick," said Kelly Stratford, who is also Far North deputy mayor.

Industry group Electricity Networks Aotearoa is now asking: "How many more trees need to fall on power lines before the rules change?"

Hokianga artist Lise Strathdee told RNZ on Tuesday she did not need to call 111 at any point in the storm, but she worried the country's communications systems were not up to the task.

"I don't think the status quo is good enough."

She heard One NZ telling its customers they could use their mobiles via satellite, but this would leave others out, and solutions should be for everyone.

"I think there's a lot of confusion," said Strathdee.

"It's best to just push forward and realise what are the most important things, and definitely I would have thought in emergency events, communications... is one of the number one priorities.

"So what can the government do to address the critical infrastructure?"

No 'gold-plating' assets

Bishop has said making critical infrastructure more resilient was one of his top six priorities.

Eighteen months ago, he intended to create "enforceable minimum resilience standards" for companies such as telcos, and also "information-gathering powers" for the government to know what companies had done - or not done - to improve cables, pipes and ports, Cabinet papers show.

But the discussion document on the new Bill does not mention "enforceable minimum resilience standards".

Bishop told RNZ that standards were among the "non-regulatory and regulatory options" he was exploring.

These included mandatory long-term capital plans and asset management plans; information disclosure requirements, including on performance and indicators; upskilling opportunities; minimum standards; and stronger scrutiny and monitoring, he said.

A series of Cabinet papers between July and December showed Bishop's attempt to consult the public was dropped mid-year.

In September, officials told Bishop they were looking at proposals "designed to keep costs of compliance as low as possible and avoid the gold-plating of assets".

Governments around the world are struggling with the costs from imposing higher standards to try to withstand earthquakes and floods, while digital networks also need to deal with multiplying cyber attacks - more than 7000 of them last year in this country.

The cost of not acting is huge - the North Island storms of 2023 killed 15 people, and Cyclone Gabrielle cost people almost half a billion dollars during a fortnight of power cuts.

The National Emergency Management Agency (NEMA) told the government in November: "The relative vulnerability of people, property and infrastructure is growing."

A Bill worked on by the last government from 2018 till 2022 would have imposed "contentious" new planning, reporting and information-sharing requirements for critical infrastructure entities.

But the Bill overall was widely seen as too weak, and was dropped by the new government last March.

The Telecommunications Forum industry group said it did not have a problem with minimum resilience standards, as long they were not prescriptive in a way that might hold back innovation.

Earlier this year, the forum called on the government to be much clearer about what it would or would not mandate them to do.

"We want some clarity," it told RNZ.

The Ministry of Business, Innovation and Employment has said the resilience of telecommunications infrastructure "sits with the network operators themselves".

After years of delays and multiple scathing inquiries into disaster responses, the new Emergency Management Bill is expected to be out in a few months and enacted in 2026.

But the discussion document also makes it clear that officials were still testing "whether we have accurately identified and defined the underlying problems" - nine months after Bishop tried to get a second round of public consultation going.

Bishop's options were "consistent" with legislation in Australia, a Cabinet paper said.

Australia imposed new obligations on operators across 11 critical sectors in 2018, including having to report back on compliance each year, with a big focus on cyber security.

One of Bishop's options was "a mandatory approach to risk management".

"However, Ministers raised a number of concerns... and the paper was withdrawn," said a briefing in December.

The options and the concerns were largely blanked out in the OIA.

"The slow pace of transformative change" was sure to concern many people, said Mark Mitchell, who is in charge of the new Bill.

Strathdee and other locals hit by storms have questioned why the landline copper cables that offered a backup system were being pulled out, if resilience was so crucial. The cables are expected to be all gone by 2030.

Chorus said last week's problems were with its roadside cabinets.

One problem is how to split the costs of resilience upgrades. The Cabinet papers put it this way: "Five well-understood market failures make resilience a competitive disadvantage" - meaning there is no requirement to tell consumers that one network is more resilient than another, so no way to give the investor in a stronger system a clear incentive.

Cabinet set up a new National Risk and Resilience Framework in December, which laid out 30 national risks and which agency was lead on each.

At the same time, Prime Minister Christopher Luxon approved his department withdrawing from its lead role on critical infrastructure overall, to focus on cyber security and on implementing the new framework.

Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.